The whole point of IT systems, whether deployed via traditional methods or via modern practices (such as Agile methodologies, DevSecOps, and orchestration platforms like Kubernetes) is to make data available for business operations — whether those operations are making business decisions, identifying or troubleshooting system performance and efficiency issues, detecting bad actors, or protecting organizational assets.

Cloud-based SIEM, long a forward-looking topic, is here and now. In fact, advanced organizations will spend 27% more on cloud cybersecurity as a percentage of IT spending in 2022 vs. 2021 as they expand their use of cloud providers, services, and integrations with other technologies. There are a myriad of benefits to conducting security operations on a cloud-based platform.

The insurance industry's business model is rapidly evolving as the latest consumer and business technologies deliver greater quantities of real-time data than ever before. McKinsey predicts that by 2030, processes like underwriting as we know it will cease to exist — machine and deep learning models will automate policies and reduce delivery time to seconds.

For decades, the cybersecurity industry has been shrouded in secrecy. This is partly because of the misunderstanding that cybersecurity often relies on obscurity as its primary form of defense. As the thinking goes, if adversaries don’t know about or understand the security controls that security vendors have in place, it will be easier to defend against cyberattacks.

No single organization is prepared to stop an attack from a nation-state Not so long ago, I woke up every morning focused on one thing: finding and exploiting vulnerabilities. During my 10 years working for the U.S. National Security Agency (NSA), my single objective was to identify and exploit networks to collect foreign intelligence. I was fortunate to work alongside the world’s best professional vulnerability and exploit developers. My time serving my government was formative and humbling.

Insights from the 2022 Results That Matter study “88% of boards regard cybersecurity as a business risk rather than solely a technical IT problem.”1 Regardless of geography, industry, sector, or use cases, most would agree that reducing risk is a top priority for their organization. Whether it’s decreasing phishing scams, ransomware, and malware attacks or reducing the risk of customer churn due to breaches, security is everyone’s concern.

Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.

On July 27, 2022, Microsoft Threat Intelligence Center (MSTIC) disclosed a private-sector offensive actor (PSOA) that is using 0-day exploits in targeted attacks against European and Central American victims. MSTIC and others are tracking this activity group as KNOTWEED. PSOAs sell hacking tools, malware, exploits, and services. KNOTWEED is produced by the PSOA named DSIRF.

When the average organization experiences 26 cyber attacks per year, being prepared for the aftermath of a breach is just as important as prevention.