As your business evolves to serve more users, your applications and infrastructure will generate an increasing volume of logs, which may contain sensitive data such as credit card numbers, IP addresses, and tokens. When you collect sensitive data, you may be subject to laws such as GDPR—which restricts the transfer of personal data across borders, and you may face legal consequences if this data is exposed outside your infrastructure.

In late February 2024, Mandiant identified APT29, a Russian state-sponsored threat group, deploying a new backdoor called WINELOADER to target German political parties. This campaign marks a significant shift in APT29's targeting, as they have traditionally focused on government and diplomatic entities. The expansion to political parties suggests an evolution in the group's intelligence gathering priorities, likely influenced by the current geopolitical climate.

Given the recent exciting news of Splunk becoming part of Cisco, for this edition of Splunk SOAR Playbook of the Month, we thought what better way to showcase how the combination of Cisco and Splunk can help users achieve more comprehensive security than through a playbook that combines the power of Cisco Umbrella and Splunk SOAR.

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

Site reliability engineers (SREs) and security analysts — despite having very different roles — share a lot of the same goals. They both employ proactive monitoring and incident response strategies to identify and address potential issues before they become service impacting. They also both prioritize organizational stability and resilience, aiming to minimize downtime and disruptions.

If IT security is top-of-mind for you and your organization, asset and application discovery is critical — you need to know all of the assets you have in order to identify any areas of vulnerability.

As the cybersecurity landscape continually evolves, SOCs must quickly identify, evaluate, and counteract cyberattacks. In the heat of a security investigation or incident response, achieving rapid visibility and rich contextual insights about the attack are not merely advantageous, but essential.

When evaluating a SIEM, two key factors stand out: flexibility in data handling and open architecture. These two elements significantly enhance a platform’s efficiency and adaptability in managing cybersecurity threats. Whether you’re evaluating your current SIEM or looking for a more modern solution, here are five questions to ask to gauge its flexibility.

As the digital landscape continues to evolve, new cyber threats continue to emerge. It’s imperative to have safeguards in place early on in the product development process. That’s where Secure by Design comes in.