Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Threat hunting capture the flag with Elastic Security: BSides 2020

Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.

Audit Checklist for SOC 2

If your company is a service organization and your customers trust you with their data, you may need to pass a SOC 2 (System and Organization Controls 2) audit. Compliance and certification are the goals of a SOC 2 audit. Because the integrity, confidentiality, and privacy of your customers’ data are on the line, they’ll want you to prove that you have the internal controls in place to protect that data. The SOC 2 compliance audit gives them that assurance.

5 tips to avoid cyberattacks on EdTech platforms

As the COVID-19 pandemic rages on, many educational institutions have been forced to shift their on-campus classes to online classes. Various EdTech platforms have also launched free classes that have prompted students to try their hands on digital education. With more students turning to online learning than ever, these platforms have emerged as a lucrative target for cybercriminals.

The NIST Cybersecurity Framework: 5 core functions and how to align with them using AD360

The Cybersecurity Framework (CSF) was developed by the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce. This framework was created through collaboration between various private-sector and government experts to provide high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.

Being onsite for an assessment is better, but a lot of it is possible remotely

The way we shop for groceries has changed because of the unusual circumstances the world is in today. Instead of spending as much time physically in the store selecting our own items, we now have the option to order online and arrange for a time to pick them up, or better yet, have them delivered. Of course, there may be a few items you’d prefer to go in and see in person, like fresh produce.

What is endpoint protection? Endpoint security explained

5G is here and changing the way business is done. With this comes an increase of devices to take advantage of low latency and high bandwidth that will allow businesses to truly transform. Because of those devices, the attack surface is also rapidly expanding and will increase opportunities for bad actors. This new wave of endpoints presents both a business opportunity and a business risk. The need for proper endpoint protection is more important today than ever before!

Combating cyberthreats with a sound PAM strategy in 2020

In this on-demand webinar, we'll walk you through reasons a PAM program is necessary, introduce the typical PAM maturity curve, and discuss real-world use cases on how a PAM program will fit into your overall enterprise IT operations. In addition, we'll look at ManageEngine's strategy and offerings to help you build a sound, foolproof PAM program.

Simplify Your Security Operations

Overwhelmed by complexity when it comes to Cybersecurity? Simplify your security operations with Arctic Wolf. One platform, delivered by experts, 90% less IT effort, and 24x7 security operations. Spanning thousands of installations, the Arctic Wolf® Platform processes over 65 billion security events every day. Collecting and enriching endpoint, network, and cloud telemetry, and then analyzing it with multiple detection engines. Machine learning and custom detection rules then deliver personalized protection for your organization.

A Big Catch: Cloud Phishing from Google App Engine and Azure App Service

Threat actors are leveraging top tier cloud apps to host phishing baits. Netskope Threat Labs has identified an ongoing O365 phishing campaign hosted in Google App Engine with the credential harvester mostly hosted in Azure App Service. This phishing campaign typically targets O365 users via phishing emails with a direct link or attachment.

SSH vs. kubectl exec

Let’s have a look at two popular ways of opening remote shells: the good ol’ ssh and its modern counterpart, kubectl exec. Below, I will only look at the “kubectl exec” subcommand and its friends. kubectl itself is a swiss-army knife for all things Kubernetes. Comparing all of it to ssh is like comparing systemd to BSD init. Also, I will use “SSH” to mean “OpenSSH”, which is the de-facto standard for SSH protocol implementation.