Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Security Incident and Event Management.

sumologic

So you're buying your first SIEM... here's how not to suck at it

Jul 16, 2025 By David Girvin In Sumo Logic
Welcome to the chaos. You’ve been told you need a SIEM. Maybe it was your CISO. Maybe it was your auditor. Maybe your SOC is tired of stitching together logs with duct tape and Python scripts. Doesn’t matter — you’re now on the SIEM buying journey. Congratulations… and condolences. Let’s walk through how to actually buy your first SIEM without lighting your budget (and your team’s morale) on fire.
Read Post
graylog

Unlock Email Threat Visibility with Mimecast and Graylog

Jul 16, 2025 By Jeff Darrington In Graylog
Email threats aren’t slowing down. From credential phishing to malware-laced attachments, email remains one of the most exploited entry points for attackers. If you’re already using Mimecast to help mitigate that risk, you’re ahead of the curve — but raw log data only gets you so far. Starting with Graylog 6.2.3, you can pull logs directly from Mimecast using API v2.0 and view them immediately with built-in Illuminate Dashboards.
Read Post
elastic

Elastic strengthens AI security integration with Microsoft Azure AI Foundry Model Catalog

Jul 14, 2025 By Greg Crist In Elastic
Elastic partners with Microsoft to provide integration with the Azure AI Foundry Model Catalog. This collaboration significantly enhances the choices available to security analysts, providing access to a diverse array of powerful large language models (LLMs) that are native to the Azure cloud ecosystem. This partnership underscores Elastic's commitment to delivering cutting-edge cyber defenses for Microsoft Azure customers, using their existing cloud infrastructure and investments.
Read Post
graylog

A Beginner's Guide to Ransomware-as-a-Service (Raas)

Jul 14, 2025 By Jeff Darrington In Graylog
Over the last few years, news reports around ransomware attacks have noted that the attacks are increasingly sophisticated. Simultaneously, they say that the attackers are less sophisticated than in the past. While these two statements appear to conflict with each other, they are both true when viewed through the lens of the current cybercriminals business models.
Read Post
elastic

Elevating data security: Ingest data from an Azure Event Hub secured by Entra ID

Jul 14, 2025 By Tim Lee, In Elastic
If you’re just here for the practical example, skip ahead. Are you still relying on static connection strings or shared access signature (SAS) keys to protect your sensitive data streams in Azure Event Hubs? While convenient, these methods can introduce security vulnerabilities. This blog demonstrates a more secure and modern approach.
Read Post
elastic

Understanding the CISO: Role, skills, and security impact

Jul 11, 2025 By Elastic Security Team In Elastic
In the face of increasingly sophisticated cyber threats, the chief information security officer, or CISO, is responsible for ensuring the organization's data is secure. CISOs ensure that proper security strategies, policies, and technologies are working to meet their goals of mitigating risk, maintaining regulatory compliance, and upholding customer trust. A CISO helps align security initiatives with business goals, enabling growth while minimizing disruptions and vulnerabilities.
Read Post

AI-Powered Email Threat Detection and Response with Next-Gen SIEM

Jul 11, 2025 By CrowdStrike In CrowdStrike
Email remains the top attack vector, and speed is critical when every second counts. Falcon Next-Gen SIEM and Fusion SOAR streamline detection by ingesting email telemetry and automating investigation with Charlotte AI. By analyzing sender behavior and message content, Charlotte AI delivers real-time, human-readable verdicts with confidence scoring. Teams can quickly isolate threats, block senders, or escalate suspicious activity. With AI-powered workflows and automation, email triage becomes faster, more precise, and scalable.
View Video
Torq

How AI is Redefining SOC Architecture

Jul 11, 2025 By Bob Boyle In Torq
If you’ve been in cybersecurity longer than five minutes, you know one thing: legacy SOC architecture isn’t just showing its age — it’s creaking under the weight of today’s threats. Cybersecurity analyst Francis Odum nailed it when presenting at Torq’s SKO 2025: “Legacy SOAR assumed everything starts in the SIEM. Now, teams connect automation directly to EDR, email, and identity systems.”.
Read Post
manageengine

ManageEngine Log360 launches Zia Insights, its first AI-powered contextual analytics for modern SOCs

Jul 10, 2025 By Esther Christopher In ManageEngine
Security operations centers (SOCs) have been drowning in a sea of alerts, raw logs, and siloed data for quite sometime now. A study by Morning Consult and IBM showed that 63% of alerts handled by SOCs daily are false positives or low priority, and analysts spend one-third of their day investigating these alerts. Yet, the information needed to detect, investigate, and respond to threats is often already present, just fragmented and buried. This is where AI steps in to rewrite the rules of engagement.
Read Post
sumologic

Ten new and updated apps for securing and monitoring your environments

Jul 10, 2025 By Margaret Selid In Sumo Logic
Whether you rely on Sumo Logic for securing your systems, monitoring your infrastructure, or maximizing application performance, connecting to your tech stack is essential. That’s why we continuously release new apps and upgrade existing ones, ensuring you can easily connect to your stack and visualize key data with out-of-the-box dashboards. Let’s dive into some of the latest additions to our app catalog, designed to help you monitor, secure, and optimize your environment.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.