Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SIEM

The latest News and Information on Security Incident and Event Management.

Hardening Graylog Encryptify Your Log Supply

Dec 22, 2023 By Graylog In Graylog
Graylog Support Engineer Will Trelawny shares invaluable insights into enhancing Graylog security through encryption and authentication using transport layer security (TLS). He provides an in-depth and easy-to-follow walkthrough on setting up Graylog deployment configurations, encrypting communications, authenticating nodes, and securing the OpenSearch backend. The video also includes practical demonstrations on why and how to encrypt logs, authenticate log sources, and secure communication with OpenSearch. This video is an excellent resource for anyone looking to strengthen their Graylog security measures.
View Video
graylog

SIEM, Simplified

Dec 22, 2023 By The Graylog Team In Graylog
Do you need better insight into the overall state of your network security? Take a step back and look through the larger lens of the SIEM solution. Security information and event management (SIEM) is an approach to security management that combines two aspects: Coined in 2005 by Amrit Williams and Mark Nicolett of Gartner, the term SIEM now serves as a synonym for the gathering, analyzing, and presenting network and security information as well as external threat data and vulnerability management.
Read Post
Sponsored Post
eventsentry

Predict the Future! A universal approach to detecting malicious PowerShell activity

Dec 21, 2023 By Mariano Bruno In EventSentry

So, here’s the deal with AntiVirus software these days: It’s mostly playing catch-up with super-fast athletes — the malware guys. Traditional AV software is like old-school detectives who need a picture (or, in this case, a ‘signature’) of the bad guys to know who they’re chasing. The trouble is, these malware creators are quite sneaky — constantly changing their look and creating new disguises faster than AntiVirus can keep up with their photos.

Read Post
graylog

Feeding Your First SIEM with Graylog

Dec 20, 2023 By The Graylog Team In Graylog
Before diving into our blog post topic, allow me to introduce myself. My name is Joel and I work with the solution engineering team at Graylog. Our primary task is to work with our customers and prospective clients on how to manage and make the most out of Graylog in their respective IT environments. One of our main tasks is to identify the logs sources they should incorporate and the kind of volumes they should anticipate.
Read Post
elastic

M-21-31 logging compliance: Overcoming the 3 top challenges

Dec 19, 2023 By Leanne Link In Elastic
How US federal agencies can better meet advanced event logging requirements Recently, the US Government Accountability Office (GAO) released a study tracking US federal agencies’ progress on meeting the requirements set out in OMB M-21-31. Released in 2021, the Office of Management and Budget (OMB)’s M-21-31 memorandum provided guidance and requirements for federal agencies in order to improve centralized visibility into logging data before, during, and after cybersecurity incidents.
Read Post
sumologic

NIS2: Prepping your cybersecurity plan

Dec 19, 2023 By George Gerchow In Sumo Logic
If you are an organisation that operates or does business in the European Union (EU), then your team is likely preparing for the NIS2 Directive, an EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU and goes into effect on October 17, 2024. However, according to a survey by cybersecurity firm Sailpoint (and a Sumo Logic customer), only 34% of organisations in the UK, France, and Germany are prepared for NIS2.
Read Post
senseon

What Goes Into the Cost of a SIEM?

Dec 11, 2023 By Laura In SenseOn

As we’ve covered before, SIEMs are an expensive tool. The average enterprise-level SIEM deployment costs over £15 million a year, and operating a small, 100 to 1000-seat SIEM will still run up bills of over £10k monthly. SIEMs create spiralling costs that eat security budgets. Without a skilled team operating them, they can also make organisations less secure despite receiving more information about their digital estates. But where do these SIEM costs come from?

Read Post
Arctic Wolf

CVE-2023-36553: Critical OS Command Injection Vulnerability in FortiSIEM

Dec 11, 2023 By Andres Ramos In Arctic Wolf
On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorized commands. This vulnerability is caused by improper neutralization of special elements in FortiSIEM report server.
Read Post
Arctic Wolf

Why SIEM Is Not Right for SaaS Security

Dec 8, 2023 By Arctic Wolf In Arctic Wolf
When security information and event management (SIEM) tools came to the market over a decade ago, many practitioners considered the combination of information management and event management groundbreaking. Since then, the technology has gone through iterations to improve and enhance its capabilities, including the incorporation of user and entity behavior analytics (UEBA), machine learning and AI capabilities, and “out-of-the-box” configurations for smaller organizations to rely on.
Read Post
Subscribe to SIEM

Copyright © 2024 OpsMatters™. All rights reserved.