Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

SIEM Alerts Best Practices

Security Information and Event Management (SIEM) tools play a vital role in helping your organization in discovering threats and analyzing security incidents. Logsign’s internal team continuously makes correlation rules and alerts so that your team’s workload is minimized. In our previous posts, we discussed generating important reports and deriving maximum possible benefits from use cases. In this article, we will be discussing SIEM alerts best practices.

Announcing Polaris support for GitHub Actions

Security and development teams are increasingly adopting DevOps methodologies. However, traditional security tools bolted onto the development process often cause friction, decrease velocity, and require time-consuming manual processes. Manual tools and legacy AppSec approaches limit security teams’ ability to deliver the timely and actionable security feedback needed to drive improvements at the pace of modern development.

Detect Ransomware in Your Data with the Machine Learning Cloud Service

While working with customers over the years, I've noticed a pattern with questions they have around operationalizing machine learning: “How can I use Machine Learning (ML) for threat detection with my data?”, “What are the best practices around model re-training and updates?”, and “Am I going to need to hire a data scientist to support this workflow in my security operations center (SOC)?” Well, we are excited to announce that the SplunkWorks team launched a new add-

Detecting & Preventing Ransomware Through Log Management

As companies responded to the COVID-19 pandemic with remote work, cybercriminals increased their social engineering and ransomware attack methodologies. Ransomware, malicious code that automatically downloads to a user’s device and locks it from further use, has been rampant since the beginning of March 2020. According to a 2020 report by Bitdefender, ransomware attacks increased by seven times when compared year-over-year to 2019.

Zero Trust Architecture: What is NIST SP 800-207 all about?

“Doubt is an unpleasant condition, but certainty is an absurd one.” Whilst I claim no particular knowledge of the eighteenth-century philosopher Voltaire, the quote above (which I admit to randomly stumbling upon in a completely unrelated book) stuck in my mind as a fitting way to consider the shift from traditional, perimeter-focused ’network security’ thinking to that of ‘ZTA’ (Zero Trust Architecture.)

Deep packet inspection explained

Deep packet inspection (DPI) refers to the method of examining the full content of data packets as they traverse a monitored network checkpoint. Whereas conventional forms of stateful packet inspection only evaluate packet header information, such as source IP address, destination IP address, and port number, deep packet inspection looks at fuller range of data and metadata associated with individual packets.

Kubernetes Security

Containers and Kubernetes have revolutionized the way many teams deploy applications. But with the many benefits that these technologies provide come new challenges. Key among those challenges is security. By adding more layers and complexity to application environments, containers and Kubernetes create new opportunities for attackers and new security threats for Kubernetes admins to address.

Bitbucket vs GitHub [Updated for 2020]

If you boil it down to the most basic difference between GitHub and Bitbucket, it is that GitHub is focused around public code and Bitbucket is for private. GitHub has a huge open-source community and Bitbucket tends to have mostly enterprise and business users. Bitbucket vs Github: Two of the largest source code management services for development projects, offering a variety of deployment models from fully cloud-based to on-premise. Historically, they have taken different approaches to private vs.

Ransom Payments Could Result in Civil Penalties for Ransomware Victims

Victims of ransomware attacks could potentially receive civil penalties for making ransom payments to a growing list of threat actors. On October 1, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) revealed that it could choose to impose civil penalties on ransomware victims who make ransom payments to malicious actors whom it has designated under its cyber-related sanctions program.

Securely Growing Sales with Egnyte and Salesforce

When a company was directed by its board to grow revenue, the sales process badly needed to be improved. Hiring new sales staff simply is not enough, and rarely cost-effective. Confronted with this big task, sales teams and IT teams look for a solution that works with their existing ecosystem of tools. While seeking to revamp his sales processes, there are so many options, many companies don’t know where to start.