Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Managing vulnerabilities can feel like the end of the first act of Les Misérables as you sing to yourself, “one day more, another day another vulnerability.” Like Jean Valjean, you attempt to put up barricades to protect your environment from attackers exploiting these security weaknesses. Keeping pace with the number of vulnerabilities and threat actor activities becomes overwhelming, leaving you to feel outnumbered and outmanned.

Imagine that you have a snack you want to eat while watching a movie on a Friday night. You look in your kitchen, only to find the snack missing. Whether a roommate hid the snack or ate it, you no longer have access to it, disrupting your evening plans. This destructive behavior interrupts your weekend objectives, but it’s pretty low stakes overall.

Responding rapidly to cyber threats is a make-or-break capability in today’s high-stakes security environment. A missed alert can quickly escalate a minor incident into a major crisis, jeopardizing your organization’s critical assets and hard-earned reputation. A recent IBM study revealed that companies took an average of 237 days to identify a data breach in 2021 — an inexcusable delay that could invite catastrophic consequences. (Source: IBM Cost of a Data Breach Report 2022)

Security incidents and data breaches are the cybersecurity version of the definition of squares and rectangles in geometry. While all data breaches are security incidents, not all security incidents are data breaches. Before investigating an incident, many security teams know whether the alert will relate to a minor incident or a large-scale breach.

The 2020 EU Cybersecurity Strategy, published by the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy, aimed to establish safeguards against security risks arising from increased digital connectivity. As part of the strategy, the strategy included updates to Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2).

Being a security analyst tracking down threats can feel like being the Wile E. Coyote to an attacker’s Road Runner. You’re fast, but they’re faster. You set up alerts, but they still manage to get past your defenses. You’re monitoring systems, but they’re still able to hide their criminal activities.

Application Programming Interfaces (APIs) allow your applications to talk to one another, like an application-to-application iMessage or Signal. If you’ve ever texted a message to the wrong group chat, you’ve created a situation that mimics what broken function level authentication does between users and applications.

As a kid, treasure hunts were fun. Someone gave you clues and a map so you could hunt down whatever hidden item they left for you. However, as a security analyst, your incident investigations often have clues but lack a map. An alert fires. You search through your vast collection of log data. You hope to find the next clue while trying to figure out the attacker’s next steps.

I’m thrilled to share some incredibly exciting news – Graylog’s v6.0 is officially here! It’s been quite the journey getting to this point, filled with late nights, endless cups of coffee, and an unwavering commitment from our amazing team. As we unveil this latest version, I can’t help but reflect on how far SIEM technology has come over the past two decades. Gone are the days when Intellitactics and NetForensics reigned supreme.