Have you ever been around someone who is just better at something than you are? Like when you were in school and there was this person who was effortless at doing things correctly? They had great study habits, they arrived on time, they were prepared and confident in the materials that they studied in class, and they were a consistently high performer at every stage?

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53. NIST SP 800-53 provides a catalog of cybersecurity and privacy controls for all U.S. federal information systems except those related to national security. The IT security controls in the “NIST SP 800-171 Rev.

In part one of this two-part blog series, we discussed seven reasons security configurations are an important part of an organization’s security posture. In this part, we’ll look at eight security configurations that can help with ensuring comprehensive control over the endpoints, avoiding vulnerabilities, deploying security configurations, and automating a number of verticals of endpoint security.

What I love about our free and open Elastic SIEM is how easy it is to add new data sources. I’ve learned how to do this firsthand, and thought it’d be helpful to share my experience getting started. Last October, I joined Elastic Security when Elastic and Endgame combined forces. Working with our awesome security community, I’ve had the opportunity to add new data sources for our users to complement our growing catalog of integrations.

While the real world of forensics is much different from your favorite primetime drama, it’s becoming an increasingly important field for the digital sphere. Cybercriminals leave a trace just like real-world offenders, so it’s important to use digital forensic tools that can identify, address, and resolve potentially fraudulent or harmful activities. Keep reading to learn more about digital forensics, and the tools your company needs to stay protected.

The Splunk Security Research Team has been working on new improvements and additions to the Splunk Attack Range, a tool that allows security researchers and analysts to quickly deploy environments locally and in the cloud in order to replicate attacks based on attack simulation engines. This deployment attempts to replicate environments at scale, including Windows, workstation/server, domain controller, Kali Linux, Splunk server and Splunk Phantom server.

The Report Sheds Light on Data Loss Prevention Challenges and Identifies the Use Cases for Integrated DLP vs. Enterprise DLP Solutions. A recent report published by Gartner titled “How to Choose Between Enterprise DLP and Integrated DLP Approaches” (Gartner subscription required) found that “the data loss prevention market includes products with DLP capabilities integrated in security products or SaaS applications, as well as cohesive enterprise DLP suites.

When it comes to organizations incorporated and operating out of the United States, General Data Protection Regulation (GDPR) compliance can be confusing. Many people struggle to understand what exactly is the GDPR and whether it applies to all organizations. On May 25, 2018, the European Union (EU) via the European Parliament, signed into law the GDPR, to an enhance Directive 95/46/EC.

Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.