We’re excited to announce that ManageEngine has been recognized as a Customers’ Choice in 2020 Gartner Peer Insights “Voice of the Customer’: Security Information and Event Management (SIEM) for the second time. This is in addition to our recognition in Gartner’s Magic Quadrant for Security Information and Event Management, 2020 for four consecutive times. We are thrilled to be named this recognition yet again. What better way to be recognized than by our customers?

Customers regularly ask me what types of data sources they should be sending to their SIEMs to get the most value out of the solution. The driver for these conversations is often because the customers have been locked into a SIEM product where they have to pay more for consumption. More log data equals more money and, as a result, enterprises have to make a difficult choice around what log sources and data are what they guess is the most important.

Ever since JASK was founded, we have heavily integrated with threat intelligence platforms to gain context into attacker activity through indicators of compromise (IOCs). Now that we have joined Sumo Logic, our customers have the ability to pull in more data than ever making this feature even more powerful. One of our tightest integrations is with the Anomali (formerly ThreatStream) platform.

Unless you’ve been living under a rock you are probably familiar with the recent Shadow Brokers data dump of the Equation Group tools. In that release a precision SMB backdoor was included called Double Pulsar. This backdoor is implemented by exploiting the recently patched Windows vulnerability: CVE-2017-0143. For detection, we are going to first focus on the backdoor portion of the implant, hunting for traces left behind on the network.

The Australian Cyber Security Centre (ACSC) recently published an advisory outlining tactics, techniques and procedures (TTPs) used against multiple Australian businesses in a recent campaign by a state-based actor. The campaign — dubbed ‘copy-paste compromises’ because of its heavy use of open source proof of concept exploits — was first reported on the 18th of June 2020, receiving national attention in Australia.

Our digital surface is expanding rapidly and threats are becoming more sophisticated day by day. This is putting enormous strain on security teams, which have already been stretched to the limits. Nonetheless, organizations are skeptical of relieving this cybersecurity strain with AI and automation. Why does this situation persist when it’s simply against the logic?