Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

graylog

Why Is Normalizing Log Data in a Centralized Logging Setup Important: Operations & Security

Apr 25, 2022 By Jeff Darrington In Graylog
The phone rings. Your email pings. Your marketing team just told you about a flood of messages on social media and through live chat that there’s a service outage. You thought your Monday morning would be calm and relaxed since people are just returning from the weekend. How do you start researching all of these incoming tickets? How do you know which ones to handle first? Is this just a hardware failure, or are you about to embark on a security incident investigation like Log4j?
Read Post
datadog

Best practices for reducing sensitive data blindspots and risk

Apr 22, 2022 By Mallory Mooney In Datadog

Modern applications log vast amounts of personal and business information that should not be accessible to external sources. Organizations face the difficult task of securing and storing this sensitive data in order to protect their customers and remain compliant. But there is often a lack of visibility into the sensitive data that application services are logging, especially in large-scale environments, and the requirements for handling it can vary across industries and regions.

Read Post

Coffee Talk with SURGe: 2022-APR-19 MS-RPC Vulnerability, Lazarus, Pipedream

Apr 20, 2022 By Splunk In Splunk
This week Audra Streetman, Ryan Kovar, and Mick Baccio from Splunk discussed the latest security news, including the MS-RPC vulnerability CVE 2022 26809, a CISA alert about the North Korean state-sponsored Lazarus Group, and Sunday's 60 Minutes episode on the threat of Russian cyberattacks targeting U.S. critical infrastructure. Mick and Ryan also competed in a 60 second charity challenge to explain why Americans should be concerned about the potential for a Russian cyberattack targeting U.S. critical infrastructure.
View Video
splunk

The Upsurge in Ransomware Attacks in Australia and Opportunities to Protect Data

Apr 20, 2022 By Mark Troselj In Splunk

There are rare occasions when you open the news and don't find anything about cybersecurity in the headlines. According to the Australian Cyber Security Centre (ACSC), Australia has dealt with a cyberattack every 8 minutes in the financial year 2020-21, with over 67,500 cases of cybercrime registered in the same year. Studies indicate that ransomware is one of the most frequent and damaging types of malware leveraged by cybercriminals.

Read Post
graylog

Tools for Threat Hunting and IT Service Risk Monitoring

Apr 19, 2022 By Jeff Darrington In Graylog
Cybersecurity can often seem intimidating for IT teams. After all, things like “threat hunting,” “red teaming,” and “blue teaming” are not used in IT operations. On the other hand, just because these words are terms of art doesn’t mean that they’re activities you don’t do already. You’re probably already using log data as part of your IT operations incident response.
Read Post
graylog

Use Service Design in Operations Management to Enhance Security

Apr 13, 2022 By Jeff Darrington In Graylog
As an IT operations manager, you spend a lot of your time mitigating service outages and service level risks. You worked diligently to get the right people, products, processes, and partners in place to meet your goals. You managed to ensure continued uptime. You’ve reduced the number of tickets and the cost per ticket. And for your efforts, you’re rewarded with managing your company’s cybersecurity program. The problem? You’re not a security specialist.
Read Post
splunk

State of Security Research Details Essential Strategies for the Year Ahead

Apr 12, 2022 By Jane Wong In Splunk

This year, security teams face more challenges — old and new — and grapple with high rates of burnout. Cloud complexity, supply chain attacks and additional obstacles are pushing security teams to the limits, and inspiring new responses. New research points to key strategies that will help organizations weather the complex challenges and attacks ahead.

Read Post
splunk

You Bet Your Lsass: Hunting LSASS Access

Apr 7, 2022 By Splunk Threat Research Team In Splunk

One of the most commonly used techniques is to dump credentials after gaining initial access. Adversaries will use one of many ways, but most commonly Mimikatz is used. Whether it be with PowerShell Invoke-Mimikatz, Cobalt Strike’s Mimikatz implementation, or a custom version. All of these methods have a commonality: targeting LSASS.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.