The Last Watchdog

OCTOBER 23, 2023

Related: Dasera launches new Snowflake platform For years, Splunk has been the workhorse SIEM for many enterprise Security Operation Centers (SOCs). To achieve decoupling, organizations need to implement a unified detection layer and adopt the right AI tooling. However, security teams have challenges with Splunk’s steeply rising costs.

Architecture 261

Architecture Threat Detection Engineering Data collection 261

The Last Watchdog

FEBRUARY 11, 2024

However, from the sheer amount of regulations coming down the pipeline to the tools necessary to counter threat actors, internal IT is not the right resource for this monumental task. Experience, on top of the right tools, are necessary to withstand the onslaught of cyber threats currently bombarding the finance sector.

Cyber Risk 234

Cyber Risk Risk Financial Services Cyber threats 234

CyberSecurity Insiders

SEPTEMBER 11, 2021

Security industry blogs, magazines, and websites frequently report that many security teams are frustrated by the limitations of their SIEM tool. This article will highlight some of the critical findings of Panther’s research as published in their State of SIEM 2021 report.

Threat Detection 126

Threat Detection Data collection Software Engineering 126

Centraleyes

APRIL 1, 2024

What is a SIEM? SIEM solutions enable enterprises to monitor and analyze security-related data from a variety of sources, such as firewalls, intrusion detection systems (IDS), and endpoint security devices. SIEMs were originally two separate systems: Security event management (SEM) and security information management (SIM).

Firewall 52

Firewall Antivirus Risk Artificial Intelligence 52

Security Boulevard

FEBRUARY 5, 2024

If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). But if you’re still using an outdated SIEM, you’re putting your organization at risk [A.C. — are Legacy SIEMs [ A.C. — many Frankly no!

Threat Detection 69

Threat Detection Engineering Artificial Intelligence Risk 69

Anton on Security

OCTOBER 17, 2022

This blog is written jointly with Konrads Klints. TL;DR: Migration from one SIEM to another raises the question of what to do with all the data in the old SIEM. A traditional approach was to let the old SIEM hardware languish until its data was no longer required. It is just not worth the effort.

Engineering 100

Engineering Technology Software Education 100

Security Boulevard

MARCH 28, 2023

So, we went through “Debating SIEM in 2023, Part 1” , now let’s debate a bit more. At this point, everybody who didn’t “rage stop” reading it should be convinced that yes, SIEM does matter in 2023. Debating SIEM in 2023, Part 1 But why? I bet the views on why SIEM matters differ a lot. So let’s dive into this!

Threat Detection 69

Threat Detection Banking Risk Technology 69

McAfee

NOVEMBER 25, 2021

It highlights one Microsoft Exchange CVE (Common Vulnerability & Exposure), three Fortinet CVEs and a list of malicious and legitimate tools associated with this activity. The labels also highlight the use of hacking tools and vulnerabilities which you can then view in the Campaign details. Ransomware. Vulnerability.

Encryption 61

Encryption Risk Ransomware Hacking 61

Google Security

APRIL 18, 2024

Posted Kaleigh Rosenblat, Chrome Enterprise Senior Staff Software Engineer, Security Lead Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks. From customized content creation to source code generation, it can increase both our productivity and creative potential.

Engineering 75

Engineering Software 75

Anton on Security

DECEMBER 8, 2023

As I said in my now-dead Gartner blog, a lot of security operation centers looked like they were built on a blueprint of a classic paper written by somebody from ArcSight around 2003 (don’t get me wrong, that was an epic SOC paper … for 2003!). long story, probably Part 3 of this blog :-)]. So, is there anything else?

Engineering 130

Engineering Phishing 130

eSecurity Planet

MARCH 14, 2022

Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. Indeed, the tool can assess vulnerabilities and run penetration tests , while most tools on the market cannot do both. The tool is so powerful that black hat hackers and international threat groups have added it to their arsenal.

Energy and Utilities 131

Energy and Utilities DNS Penetration Testing Ransomware 131

Security Affairs

APRIL 13, 2023

The origin and impact of insider risk To understand best how to combat them, it helps to know where insider threats originate and why. The top insider threat software products of 2023 Data Detection and Response (DDR) company Cyberhaven offers valuable insights into some of the top security tools designed with inside threats in mind.

Data privacy 91

Data privacy Risk Media Software 91

Security Boulevard

OCTOBER 17, 2022

This blog is written jointly with Konrads Klints. TL;DR: Migration from one SIEM to another raises the question of what to do with all the data in the old SIEM. A traditional approach was to let the old SIEM hardware languish until its data was no longer required. Problem statement. It is just not worth the effort.

