I was asked a very interesting question during an interview yesterday, and the more I think about it the more I thought it would make an interesting thought piece.

On April 7, 2020, the San Francisco International Airport (SFO) released a notice confirming that two of its websites, SFOConnect.com and SFOConstruction.com, were targets of a cyberattack in March 2020. The attack has been attributed to a hacker group that was attempting to steal the Windows logins of the airport’s employees. When we hear news about cyberattacks, a few typical, yet crucial questions spring to mind: How did the attackers perform the cyberattack?

The news cycle is full of third-party data breaches and data leaks. And for a good reason, they often expose the protected health information (PHI) and personally identifiable information (PII) of thousands or even hundreds of millions of people. Cyber attacks and misconfiguration are more common than ever before. Organizations need to invest in tools to prevent data breaches and reduce cybersecurity risk: particularly risks that involve third and fourth-parties.

Cyber attacks, misconfiguration, and data leaks are more common than ever before. Our news cycle is full of first and third-party data breaches that expose the protected health information (PHI) and personally identifiable information (PII) of thousands or even hundreds of millions of people. Not only are data breaches more common, but they're also more costly. The average cost of a data breach is now nearly $4 million globally.

Are you finding it increasingly challenging to manage your organization’s regulatory submission process? The entire process of developing a drug from preclinical research to marketing takes approximately 12 to 18 years and can cost billions of dollars before a drug is even approved.

If you want to skip ahead to see the MITRE ATT&CK eval round 2 results visualized in an easy-to-configure Kibana dashboard, check it out here.

Six months ago we celebrated the joining of forces between Endgame and Elastic under the banner of Elastic Security and announced the elimination of per endpoint pricing. Simultaneously, while the newest members of Elastic Security were getting acquainted with the Elastic SIEM team, a few of our analysts were locked away in an office at MITRE HQ for round 2 of MITRE’s APT emulation.

Being able to detect and block a suspicious IP address is one of the most essential skills a cyber security specialist must have. Read our article to learn more about the detection of suspicious IP addresses.

Ransomware is a serious threat to institutions of all kinds, resulting in mounting costs for organizations that must literally pay ransom to regain access to their essential systems. A ransomware attack takes place when a cybercriminal denies an organization access to the data it needs to conduct business, usually by encrypting the data with a secret key. The attacker then offers to reveal the encryption key in exchange for a payment. The payment can vary in amount or kind.

About the time that Bitcoin was becoming a household name in the cryptocurrency business, an associated up-and-coming technology called blockchain was making waves and being hailed as the next big thing. Then it all but disappeared from the pages of the tech journals and websites. In other words, the big splash never materialized. Looking back, the problem was that it was so new and revolutionary that nobody knew what to do with it yet.