The platform approach in cybersecurity is gaining traction. However, it’s becoming clear that two very different models of platformization are in play. In this piece, we’ll talk about platformization in cybersecurity, the two major approaches to security platforms, and what it all means for the future of cybersecurity.

In a guest blog post, Aaron Jewitt, Principal Detection Engineer at Elastic, walks us through a Tines workflow he built to improve the efficiency of his team's automated alert triage processes. He recently shared how his InfoSec team uses Tines to automate alert triage over on Elastic's blog, which makes a great companion piece to this post.

Since April 2024, Arctic Wolf has been tracking an ongoing campaign by Black Basta ransomware group affiliates leveraging Microsoft’s Quick Assist for initial access. The Black Basta affiliates have been conducting vishing (voice phishing) attacks by impersonating IT or help desk personnel, claiming they need to fix an issue on the victim’s device. In other instances, the threat actors leverage an email bomb attack to flood the victim’s mailbox with emails from subscription services.

In 2023, the FBI’s Internet Crime Complaint Center (IC3) received 21,489 BEC complaints with adjusted losses over $2.9 billion USD, according to their 2023 Internet Crime Report. By way of comparison, ransomware, the cyber attack that grabs all the headlines and keeps IT and security teams up at night, accounted for only 2,825 complaints, with adjusted losses of less than $60 million USD.

It had already been a challenging few weeks for Live Nation Entertainment, Inc. as they faced down a lawsuit from The Justice Department regarding anti-competitive practices. Things got worse at the end of May when a cybercriminal known as “SpidermanData” claimed to have breached a huge database of 560 million records (including personal and financial data) belonging to TicketMaster Entertainment, LLC – a Live Nation company.

Every day, in a high-stakes race against the clock, protectors must hunt down and stop threats before damage is done. As adversaries work faster and smarter, protectors must operate with greater agility. But legacy SIEMs are holding them back. Designed decades ago when log volumes and adversary speed were a fraction of what they are today, legacy SIEMs hinder investigations with agonizingly slow search speeds.

Logging was once just a best practice to help you understand what's happening inside your applications. Now, any security expert worth their salt will tell you that you can’t build a security plan without it. As a result, organizations have turned to specialized logging tools like Log4J to strengthen their application security. This move has proven highly effective, with cyberattack risks on businesses dropping from 44% in 2022 to 34% in 2023.

Let’s keep it real: security compliance often makes your DevOps team feel strained. This burden spans multiple security sub-domains, such as information, network, and endpoint security, and specific security configurations, such as Identity and Access Management (IAM). Restraining budgets and ambitious expansion plans make it even more tempting to brush security under the rug until it becomes a challenge too big to ignore.

Let’s be honest: some software development changes are bound to fail. The increasing reliance on software systems means that the frequency and complexity of changes are constantly increasing. While you can’t always have pitch-perfect processes, you can bounce back quickly- and, thankfully, there’s a way to measure that. Change Failure Rate (CFR) is one of the four key metrics of DORA Metrics.

In programming, the term idempotence may sound like a complex and arcane concept reserved for mathematical discussions or computer science lectures. However, its relevance stretches far beyond academia. Idempotence, also called idempotency, is a fundamental principle that is pivotal in ensuring software systems’ predictability, reliability, and consistency.

Credential stuffing is shaping up to be one of the most predominant hacking methods of 2024. In early June, Ticketmaster fell victim to a data breach via credential stuffing, exposing information from 560 million customers. Credential stuffing attacks involve using stolen usernames and passwords to access accounts. In these attacks, threat actors also often use automation to try different combinations of credentials until they find a successful match.

Prioritization in vulnerability management is not just about fixing problems but fixing the right problems at the right time. Not all vulnerabilities have the same level of risk. But gathering details to understand vulnerability impact takes time, a huge challenge for already overworked staff. Many are forced to work backward, taking critical issues obtained from 3rd party sources like CISA KEV or a Reddit forum and then search for assets that it may apply to.