Engineering 72

Engineering Technology Software Education 72

Security Boulevard

SEPTEMBER 3, 2021

What if we don’t look at XDR from either EDR or SIEM angle, but we look at it from first principles? When I was an analyst , many vendors showed me their tools and some claimed “XDR.” In most cases, my instinctive reaction was to argue with them, because I very clearly saw “SIEM” (or pieces of SIEM ) in what they showed me ….

Technology 64

Technology Threat Detection Marketing Cybersecurity 64

The Last Watchdog

MAY 15, 2021

Much attention has been paid to the widespread failure to detect the insidious Sunburst malware that the SolarWinds hackers managed to slip deep inside the best-defended networks on the planet. Specialized auditing tools became freely available along with briefings about what to look for and how best to mitigate exposures.

Technology 157

Technology Hacking CISO Threat Detection 157

Anton on Security

JULY 30, 2021

I also noted the critical role of context in threat detection , which seems to imply that the best detections are written on-site by each team, and not by the vendors in their comfy little labs … Here, I want to continue the conversation on detection quality. Also, I want to look for some ideas that can help everybody. More to come!

Threat Detection 130

Threat Detection Authentication Engineering Cybersecurity 130

Anton on Security

DECEMBER 28, 2020

After all, anti-malware tools promise to detect malware using vendor-created signatures that operate without any input from the customer about their environment (as a minor sidenote, if you “tune” AV then you do introduce that very local context). This is accepted by most sane SIEM vendors and customers. They will be?—?with

Threat Detection 100

Threat Detection Malware Technology Engineering 100

Security Boulevard

SEPTEMBER 21, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Contrary to what some may think, a detection and response (D&R) success is more about the processes and people than about the SIEM.

Engineering 59

Engineering Threat Detection Marketing Internet 59

Anton on Security

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” I’ve always said, for example, that SIEM is complex, largely because its mission is complex. Now, if your SIEM vendor makes SIEM as complex as the mission, but not more complex, you may have a winner.

Engineering 100

Engineering Software Data collection Architecture 100

McAfee

AUGUST 25, 2020

The McAfee team is very proud to announce that once again McAfee was named a Gartner Peer Insights Customers’ Choice for SIEM for its McAfee Enterprise Security Manager (ESM) Solution , a recognition of high satisfaction from a number of reviews by verified end-user professionals. Cybersecurity Architect, Government. Read full review here.

Government 52

Government Software Cybersecurity 52

Anton on Security

MAY 5, 2023

Not quite, but if you recall, my previous RSA blog , the skeletal grin of XDR stared at you from nearly every booth in 2022. Instead, some notable ex-XDR vendors wisely pivoted to SIEM. TL;DR: generative AI is a tool, but it is also “a micro game changer”, yet not “a macro game changer.” Not at all. RSA 2017: What’s The Theme?

Artificial Intelligence 130

Artificial Intelligence Threat Detection Marketing Cybersecurity 130

Security Boulevard

JUNE 15, 2022

The sheer volume of security alerts generated by a SIEM can be overwhelming, and it is critical that security teams are able to prioritize the alerts that could stop a potential attack in its tracks. In the security monitoring space, an alert is created by a security information event management (SIEM) tool. Setting Alert Rules.

Firewall 52

Firewall Passwords Architecture Mobile 52

Security Boulevard

DECEMBER 8, 2023

As I said in my now-dead Gartner blog, a lot of security operation centers looked like they were built on a blueprint of a classic paper written by somebody from ArcSight around 2003 (don’t get me wrong, that was an epic SOC paper … for 2003!). long story, probably Part 3 of this blog :-)]. So, is there anything else?

Engineering 64

Engineering Phishing 64

Webroot

MAY 25, 2021

As a result, many businesses and managed service providers may try to account for their efficacy needs in the tools that they choose, vetting the solutions with the highest reviews and the best third party testing scores. But the tools aren’t everything. Trust your tools, but make sure you’re using them wisely.

Phishing 143

Phishing DNS Backups Cyber threats 143

Jane Frankland

JANUARY 9, 2024

In this blog, I’m going to explore the pros and cons of using an MDR provider and whether it’s better choosing a boutique provider over that of a traditional big brand. Acting before an intrusion has occurred is best practice as it limits damage and helps you identify any related malicious activity in other networks and systems.

