|
By The Graylog Team
Organizations have grappled with the cost-benefit tradeoff of log management and Security Information and Event Management (SIEM) for decades. Do you capture every log at the risk of overwhelming storage, infrastructure, and license costs, or limit your collection and gamble on what’s truly important? The high costs imposed by traditional vendors have dictated Sophie’s choice, forcing enterprises into a game of compromise that risks the entire organization’s security.
|
By Jeff Darrington
If you have ever built a LEGO set, then you have a general idea of how telemetry works. Telemetry starts with individual data points, just like your LEGO build starts with a box of bricks. In complex IT environments, your security telemetry is spread across different technologies and monitoring tools, just like in a large build your LEGO bricks come separated into smaller, individually numbered bags. In both cases, the individual bricks or data points aren’t special.
|
By Jeff Darrington
In life, you get a lot of different alerts. Your bank may send emails or texts about normal account activities, like privacy notices, product updates, or account statements. It also sends alerts when someone fraudulently makes a purchase with your credit card. You can ignore most of the normal messages, but you need to pay attention to the fraud alerts. Security is the same way.
|
By Jeff Darrington
Illicit streaming devices have become an unnoticed yet significant threat in many households and corporate environments. These devices, often advertised with wild promises of free access to premium content, have a dark side that many users might not be aware of. They operate much like the “black boxes” of the 1990s, offering access to pay-per-view events and premium channels at suspiciously low costs.
|
By Jeff Darrington
Imagine, for a moment, that your IT environment is the Death Star. You know the rebels will try to rescue Princess Leia. If you’re Darth Vader, you need systems that detect Luke and Chewbacca when they gain unauthorized access and systems that prevent them from accessing the Death Star. As a security analyst, you have varied technologies that detect and prevent malicious actors from gaining unauthorized access to your networks.
|
By The Graylog Team
2024 was a thrilling year for Graylog Capture The Flag (CTF) events! Across major cybersecurity conferences, Graylog invited participants to test their skills in a range of challenging scenarios designed to simulate real-world cyber threats. From North America to Europe and beyond, we saw cybersecurity professionals and enthusiasts go head-to-head in Graylog CTFs, flexing their skills, deepening their knowledge, and having fun along the way.
|
By Jeff Darrington
Being a security analyst today is hard. You’re constantly trying to protect your organization while feeling like attackers are always a step ahead of you. Every year, you seem to add more security technologies to your stack, yet you still find yourself facing tooling gaps. If only you had the ability to clearly compare different products and their capabilities, you think.
As I celebrate my first year as head of product management at Graylog, I’ve had the unique privilege of re-immersing myself in the world of Security Information and Event Management (SIEM) from a new perspective. The past year has underscored one critical lesson: staying competitive in SIEM isn’t about adding features; it’s about finding fresh approaches to meet the real needs of security teams.
|
By Jeff Darrington
Everyone remembers that one required writing class they needed to take. If you’re like a lot of other security analysts, you assumed that your job would focus on using technology, not writing research papers. However, in today’s business environment, cyber incidents are critical business events, especially as governments and agencies create more reporting requirements.
|
By Jeff Darrington
“Aren’t you a little short for a Stormtrooper?” In this iconic Star Wars moment, Princess Leia lazily responds to Luke Skywalker, disguised as one of her Stormtrooper captors and using authentication information to open her cell. In other words, Star Wars acts as an analogy for a cross-site request forgery (CSRF) attack. In a CSRF attack, malicious actors use social engineering so that end-users will give them a way to “hide” in their authenticated session.
|
By Graylog
In today’s rapidly evolving threat landscape, the ability to detect and neutralize threats before they inflict damage is critical. This session will showcase how combining multiple log collection strategies can supercharge your threat detection capabilities. By merging traditional DNS logs from your domain controllers with DNS alerts from Cisco Umbrella, you'll gain unprecedented insight into compromised systems at the earliest stages of an attack.
|
By Graylog
Are you ready to streamline your path to cloud compliance while ensuring top-tier security and efficiency? Join us for an exclusive live demonstration of XccelerATOr and Command Center, the cutting-edge solutions that are transforming how organizations achieve and maintain FedRAMP, DoD, and other stringent compliance standards.
|
By Graylog
What does it take to create a truly modern Security Operations Center (SOC)? In this session, we’ll dive into the essential components and architecture that define a cutting-edge SOC, exploring the challenges that organizations face during the modernization process. Through real-world examples, we’ll showcase how forward-thinking clients are successfully navigating these challenges and transforming their SOCs into modern security powerhouses.
