Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

splunk

Log4Shell, Splunkbase, and You: A Message From Your Friendly Neighborhood Cybersecurity Engineer

May 2, 2022 By David Holiday In Splunk

Call me David. As you might have heard, Log4Shell, “the single biggest, most critical vulnerability ever”1 was recently disclosed to the public. You may even have seen us make mention of it here, here, here, or even maybe here. Splunkbase was impacted by way of apps both made by Splunk and third-party developers.

Read Post
teleport

6 Best Practices for Kubernetes Audit Logging

Apr 28, 2022 By Tyler Charboneau In Teleport

Running a Kubernetes-based infrastructure is challenging and complex. Administrators often lament how complicated performance optimization and monitoring are, which can lead to problems in production. Additionally, even finely-tuned Kubernetes deployments can encounter sporadic issues. When Kubernetes starts behaving in strange ways, digging into logs can help you uncover breadcrumbs. These contextual hints can help lead you to possible solutions.

Read Post

Koffee Talk with Kovar

Apr 27, 2022 By Splunk In Splunk
In this special edition of Koffee Talk, Ryan Kovar discusses the whitepaper titled, “An Empirically Comparative Analysis of Ransomware Binaries” authored by SURGe member Shannon Davis. The research reveals that the average ransomware encryption speed is likely beyond the capabilities of most blue teams to detect and mitigate. Shannon will also explain what this means for network defense. Join Ryan and Shannon for this in-depth discussion with snark, deadpan humor, and a look at SURGe’s next phase of ransomware research.
View Video
splunk

Answered: Your Most Burning Questions About Planning And Operationalizing MITRE ATT&CK

Apr 27, 2022 By Matthias Maier In Splunk

Hey There, Recently we ran a webinar ( English | German | French) in which we showed how Security Operations Teams can plan based on the MITRE ATT&CK Navigator, a threat-centric defense strategy. We also demonstrated how to operationalize it with content from the Splunk Security Essentials app via Splunk Enterprise Security. We received so many questions from attendees during the session that we weren’t able answer them all.

Read Post
graylog

C-Suite Reporting with Log Management

Apr 26, 2022 By The Graylog Team In Graylog
When security analysts choose technology, they approach the process like a mechanic looking to purchase a car. They want to look under the hood and see how the product works. They need to evaluate the product as a technologist. On the other hand, the c-suite has different evaluation criteria. Senior leadership approaches the process like a consumer buying a car.
Read Post
graylog

Why Is Normalizing Log Data in a Centralized Logging Setup Important: Operations & Security

Apr 25, 2022 By Jeff Darrington In Graylog
The phone rings. Your email pings. Your marketing team just told you about a flood of messages on social media and through live chat that there’s a service outage. You thought your Monday morning would be calm and relaxed since people are just returning from the weekend. How do you start researching all of these incoming tickets? How do you know which ones to handle first? Is this just a hardware failure, or are you about to embark on a security incident investigation like Log4j?
Read Post
datadog

Best practices for reducing sensitive data blindspots and risk

Apr 22, 2022 By Mallory Mooney In Datadog

Modern applications log vast amounts of personal and business information that should not be accessible to external sources. Organizations face the difficult task of securing and storing this sensitive data in order to protect their customers and remain compliant. But there is often a lack of visibility into the sensitive data that application services are logging, especially in large-scale environments, and the requirements for handling it can vary across industries and regions.

Read Post

Coffee Talk with SURGe: 2022-APR-19 MS-RPC Vulnerability, Lazarus, Pipedream

Apr 20, 2022 By Splunk In Splunk
This week Audra Streetman, Ryan Kovar, and Mick Baccio from Splunk discussed the latest security news, including the MS-RPC vulnerability CVE 2022 26809, a CISA alert about the North Korean state-sponsored Lazarus Group, and Sunday's 60 Minutes episode on the threat of Russian cyberattacks targeting U.S. critical infrastructure. Mick and Ryan also competed in a 60 second charity challenge to explain why Americans should be concerned about the potential for a Russian cyberattack targeting U.S. critical infrastructure.
View Video
splunk

The Upsurge in Ransomware Attacks in Australia and Opportunities to Protect Data

Apr 20, 2022 By Mark Troselj In Splunk

There are rare occasions when you open the news and don't find anything about cybersecurity in the headlines. According to the Australian Cyber Security Centre (ACSC), Australia has dealt with a cyberattack every 8 minutes in the financial year 2020-21, with over 67,500 cases of cybercrime registered in the same year. Studies indicate that ransomware is one of the most frequent and damaging types of malware leveraged by cybercriminals.

Read Post
Subscribe to Logging

Copyright © 2024 OpsMatters™. All rights reserved.