The massive shift to remote work makes managing endpoint security more critical and challenging. Yes, people were already using their own devices for work. However, the rise in phishing attacks during the COVID pandemic shows that all endpoint devices are at a higher risk than before. Plus, more companies are moving toward zero-trust security models. For a successful implementation, you need to secure your endpoints.
Security is one of the most changeable landscapes in technology at the moment. With innovations, come new threats, and it seems like every week brings news of a major organization succumbing to a cyber attack. We’re seeing innovations like AI-driven threat detection and zero-trust networking continuing to be a huge area of investment. However, security should never be treated as a single plane.
With the recent release of Sysmon (System Monitor) for Linux by Microsoft, new opportunities for monitoring, detection development, and defense are now possible. Sysmon for Windows is a very popular tool among detection developers and blue teamers as it provides extensive details from system activity and windows logs. Due to the extensive information this service/driver provides in Microsoft Windows, it is very useful when researching attacks and replicating malicious payloads on lab machines.
Nowadays, malware used to have several stages before it fully compromised the targeted host or machine. The very well-known initial stager is the “phishing email” that contains a malicious macro code or malicious URL link that will download either the actual loader or the next stager to download the actual payload.
DevOps and Security. One encourages speed, agility, iterative learning, enabling technology to keep up with the pace of business. The other wants to keep you safe, slows things down, crosses all the T's and dots all the I's. They seem to be at odds with one another — but do they need to be? DevSecOps says no, that’s not the way it has to be.
The Log4J library is one of the most widely-used logging libraries for Java code. On the 24th of November 2021, Alibaba’s Cloud Security Team found a vulnerability in the Log4J, also known as log4shell, framework that provides attackers with a simple way to run arbitrary code on any machine that uses a vulnerable version of the Log4J. This vulnerability was publicly disclosed on the 9th of December 2021.
In part one of our 2022 cybersecurity predictions series, Devo CSO Gunter Ollmann explained the rise of XDR, the detection-as-code and response-as-code movement, and the growing interest in security tools with built-in, on-demand expertise. In this second installment of our series, I share my take on how the cybersecurity landscape will evolve. Let’s dive into it.
Humio is a CrowdStrike Company. Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events. Data logging can be completed manually, though most processes are automated through intelligent applications like artificial intelligence (AI), machine learning (ML) or robotic process automation (RPA).
