Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is easier for a scammer to do a bit of research online and identify the right people to impersonate or send a phishing email to.

As we’ve shown in a previous blog, search-based detection rules and Elastic’s machine learning-based anomaly detection can be a powerful way to identify rare and unusual activity in cloud API logs. Now, as of Elastic Security 7.13, we’ve introduced a new set of unsupervised machine learning jobs for network data, and accompanying alert rules, several of which look for geographic anomalies.

What is it about Devo that enticed you to join the company? If you look at my history, you’ll quickly realise I am passionate about two things: data and cybersecurity. One other passion that is not widely known is that I am a bit of a graph-processing fanatic. Solving problems in the modern security landscape isn’t just about collecting loads of data — which Devo does well — but how you can turn that data into actionable intelligence.

Let’s take a trip — back about eight years — when a Gartner analyst coined the term endpoint detection and response (EDR). He was describing security systems that both detect and investigate suspicious activities on computers and other devices and use automation to help security operations center (SOC) teams quickly identify and respond to threats. Since then, EDR has become a critical component of a modern security stack for organizations of all sizes.

In this blog post, we outline past and present threats to the Olympic Games and the steps that organisations can take to reduce the risks. With more than 11,000 athletes and 206 countries and states taking part, the delayed Tokyo 2020 Olympic Games are currently being watched around the world. This level of visibility makes the Games a target for those seeking to cause politically-motivated harm, enrich themselves, boost their profile or undermine the host nation on an international stage.

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure.