Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re excited to announce the evolution of our SIEM solution, Log360, into a unified security platform. ManageEngine Log360 has adopted an open API-compatible architecture, allowing for expanded capabilities, seamless integration, and the ability to customize both data reporting and the underlying framework. This upgrade empowers you to extend the solution beyond its predefined functionalities, helping you unify and streamline security operations.

As cybersecurity threats evolve and regulatory requirements tighten, organizations worldwide are turning to NIST (National Institute of Standards and Technology) frameworks to strengthen their security and risk management strategies.

As organizations move to the cloud, achieving FedRAMP compliance becomes a critical requirement for security and risk management. The framework mandates rigorous security controls across risk assessment, incident response, system integrity, audit logging, and continuous monitoring. AppTrana WAAP (Web Application and API Protection) helps organizations address these controls by offering comprehensive security measures, including vulnerability scanning, continuous monitoring, and attack prevention.

While many organizations focus on mitigating external cyber threats, insider threats can target privileged accounts with elevated access to sensitive data or systems. Based on Cybersecurity Insiders’ Insider Threat Report, 83% of organizations suffered at least one insider attack in 2024.

In today’s digital landscape, network failures and data breaches are not just technical headaches or concerns for CISOs only, they can trigger major legal consequences. Regulatory agencies are sharpening their focus on cybersecurity, and class-action lawsuits, hefty fines, and reputational damage are real risks. For legal teams and boards, ensuring compliance, conducting robust due diligence, and being ready for litigation is not optional; it is a must.

DNS is the backbone of the internet, translating domain names into IP addresses to facilitate communication between devices. However, cybercriminals exploit DNS to create covert channels for data exfiltration and command-and-control (C2) operations using DNS tunneling. This technique allows attackers to bypass security measures by disguising malicious traffic as legitimate DNS queries. As DNS-based attacks continue to rise, securing DNS traffic has become a priority for organizations worldwide.

Digital forensics methodology is a scientific approach that uncovers and interprets electronic data while you retain control of its integrity for legal proceedings. This systematic process of digital forensics helps reconstruct criminal events with scientific precision by identifying, collecting, and analyzing digital information. The methodology follows a well-laid-out framework that confirms evidence authenticity and admissibility in court.

In November 2024, I participated in SCinet with the Network Security team at SC24. My job was supporting Corelight sensors and threat hunting using the data the sensors produced. This engagement allowed for a very constructive comparison between the networking challenges at SC and Black Hat USA, where I had the honor of working in the Network Operations Center (NOC) a few months earlier. At SC, I felt immersed in the cutting-edge world of research computing with people showcasing the fastest everything.

Organizations across nearly every industry have become reliant on third-party relationships to accomplish their business operations. You’d be hard-pressed to find an organization that doesn’t partner with at least one third-party vendor. However, this growing reliance on vendors has also created an evolving threat landscape—vendors are now prime targets for cyberattacks.

Managing access across multiple AWS accounts is a popular approach to isolating workloads and data. While it provides several benefits to organizing the various operational requirements for the environment, it introduces additional complexity for managing IAM policies and workload permissions. A primary concern is assigning too many permissions to any one source, which increases the risk of an attacker moving within the environment undetected.