Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How much value are you really getting from your logs, and what are you giving up to stay on budget? In this episode of Logs and Lattes, host Palmer Wallace sits down with Seth Goldhammer, VP of Product Management at Graylog, for a candid conversation about the hidden cost of traditional SIEM pricing. Seth explains how ingest-based and resource-heavy licensing models pressure security teams into tough tradeoffs, such as dropping logs, tuning down detections, or limiting retention just to avoid budget overages.

Why do people take shortcuts in security, and how can we prevent them? Join us for a special live episode of Arctic Wolf SOCast as our experts unpack the psychology behind risky security behaviors and explore how AI is influencing decision-making in today’s workplaces. We’ll also reveal new data on how IT leaders and employees are using tools like ChatGPT and other generative AI platforms, and what that means for your organization’s security posture.

Adam Dudley, Nucleus VP of Strategy and Alliances, provides some background on the Common Vulnerability Scoring System (CVSS) version 4.0 in this Nucleus conversation. He discusses the improvements made in the new version, the evolving role of CVSS in vulnerability management, the limitations practitioners face, and the future of scoring systems in the context of emerging technologies like AI. The conversation emphasizes the importance of context and quality inputs in effectively utilizing CVSS for risk assessment.

Richard Bejtlich sits down with Vince Stoffer, Corelight's Field CTO, to dive into the recent wave of cyberattacks attributed to Chinese threat actors, known as "Typhoon" groups. Vince unpacks the distinctions between "Volt Typhoon," targeting critical infrastructure sectors such as energy and transportation, and "Salt Typhoon," which is infiltrating telecommunications networks for espionage. The conversation explores the evolving tactics, techniques, and procedures (TTPs) used by these groups, including their exploitation of zero-day vulnerabilities and outdated infrastructure.

his week on the podcast, we have our resident ransomware expert, Ryan Estes, on to give an update on the latest in the ransomware ecosystem. We cover a few recent changes to operators, extortion techniques, and business impact from ransomware attacks in recent months.

Datadog Detect is a virtual mini-conference dedicated to helping security teams modernize detection and response by applying engineering best practices. Hear talks from industry experts, including security researchers and engineers at Datadog, Red Canary, and Corelight to learn about building scalable, effective security operations.

In their talk, Katie Nickels (Sr. Director of Intelligence Operations) and Jesse Griggs (Sr. Threat Researcher) from Red Canary show you how to adapt an endpoint detection mindset to the cloud, specifically focusing on pre-impact TTPs and building robust cloud detections.

Kubernetes is powerful — but let’s be honest, managing access and identities across users, clusters, kubectl sessions, RBAC rules, CI/CD pipelines, and AI agents can feel like wandering through a corn maze in the dark. Static kubeconfigs, sprawling IAM roles, and long-lived credentials are the cobwebs and skeletons cluttering your path to secure, scalable infrastructure.

Is your VMware environment secure? A sophisticated backdoor called BRICKSTORM, used by espionage actor UNC5221, could be hiding in your vCenter backups right now. Restoring from a compromised snapshot means letting the attackers right back in. But what if your backups could be your best defense? In our new 4-minute demo, we walk through the exact steps to: Proactively hunt for BRICKSTORM within your backups using YARA rules. Instantly quarantine infected snapshots to stop the threat from spreading. Identify a guaranteed 'Gold Copy' for a fast, safe, clean-room recovery.

Defender Fridays - Modern SecOps: What an AI-Ready SOC Actually Means with Dr. Anton Chuvakin Join us for this week's Defender Fridays as we explore what it actually means to build an AI-ready SOC with Dr. Anton Chuvakin, Security Advisor at the Office of the CISO for Google Cloud. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.