Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

Cloud SIEM: Modernize Security Operations and your Cyber Defense

Mar 25, 2021 By Sumo Logic In Sumo Logic
Scott Crawford, Research Director of Information Security at 451 Research, a part of S&P Global Market Intelligence, joined by Greg Market, Vice President and General Manager of Security at Sumo Logic, discuss the increased adoption of cloud as a deployment model for SIEM. Cloud SIEM and various forms of deployment has become a significant factor for enterprises according to survey-based research at 451 Research.
View Video

Coralogix - On Demand Webinar - 2021 Troubleshooting Best Practices

Mar 25, 2021 By Coralogix In Coralogix
When it comes to troubleshooting, the majority of time spent is usually on finding the issue rather than fixing it. To change this, it’s not enough to store a few metrics - you need to also store context. In this on-demand webinar, we’ll explain the techniques for creating a powerful observability stack, that will not only tell you what is broken, but why it has broken.
View Video
graylog

Monitoring Logs for Insider Threats During Turbulent Times

Mar 24, 2021 By Jeff Darrington In Graylog

For logs and tracking insider threats, you need to start with the relevant data. In these turbulent times, IT teams leverage centralized log management solutions for making decisions. As the challenges change, the way you’re monitoring logs for insider threats needs to change too. Furloughs, workforce reductions, and business practice changes as part of the COVID stay-at-home mandates impacted IT teams.

Read Post
chaossearch

Two Major Industry Awards Confirm ChaosSearch's Growing Role in Enterprise Cybersecurity

Mar 15, 2021 By Tom Grave In ChaosSearch
On Friday, March 12th, ChaosSearch announced that its ChaosSearch Data Platform won Gold for two product categories in the 2021 Cybersecurity Excellence Awards: Best Security Analytics Solution and Best Security Log Analysis solution. Of course, we are thrilled to be recognized for our leadership and innovation in security analytics, but beyond that, these awards help to highlight ChaosSearch’s advantages in an area of growing importance to Security Operations (SecOps) teams.
Read Post
elastic

Validating Elastic Common Schema (ECS) fields using Elastic Security detection rules

Mar 11, 2021 By Eric Beahan In Elastic

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis. Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process.

Read Post
devo

Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service

Mar 11, 2021 By Fran Gomez In Devo

On March 2, 2021, Microsoft announced it had detected the use of multiple 0-day exploits in limited and targeted attacks of on-premises versions of Microsoft Exchange Server. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign—with high confidence—to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

Read Post
graylog

VPN and Firewall Log Management

Mar 10, 2021 By Nick Carstensen In Graylog

The hybrid workforce is here to stay. With that in mind, you should start putting more robust cybersecurity controls in place to mitigate risk. Virtual private networks (VPNs) help secure data, but they are also challenging to bring into your log monitoring and management strategy. VPN and firewall log management gives real-time visibility into security risks. Many VPN and firewall log monitoring problems are similar to log management in general.

Read Post
sumologic

Forrester TEI study: Sumo Logic's Cloud SIEM delivers 166 percent ROI over 3 years and a payback of less than 3 months

Mar 9, 2021 By Girish Bhat In Sumo Logic
We are seeing a renewed focus on accelerating digital transformation projects across business ecosystems and workflows within our customer base. These projects are enabling key business outcomes and this organizational transformation has given security and IT leaders the catalyst and opportunity to modernize security operations while eliminating on-premises debt.
Read Post

Splunk SOAR Playbooks: Crowdstrike Malware Triage

Mar 9, 2021 By Splunk In Splunk
The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.
View Video
elastic

Detecting threats in AWS Cloudtrail logs using machine learning

Mar 9, 2021 By Craig Chamberlain In Elastic

Cloud API logs are a significant blind spot for many organizations and often factor into large-scale, publicly announced data breaches. They pose several challenges to security teams: For all of these reasons, cloud API logs are resistant to conventional threat detection and hunting techniques.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.