%term

The latest News and Information on Security Incident and Event Management.

Cloud-native SOAR and SIEM solutions pave the road to the modern SOC

Feb 1, 2022 By Enrico Benzoni & Dana Torgersen In Sumo Logic

The ever-evolving cyber threat landscape gives birth to new, unprecedented cyberattacks that challenge traditional cybersecurity approaches and force security operations centers (SOCs) to evolve and redefine their methods. To ensure that the integrity of their data is well-protected, SOCs have to be one step ahead of malicious actors. Ergo, the necessity of creating the modern SOC comes into play.

Read Post

Sumo Logic

Read more about Cloud-native SOAR and SIEM solutions pave the road to the modern SOC

Using event correlation and AI for Threat Detection and Incident Response

Jan 29, 2022 By giusel In UTMStack

According to Cybersecurity Ventures, cybercrime will cost the world $10.5 trillion annually by 2025. However, it is alarming how many companies are unaware of the aftermath of being attacked. A successful attack can cause irreversible damage to companies’ finances. This is because attacks include money theft, damage, and destruction of data, interruption in services, decreased productivity, theft of intellectual property, theft of personal and financial data, reputational harm, and others.

Read Post

UTMStack

Read more about Using event correlation and AI for Threat Detection and Incident Response

Adopt user analytics to accelerate security investigations

Jan 27, 2022 By Jason Dunne In Sumo Logic

Machine data analytics is the process of parsing data generated by software from a wide variety of sources including servers, networks, applications and financial records. These, and many other similar sources, produce massive amounts of data including from local operating systems, identity/access management tools, cloud consoles and their associated log files, alerts, scripts and profiles.

Read Post

Sumo Logic

Read more about Adopt user analytics to accelerate security investigations

Devo's Use Case-Driven Approach to Accelerate SIEM Time to Value

Jan 26, 2022 By Josh Klick In Devo

Organizations cannot wonder if a data breach will happen — they must prepare for when that day comes. Early detection is key to mitigating an attack when it inevitably occurs, but how can CISOs ensure their teams can sift through all the noise they encounter in the SOC to spot malicious activity? Security information and event management (SIEM) technology can play a critical role in empowering your security team to detect potential indicators of compromise faster.

Read Post

Devo

Read more about Devo's Use Case-Driven Approach to Accelerate SIEM Time to Value

Datadog Cloud Security Platform

Jan 25, 2022 By Datadog In Datadog

Datadog's Cloud Security Platform—consisting of Cloud SIEM, Posture Management, and Workload Security—delivers real-time threat detection and continuous configuration audits across your applications, hosts, containers, and cloud infrastructure. Datadog derives security insights from your observability data, enabling security and DevOps teams to work together to detect, investigate, and remediate threats.

View Video

Datadog

Read more about Datadog Cloud Security Platform

Microlesson: Preprocessing Data for Ingestion into Cloud SIEM

Jan 25, 2022 By Sumo Logic In Sumo Logic

Learn whether you need to set up log mappings, parsers, or field extraction rules to get the most out of your data with Sumo Logic and Cloud SIEM.

View Video

Sumo Logic

Read more about Microlesson: Preprocessing Data for Ingestion into Cloud SIEM

Identifying exploits and adversary tradecraft of FORMBOOK information-stealing campaign

Jan 24, 2022 By Elastic Security Intelligence & Analytics Team In Elastic

We wanted to call out some great adjacent research from the team at Sophoslabs Uncut that was released on December 21, 2021. Research groups frequently analyze similar (or in this case, identical) campaigns through their own unique lens. This is fantastic for the security community, as the campaign gets more eyes and different perspectives applied towards the same problem.

Read Post

Elastic

Read more about Identifying exploits and adversary tradecraft of FORMBOOK information-stealing campaign

CertMike Promotion

Jan 22, 2022 By UTMStack In UTMStack

View Video

UTMStack

Read more about CertMike Promotion

You Didn't Ask? Well, the SOC Evolution Answered Anyway

Jan 20, 2022 By Gunter Ollmann, CSO, Devo In Devo

Let me begin by stating the obvious: The cyberattack surface is growing exponentially and diversely. Essentially, it’s a bigger shark and we’ve got the same small boat. The environments, platforms, services, regions and time zones that constitute modern enterprise operations and drive digital transformation for business continue to require increasing specialization and expertise beyond current in-house capabilities.

Read Post

Devo

Read more about You Didn't Ask? Well, the SOC Evolution Answered Anyway

Bringing home the beacon (from Cobalt Strike)

Jan 20, 2022 By Derek Ditch, In Elastic

Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis (), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment.

Read Post