Threat Detection 147

Threat Detection Technology Marketing Artificial Intelligence 147

eSecurity Planet

AUGUST 10, 2023

As a bonus, many of these tools are free to access and have specialized feeds that focus on different industries and sectors. Differentiator APIs/Integrations Pricing AlienVault Open Threat Exchange Best for community-driven threat feeds Yes Free FBI Infragard Best for critical infrastructure security Limited Free abuse.ch

Internet 95

Internet Internet Cybersecurity Malware 95

Duo's Security Blog

NOVEMBER 27, 2023

That’s why we offer a series of options, any of which can improve your posture, all of which work best together. Monitoring Duo fully supports customers who want to monitor their identity stack using tools like SIEMs, SOARs, and XDRs. If you are a Splunk customer, consider using the Duo Splunk Connector.

Authentication 68

Authentication Social Engineering Risk Accountability 68

McAfee

MAY 17, 2021

Deconstructing the SIEM, Log by Log. SIEM technologies have been used in security operations for over 15 years for a few reasons. Next, because the data sources are so disparate, SIEMs can be used to correlate activities among usually unrelated feeds. Figure 1: SIEM vs XDR Capabilities. If You See Something, Do Something.

Architecture 78

Architecture Technology Artificial Intelligence Surveillance 78

Duo's Security Blog

MARCH 2, 2022

Multi-factor authentication is one of the best ways to thwart bad actors using stolen credentials — but it’s not foolproof. These attacks are not necessarily new, but hacking tools/scripts and scripts are constantly evolving and have made it easier for attackers to execute them. Where possible, upgrade to the new Universal Prompt.

Authentication 100

Authentication Phishing DNS Passwords 100

Security Boulevard

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” I’ve always said, for example, that SIEM is complex, largely because its mission is complex. Now, if your SIEM vendor makes SIEM as complex as the mission, but not more complex, you may have a winner.

Engineering 64

Engineering Software Data collection Architecture 64

Thales Cloud Protection & Licensing

OCTOBER 15, 2019

To tackle the challenge, government leaders, urban planners, and other key stakeholders should make cybersecurity best practices an integral part of the smart city governance, design, and operations, and not just an afterthought. Best practices to secure smart cities. Equally clear, however, is that there are tools to fight back.

Technology 113

Technology Encryption Government System Administration 113

Security Boulevard

JULY 30, 2021

I also noted the critical role of context in threat detection , which seems to imply that the best detections are written on-site by each team, and not by the vendors in their comfy little labs …. Specifically, how would many MSSP teams write good detections without access to the best of the best detection authoring talent?

Threat Detection 64

Threat Detection Authentication Engineering Cybersecurity 64

Javvad Malik

OCTOBER 29, 2020

There’s often a lot of debate as to what the best security or hacking movie is. I was reminded of this by Phil Cracknell who posted on linkedin that in his opinion the Kevin Costner, Whitney Houston classic, Bodyguard was the best infosec movie. They quickly lose their skills and can’t compete against the best.

CISO 246

CISO InfoSec Banking Backups 246

Security Boulevard

MAY 5, 2023

Not quite, but if you recall, my previous RSA blog , the skeletal grin of XDR stared at you from nearly every booth in 2022. Instead, some notable ex-XDR vendors wisely pivoted to SIEM. TL;DR: generative AI is a tool, but it is also “a micro game changer”, yet not “a macro game changer.” Not at all. RSA 2017: What’s The Theme?

Artificial Intelligence 78

Artificial Intelligence Threat Detection Marketing Cybersecurity 78

NopSec

FEBRUARY 13, 2024

We do so to break and exploit the weakest exposures before building the best security software that truly solves the data overload and silo problems. Enterprises, large or small, on average own between 20 and 100+ security tools. It is no longer a tooling problem, it is a data problem.

Marketing 52

Marketing Risk Digital transformation Software 52

Anton on Security

NOVEMBER 6, 2023

So, the topic is so-called “decoupled SIEM” (I probably made up the term, but …hey… at least this is not an acronym like EDR so YMMV). In my mind, “Decoupled SIEM” is a way to deliver Security Information and Event Management (SIEM) technology where the data management (a) and threat analysis (b) are provided by different vendors.

Engineering 245

Engineering Data collection Threat Detection Technology 245

McAfee

FEBRUARY 4, 2021

This blog is part of our SOCwise series where we’ll be digging into all things related to SecOps from a practitioner’s point of view, helping us enable defenders to both build context and confidence in what they do. . And lastly, they’ll cover best practices, hardening prevention, and early detection. .

DNS 102

DNS Firewall Accountability Technology 102