Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

Mac system extensions for threat detection: Part 1

When it comes to having visibility and detecting threats on macOS, one of the best sources of information for file system events, process events, and network events is the kernel. MacOS kernel extensions provide the ability to receive data about these events in real time with great detail. This is good for providing quick visibility into detecting anomalies and identifying possible threats.

The Role of Technology in the Modern SOC

Recently, Security Boulevard published an article I wrote about the role technology plays in the modern security operations center (SOC). It’s a topic near to my heart, since I began working in SOCs back when we were known as “computer incident response teams” (CIRT). Over the years, I’ve seen a lot of outstanding technologies hit the market that have contributed greatly to improving security teams’ ability to identify, investigate and respond to threats.

Top 5 Cybersecurity Predictions for 2020

With 2020 around the corner, we’re entering a new decade in the cybersecurity landscape. What does the future hold for security professionals? We’d like to ring in the new year with good news, but the truth is that hackers will become smarter and breaches will grow in scale and number, creating an even greater pressure for security teams to keep up. Read our five predictions for 2020 to understand what to look out for and how to prepare for the new decade.

The Policy Expert: Maximum Security Log Size

Maximum log size should be set to any kind of event logs, as part of your security policy. This configuration’s value is highly important for detecting attacks and investigating their source. Allocating insufficient storage space will lead to information loss of what happened in the network, therefore breaches could remain undetected.

Logs Are Back-and Other Takeaways from AWS re:Invent

This month Devo exhibited at the AWS re:Invent conference in Las Vegas. I asked a few Devo colleagues who attended the show for their insights about what they heard and saw. Among the many visitors to the Devo booth there were a lot of similar questions about log management and related topics. “There were many log vendors at the show, so people wanted to hear what makes Devo unique,” said Seema Sheth-Voss, vice president, product marketing, for Devo.

The New Sumo Logic AWS Security Quick Start

Security is a top concern for any enterprise to move their applications and workloads to the public cloud. AWS offers a broad selection of native security tools and as our Continuous Intelligence Report noted, AWS customers are using several of these to improve the security of their AWS environment. However, it can be overwhelming to know where to start and how to deploy best practices for detecting security misconfigurations caused by human errors and attacks from external sources.

SOCtails Episode 2 - Automate your Security Operations

Kevin has the “alert fatigue”. He’s overwhelmed by too many security alerts, and he doesn’t have the resources or the time to investigate and respond to all of them. Jeff explains how automation from Splunk Phantom can help. And now, with Phantom on Splunk Mobile, you can automate security operations directly from your mobile phone.

Considerations for taking the CompTIA Security+ exam

I recently took – and passed – the CompTIA Security+ exam (Sec+). Sec+ is a general introduction to multiple functional areas of security, ranging from network security to access control and identity management, for anyone looking to break into the space. For context, I have no previous training as a network or security professional, and my educational background was finance and Russian, nothing related to security.

Data Privacy Is Our Birthright - national cybersecurity month

Never before in history has the concept of identity been so vital. To a large extent, everything we rely on to live our lives depends on who we are… or perhaps more accurately, who we can prove ourselves to be. Our data has come to be the standard by which we define ourselves. Because this identity-defining data is online, the protection of our data is of paramount importance.