As the world becomes more interconnected, the risk of large-scale cyber-attacks increases, especially for companies of critical importance such as those from the financial sector, healthcare, critical infrastructure, and government services. In the event of a cyberwar, the first casualties would be our data. Ironically, one of the sectors that neglect cyber security the most is healthcare. The other ones are the governments.

The necessity of a SIEM for organizations and their security teams has evolved dramatically over time. It has gone from edge use cases and compliance to the current form of threat detection, incident response, and threat hunting. As the use cases have changed, so has the architecture. As a result, organizations that have been quite familiar with running their SIEM on-premises are now looking for modern architectures to reduce the workload on their analysts. The simple choice: SaaS, of course.

Companies have increasingly allowed bring your own device (BYOD) policies to support remote work, but in today’s cybersecurity landscape, this trend has led to an increased attack surface. Each additional endpoint increases the potential for credentials to be compromised through credential phishing attacks. Hackers are leveraging this trend to conduct insider attacks, leaving businesses vulnerable to data breaches.

When the average organization experiences 26 cyber attacks per year, being prepared for the aftermath of a breach is just as important as prevention.

Most of the current SIEM, SOAR, and XDR solutions with integrated deep neural networks focus only on rough correlations that have no causal relationship, which often leads to testing of deep learning systems in real conditions that are significantly different from learning scenarios, and they often give many false-positive results.

A common question we receive is: should security orchestration, automation and response (SOAR) replace security information and event management (SIEM)? While the two technologies share some common components, they serve different purposes. As security teams look to modernize their security operations center (SOC) to meet the demands of cloud environments, automation is the key priority. To that end, it’s vital to understand the roles of both SIEM and SOAR.

22nd June 2022 Balchik, Bulgaria – LogSentinel received an award for “Most reliable vendor of the year” at this year’s biggest cybersecurity conference, hosted in Balchik, and organized by Computer2000, LogSentinel’s official reseller for the CEE area. LogSentinel presented “The Power of XDR, Staying Ahead of the Curve”. In the presentation, prof.