What I love about our free and open Elastic SIEM is how easy it is to add new data sources. I’ve learned how to do this firsthand, and thought it’d be helpful to share my experience getting started. Last October, I joined Elastic Security when Elastic and Endgame combined forces. Working with our awesome security community, I’ve had the opportunity to add new data sources for our users to complement our growing catalog of integrations.

Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.

You don’t need us to tell you that fraud and financial crime is on the rise. A quick google search will give you endless stats to support this claim. Fraud losses are increasing as a percentage of revenue, and that direct impact on the bottom line isan area of laser focus for senior execs.

Many people are working from home (WFH) now and will be for at least the next few weeks. The VPN and TLS connections that remote workers rely on allow for secure access, and although these are not new connection types to monitor, the current WFH situation has created a significant increase in the number of these connections you must monitor. This new WFH scenario has made one thing easier: mobile users are no longer mobile.

During the past decade, security operations centers (SOC) have become an integral part of the cybersecurity programs of many organizations. When you think of a defined team spending all of its time managing security events and using consistent processes for remediation, you may envision a group of company employees who report to a CIO or CISO.

In most of our blogs, we spend a TON of time going on about protecting our endpoints, looking at sysmon, checking the firewall, correlating IDS data and the like… Today, we're going to shift gears a bit and look at security from a different angle. Recently, there has been a tremendous focus on the shifting paradigm of a workforce that primarily resides in corporate offices, to a highly virtual workforce sitting at their kitchen tables.

Many mature security teams look to the MITRE ATT&CK® matrix to help improve their understanding of attacker tactics, techniques, and procedures (TTPs) and to better understand their own capabilities relative to these common adversarial approaches. With the release of Elastic Security 7.6, Elastic SIEM saw 92 detection rules for threat hunting and security analytics aligned to ATT&CK.

With most of the country sheltering in place and so many people working remotely, work-life balance is taking on a new meaning and cloud infrastructure is taking a beating. The dramatic increase in daily activity and network use is creating both a visibility challenge and an operating model shift for already lean security teams.

We are excited to announce a new solution for our customers to monitor the performance, availability, and security of their Zoom video conferencing service. The Sumo Logic for Zoom app is available today in our app catalog. This new app will be added to our ‘Work From Home’ solution which is available for free, with no obligation.