Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

NIST CSF V2: What's Hot and What's Not!

NIST is to the US government what The Watcher is to the Marvel universe. In theory, it should simply observe the world around it, but in reality, it responds to evolving threats through interference. Despite the buzz around the update to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), you might find it hard to say that any compliance falls under the category of “hot.”

CIS Control Compliance and Centralized Log Management

Your senior leadership started stressing out about data breaches. It’s not that they haven’t worried before, but they’ve also started looking at the rising tide of data breach awareness. Specifically, they’re starting to see more new security and privacy laws passed at the state and federal levels. Now, you’ve been tasked with the very unenviable job of choosing a compliance framework, and you’re looking at the Center for Internet Security (CIS) Controls.

Is Your SIEM Data Ingestion Keeping Pace?

The ability for your SIEM to ingest data at scale is critical, especially in a world where threats target a vast array of attack surfaces. Ensuring full visibility of all log data is paramount, and you need a SIEM that can ingest any event, in any format, to effectively hunt for threats. Remember, you can’t secure what you can’t see. Whether you’re taking a close look at your current solution or evaluating new potential vendors, here’s what to consider around SIEM data ingestion.

Log Explorer: monitor security events without third-party storage

Today, we are excited to announce beta availability of Log Explorer, which allows you to investigate your HTTP and Security Event logs directly from the Cloudflare Dashboard. Log Explorer is an extension of Security Analytics, giving you the ability to review related raw logs.

Modernizing financial services: A deep dive into Elastic Cloud on AWS for Observability, Security, and more

In the dynamic landscape of financial services, data is not just currency; it's the key to innovation and operational excellence. Data is constantly streamlining from devices, logins, transfers, transactions, and much more, and it’s bound to increase with an ongoing reliance on digital channels. This creates a massive opportunity and responsibility for financial institutions, as their customers (and regulators) demand more from banking providers.

Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199

Two critical vulnerabilities have been exposed in JetBrains TeamCity On-Premises versions up to 2023.11.3. Identified by Rapid7’s vulnerability research team in February 2024, CVE-2024-27198 and CVE-2024-27199 pose a significant threat, enabling unauthenticated attackers to potentially gain administrative control or execute code remotely on affected TeamCity servers.

Understanding Broken Authentication

With authentication, you can face serious consequences if you follow the old motto, “if it ain’t broke, don’t fix it.” From applications to APIs, authentication tells you whether the person or technology accessing a resource is legitimate. In 2017, the Open Worldwide Application Security Project (OWASP), identified broken authentication as #2 on its list of Top 10 application security threats.

Add To Chrome? - Part 4: Threat Hunting in 3-Dimensions: M-ATH in the Chrome Web Store

Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.

The Importance of Security Log Management

Organisations are often introducing new hardware and software to their ever-evolving IT infrastructures in a bid to remain competitive. However, a lack of monitoring on these solutions will pose a significant risk of vulnerabilities that malicious individuals could look to exploit. Cybercriminals are constantly scouring for weaknesses within organisations' IT environments, that they can exploit via unethical strategies and hacking techniques.