Hey, there. This is part three of the Elastic SIEM for home and small business blog series. In the Getting started blog, we created our Elasticsearch Service deployment and started collecting data from one of our computers using Winlogbeat. In the Securing cluster access blog, we secured access to our cluster by restricting privileges for users and Beats. If you haven’t read the first and second blogs, you may want to before going any further.

Hey, there. This is part two of the Elastic SIEM for home and small business blog series. In the Getting started blog, we created our Elasticsearch Service deployment and started collecting data from one of our computers using Winlogbeat. If you haven't read the first blog, you may want to before going any further. In this blog, we will secure access to our cluster by restricting privileges for users and Beats.

Security information and event management (SIEM) products came into the limelight during the early 2000s. They are widely regarded as something that only large enterprises need. While it’s true that deploying a SIEM system makes the most sense for big companies, startups and small and midsized businesses (SMBs) shouldn’t rule it out.

Nowadays, it’s not uncommon to see enterprise IT leaders in a situation that seems like a catch 22. Oftentimes, they are expected to be involved in making data-driven decisions for augmenting productivity and profitability. Paradoxically, they are preoccupied with what they consider as their core responsibilities – applying best practices to safeguard the IT infrastructure and expediting investigations when incidents occur.

ChatOps is one of the hot topics within the cyber security circles today. In this article, we will take a closer look at what it is and why it is useful especially in incident response.

With the increase in cyber attacks and data breaches, we’re told to be vigilant in regards to keeping sensitive data safe. But when it comes to cybersecurity, being proactive is just as important. Knowing what is happening to our information systems helps us identify how we should improve our information security posture. This is why security analytics are important.

Openness has long been at the heart of our ethos at Endgame, and it’s part of what makes joining forces with Elastic — an organization with nearly identical culture and values — so exciting. It has long been important to us that endpoint security not be treated as a magic black box shrouded in buzzwords and marketing deception.

Event correlation tools are a fundamental instrument in your toolbox to detect threats from all sources across your organization in real time. A wise use of the right event correlation techniques through log management and analysis is the cornerstone of any reliable security information and event management (SIEM) strategy – a strategy that focuses on prevention rather than reaction.