Cybersecurity is increasingly becoming a topic for legislators, especially for the public sector, critical infrastructure, healthcare, education, the financial and insurance sectors. In the US, in addition to several federal laws (HIPAA, HITECH, GLBA, SOX, FISMA, CISA), there are many state-level laws that impose some level of cybersecurity requirement (we have excluded the ones regarding election security in particular, as that’s a separate topic of discussion)

Threat intelligence has been a very important asset to cybersecurity- knowing in advance some properties of malicious actors is key for preventing security incidents. Most typically these properties are IP addresses, domains, emails and file hashes, and being able to compare them to what’s happening in your infrastructure allows for quick response and prevention.

LogSentinel’s vision is to provide a security monitoring solution to any organization that needs it and thus reduce their risk of security breaches. That vision requires many innovations and here we’re sharing our high-level roadmap for the next 2 years. Each part of LogSentinel SIEM roadmap is accompanied with a detailed list of stories in our backlog so that can be easily brought to market.

Security breaches are becoming increasingly commonplace and dangerous. The World Economic Forum nominated cyber-attacks as one of the major threats to global stability for 2019. Not only money is at stake, as breaches have an appalling effect on organizations’ reputation, trustworthiness, and often prove to a business killer. Most important, however, is the data – our personal data that once stolen is available to cybercriminals to exploit.

This week the US government as well as many enterprises were hit by a cyber attack, dubbed Solorigate, via the SUNBURST backdoor. Fireeye (also a victim of the attack) has done a great analysis of how the attack works, and we recommend reading it. But we’ll focus on a couple of takeaways instead of the precise details of how it worked. What we can learn from it in order to improve our cybersecurity posture.

The events of 2020 brought us unprecedented challenges that no one was prepared for, changing the way we live, work, and communicate, impacting the global economy, all geographic regions, and every single industry. In such a downturn cybercrime flourishes, especially when organizations move most of their operations and processes online.

Many people, when reviewing their security strategy, ask the question “is SIEM suitable for my organization”, or simply “is SIEM right for me?” And for a long time, the answer was “no unless you are a large multinational”. The price, the complexity and the hard-to-get value made SIEM a category suitable only for the big corporations with large security teams and budgets.

There’s an unwritten rule that every machine that becomes visible on the internet is under attack in under 5 seconds. We recently deployed our LogSentinel SIEM honeypot with one of our customers and that rule proved correct – immediately malicious requests from all over the world started pouring in, on almost all the protocols that we support – SSH, RDP, SMB, HTTP, and they haven’t stopped since.