|
By Graylog
Aspire Bakeries' Graylog journey began in mid-2017 when we realized the current method of log review/collection on each device wasn’t working for us in Operations and we needed better way of working. Over the years we have grown our Graylog implementation from a single Graylog Open 2.0 VM for Operations Teams to a multi-node cluster handling 100MM+ messages per day and the center of our SOC.
|
By Graylog
While a 200 OK status often signals success, its appearance can be deceiving, especially when it cloaks significant threats within API interactions. This session expands on the critical role of APIs as part of the broader attack surface essential for robust Threat Detection, Identification, and Response (TDIR) programs. We’ll explore intricate case studies where seemingly successful responses harbored risks that bypass traditional monitoring. Learn how to enhance your SIEM capabilities by effectively detecting anomalies in API traffic, ensuring that every layer of interaction is scrutinized—not just the surface.
|
By Graylog
Think you've implemented every security measure possible? Think again. While you may have addressed many common attack vectors from both threat actors and Red Team engagements, there's always more to uncover. This session is designed to push your defenses to the next level by diving deep into the often-overlooked tactics that can significantly enhance your security posture.
|
By Graylog
Kubernetes has revolutionized cloud applications, enabling them to function as microservices distributed across global clusters, significantly enhancing fault tolerance, high availability, and cost efficiency. However, with this great power comes the critical responsibility of maintaining security and observability. Despite its many strengths, Kubernetes lacks a built-in centralized log store, relying instead on third-party plugins for this essential functionality.
|
By Graylog
In February 2024, I discovered a whisper campaign targeting folks in critical infrastructure with a pirate streaming box. While Illicit streaming devices are not new, this one is particularly ""chatty"". When I discovered it was communicating to qqcom, I knew I needed to start ingesting logs and needed a SIEM. I was able to quickly deploy Graylog and collect and correlate logs to understand behavior of the device.
|
By Graylog
Chat Spears Director of Security Operations and Jason Shropshire Co-Founder, COO of Infusionpoints, hightlight their use of Graylog when helping customers achieve FedRAMP Authorization.
|
By Graylog
When it comes to security data enrichment, it's helpful to think beyond threat intelligence. This white paper explores viable standard and advanced third-party intelligence enrichment sources that are often overlooked.
|
By Graylog
In this guide, what to consider when selecting a source of threat intelligence and how to make threat intelligence work for your organization.
|
By Graylog
When alerts go unheeded or don't deliver next steps on how to mitigate threats, SIEM can become an expensive and ineffective tool.
|
By Graylog
This paper examines the critical criteria to consider when evaluating tools for managing your data. There are compelling reasons why Graylog is the best choice for log management and analysis.
|
By Graylog
The previous data protection directive passed long before the Internet became the primary marketplace for businesses. In light of recent data and privacy issues, consumers demand higher standards for more security.
- December 2024 (9)
- November 2024 (8)
- October 2024 (6)
- September 2024 (3)
- August 2024 (6)
- July 2024 (4)
- June 2024 (7)
- May 2024 (5)
- April 2024 (5)
- March 2024 (9)
- February 2024 (8)
- January 2024 (5)
- December 2023 (7)
- November 2023 (2)
- October 2023 (2)
- September 2023 (5)
- August 2023 (4)
- July 2023 (6)
- June 2023 (5)
- May 2023 (4)
- April 2023 (3)
- March 2023 (3)
- February 2023 (5)
- January 2023 (2)
- December 2022 (2)
- November 2022 (2)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
- June 2022 (4)
- May 2022 (5)
- April 2022 (6)
- March 2022 (6)
- February 2022 (1)
- January 2022 (3)
- December 2021 (3)
- November 2021 (1)
- October 2021 (4)
- September 2021 (6)
- August 2021 (4)
- July 2021 (3)
- June 2021 (7)
- May 2021 (3)
- April 2021 (1)
- March 2021 (2)
- December 2020 (2)
- October 2020 (4)
- May 2020 (1)
- January 2019 (3)
- December 2018 (2)
Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. We deliver a better user experience by making analysis ridiculously fast and efficient using a more cost-effective and flexible architecture. Thousands of IT professionals rely on Graylog's scalability, comprehensive access to complete data, and exceptional user experience to solve security, compliance, operational, and DevOps issues every day.
Purpose-built for modern log analytics, Graylog removes complexity from data exploration, compliance audits, and threat hunting so you can find meaning in data more easily and take action faster.