Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

chaossearch

Two Major Industry Awards Confirm ChaosSearch's Growing Role in Enterprise Cybersecurity

Mar 15, 2021 By Tom Grave In ChaosSearch
On Friday, March 12th, ChaosSearch announced that its ChaosSearch Data Platform won Gold for two product categories in the 2021 Cybersecurity Excellence Awards: Best Security Analytics Solution and Best Security Log Analysis solution. Of course, we are thrilled to be recognized for our leadership and innovation in security analytics, but beyond that, these awards help to highlight ChaosSearch’s advantages in an area of growing importance to Security Operations (SecOps) teams.
Read Post
elastic

Validating Elastic Common Schema (ECS) fields using Elastic Security detection rules

Mar 11, 2021 By Eric Beahan In Elastic

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis. Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process.

Read Post
devo

Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service

Mar 11, 2021 By Fran Gomez In Devo

On March 2, 2021, Microsoft announced it had detected the use of multiple 0-day exploits in limited and targeted attacks of on-premises versions of Microsoft Exchange Server. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign—with high confidence—to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

Read Post
graylog

VPN and Firewall Log Management

Mar 10, 2021 By Nick Carstensen In Graylog

The hybrid workforce is here to stay. With that in mind, you should start putting more robust cybersecurity controls in place to mitigate risk. Virtual private networks (VPNs) help secure data, but they are also challenging to bring into your log monitoring and management strategy. VPN and firewall log management gives real-time visibility into security risks. Many VPN and firewall log monitoring problems are similar to log management in general.

Read Post
sumologic

Forrester TEI study: Sumo Logic's Cloud SIEM delivers 166 percent ROI over 3 years and a payback of less than 3 months

Mar 9, 2021 By Girish Bhat In Sumo Logic
We are seeing a renewed focus on accelerating digital transformation projects across business ecosystems and workflows within our customer base. These projects are enabling key business outcomes and this organizational transformation has given security and IT leaders the catalyst and opportunity to modernize security operations while eliminating on-premises debt.
Read Post

Splunk SOAR Playbooks: Crowdstrike Malware Triage

Mar 9, 2021 By Splunk In Splunk
The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.
View Video
elastic

Detecting threats in AWS Cloudtrail logs using machine learning

Mar 9, 2021 By Craig Chamberlain In Elastic

Cloud API logs are a significant blind spot for many organizations and often factor into large-scale, publicly announced data breaches. They pose several challenges to security teams: For all of these reasons, cloud API logs are resistant to conventional threat detection and hunting techniques.

Read Post
devo

Choosing a Centralized Log Management Solution: Top 5 Criteria

Mar 4, 2021 By Kevin Flanagan In Devo

In previous posts, we’ve written about two topics covered in the Devo eBook The Shift Is On, which presents the use case for centralized log management (CLM) in the cloud. First, we looked at the 5 best practices for security logging in the cloud. Next, we delved into the question of when your organization should adopt centralized logging. In our final installment, let’s examine the five key evaluation criteria for choosing the right CLM solution for your business.

Read Post
manageengine

Security operations center, Part 3: Finding your weakest link

Mar 3, 2021 By Log360 In ManageEngine

Any organization with data assets is a possible target for an attacker. Hackers use various forms of advanced cyberattack techniques to obtain valuable company data; in fact, a study by the University of Maryland showed that a cyberattack takes place every 39 seconds, or 2,244 times a day on average. This number has increased exponentially since the COVID-19 pandemic forced most employees to work remotely, and drastically increased the attack surface of organizations around the world.

Read Post
devo

When Your Organization Should Adopt Centralized Logging

Feb 25, 2021 By Kevin Flanagan In Devo

Most security pros know the value of log data. Organizations collect metrics, logs, and events from some parts of the environment. But there is a big difference between monitoring and a true centralized log management. How can you measure the effectiveness of your current logging solution? Here are four signs that it’s time to centralize log management in your organization: This post is based on content from the new Devo eBook The Shift Is On.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.