Setting the maximum log size for event logs is crucial for your security policy. Proper configuration helps detect attacks and investigate their sources. Insufficient storage can result in information loss and undetected breaches. This article covers everything you need to know about configuring maximum security log size. Server hardening can be labor-intensive and costly, often causing production issues.

Devo recently brought together an esteemed panel of modern CISOs to discuss the issues that matter most to them and their peers. Included in the panel were: It was a lively discussion that covered important topics around the evolution of one of the top security executive roles. Here are five of the key takeaways that bubbled up from the hour-long CISO panel.

Managed Detection and Response (MDR) services occupy an important niche in the cybersecurity industry, supporting SMBs and enterprise organizations with managed security monitoring and threat detection, proactive threat hunting, and incident response capabilities.

Imagine that you have a snack you want to eat while watching a movie on a Friday night. You look in your kitchen, only to find the snack missing. Whether a roommate hid the snack or ate it, you no longer have access to it, disrupting your evening plans. This destructive behavior interrupts your weekend objectives, but it’s pretty low stakes overall.

Responding rapidly to cyber threats is a make-or-break capability in today’s high-stakes security environment. A missed alert can quickly escalate a minor incident into a major crisis, jeopardizing your organization’s critical assets and hard-earned reputation. A recent IBM study revealed that companies took an average of 237 days to identify a data breach in 2021 — an inexcusable delay that could invite catastrophic consequences. (Source: IBM Cost of a Data Breach Report 2022)

LNK (shortcut) files are a common starting point for many phishing campaigns. Threat actors abuse the unique properties of LNK files to deceive users and evade detection and prevention countermeasures, making them potent tools for compromising systems and networks. In this blog, we'll provide an in-depth analysis of recent LNK phishing campaigns, examining the tactics, techniques, and procedures (TTPs) employed by threat actors.

Analysts rely on User and Entity Behavior Analytics (UEBA) tools to track anomalies, investigate incidents, and respond to cybersecurity threats. However, the varying nature of user and entity behaviors across different organizations means that predetermined thresholds often fail to account for unique baselines. Even within the same environment, temporal variations can cause significant differences in monitoring signals.

Credential stuffing is shaping up to be one of the most predominant hacking methods of 2024. In early June, Ticketmaster fell victim to a data breach via credential stuffing, exposing information from 560 million customers. Credential stuffing attacks involve using stolen usernames and passwords to access accounts. In these attacks, threat actors also often use automation to try different combinations of credentials until they find a successful match.