On March 2, 2021, Microsoft announced it had detected the use of multiple 0-day exploits in limited and targeted attacks of on-premises versions of Microsoft Exchange Server. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign—with high confidence—to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
In previous posts, we’ve written about two topics covered in the Devo eBook The Shift Is On, which presents the use case for centralized log management (CLM) in the cloud. First, we looked at the 5 best practices for security logging in the cloud. Next, we delved into the question of when your organization should adopt centralized logging. In our final installment, let’s examine the five key evaluation criteria for choosing the right CLM solution for your business.
Table of Contents:
00:22 - Activeboards Overview
01:12 - View vs edit mode
01:34 - Creating an Activeboard
01:47 - Adding content
02:36 - Modifying the data
03:19 - Sharing your Activeboard
Most security pros know the value of log data. Organizations collect metrics, logs, and events from some parts of the environment. But there is a big difference between monitoring and a true centralized log management. How can you measure the effectiveness of your current logging solution? Here are four signs that it’s time to centralize log management in your organization: This post is based on content from the new Devo eBook The Shift Is On.
The MITRE ATT&CK framework is a global curated knowledge base of adversary tactics and techniques. This post delves into the history of the ATT&CK framework and provides insights into why every SOC team can benefit from using it to develop threat models and methodologies to protect their organization.
Table of Contents:
00:00 - Introduction
00:49 - Using Finders - Learn more on https://bit.ly/3tXaCTD
01:31 - Using Free Text Query - Learn more on https://bit.ly/3jQpcaS
02:02 - Modify column selection
02:45 - Unrevealed columns (Extra) - Learn more on https://bit.ly/2OI6abb
Logs are critical for detecting and investigating security issues. They also provide essential visibility into business operating environments. Many organizations, when they are small and just starting out, can get away with using a local log server and storage to collect data. Almost all security teams start off with this kind of on-premises logging approach. Most teams use an open-source, homegrown solution for this type of short-term, small-scale log analytics.
In their debut LP, Q: Are We Not Men? A: We Are Devo!, the band introduces their defining theme that mankind’s evolution has reached the point—devolved to the point, actually—that we are converging on sameness… emotionless and robotic. This notion informed everything from the way Devo dressed (awesome!), to the music they wrote, to the way they performed. What does the band Devo’s theme of devolution have to do with me joining a software company of the same name?
Table of Contents:
00:00 - Introduction
00:08 - C&C concept
00:31 - C&C types
01:02 - C&C in SecOps
01:41 - C&C in SecOps: alerts
02:23 - C&C in SecOps: Triage
02:45 - C&C in SecOps: new investigation
03:14 - C&C in SecOps: associations
04:09 - C&C in SecOps: related alerts
04:49 - C&C in SecOps: Hunting
05:18 - C&C in SecOps: identify outbound traffic
The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the last in a series of posts highlighting the most important elements of the four steps. Previous posts covered Step 1, establishing a foundation of centralized, scalable visibility, Step 2, extracting intelligent insights from your data, and Step 3, supercharging your analysts with the power of automation.
