Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

According to Forrester Research, “How do we reduce our SIEM ingest costs?” is one of the top inquiries they receive from clients. Many security organizations rely on SIEMs for their detection, investigation, and response workflows, ingesting critical security information and events to detect and respond to threats.

Do you ever feel overwhelmed by the number of data sources you manage with your SIEM? How do you piece together different pieces of the puzzle like SOAR, threat intelligence, and security tools for endpoint, cloud, or identity? Do you actually know which tools are strengthening your security posture, and which are just adding more complexity?

When running a cybersecurity operation for an organization, there are numerous competing priorities—and the CISO is responsible for striking an intricate balance between them. Of course, the overall security posture is imperative, as are the organization’s broader business objectives. The CISO has to determine the organization’s tolerance for risk, while simultaneously understanding the most essential security use cases for the business and establishing protections for them.

A structured approach to incident response enables you to create consistently repeatable processes. Your incident response playbook defines responsibilities and guides your security team through a list of activities to reduce uncertainty if or when an incident occurs. MITRE ATT&CK Framework outlines the tactics and techniques that threat actors use during different stages of an attack.

Integrating Privileged Access Management (PAM) with Security Information and Event Management (SIEM) solutions offers many benefits for organizations, including enhanced threat detection, improved visibility, reduced risk of insider threats, simplified compliance and more. Continue reading to learn more about the benefits of integrating PAM with SIEM solutions and best practices for integrating the two.

Sensitive data theft is among adversaries’ most common goals. For defenders, data exfiltration can lead to the compromise of customer data, public exposure of trade secrets, and potentially permanent business and reputational damage. Victims of data exfiltration may also face legal issues for non-compliance with data protection laws. This must be a top concern for businesses.

Collaboration platforms like Atlassian Jira and Atlassian Confluence contain sensitive company and employee data, making them critical targets for cyberattacks. Teams use Jira to track and manage projects, and rely on Confluence as an internal knowledgebase for documentation, company policy guides, team wikis, and more. Atlassian organizations, which provide a centralized place for admins to manage their Atlassian products and users, are also prime targets.

Researchers at AhnLab Security Intelligence Center (ASEC) recently published a report on the Andariel threat group, a DPRK state-sponsored APT active for over a decade, that has been leveraging RID hijacking and user account concealment techniques in its operations to stealthily maintain privileged access to compromised Windows systems.