Security Information and Event Management (SIEM) solutions have been the foundation of enterprises’ security operations and threat detection & response. Even though USM Anywhere has many key SIEM features, it is much more than a SIEM. Why? To perform threat detection, SIEMs and purpose-built threat consoles collect data from security devices. These include network firewalls, endpoint devices, & vulnerability managers to directly from the cloud.

SOC Prime recently enriched their Threat Detection Marketplace with support for almost 2000 cybersecurity rules for Humio, including 1160 that are free. Humio users can now use this content to search and uncover threats to help keep their IT infrastructure more secure. The SOC Prime Threat Detection Marketplace is the world’s largest SOC content repo. Its online library has over 57,000 SIEM & EDR rules, queries, and more designed to work directly in SIEM platforms.

We’re excited to announce that ManageEngine has been recognized as a Customers’ Choice in 2020 Gartner Peer Insights “Voice of the Customer’: Security Information and Event Management (SIEM) for the second time. This is in addition to our recognition in Gartner’s Magic Quadrant for Security Information and Event Management, 2020 for four consecutive times. We are thrilled to be named this recognition yet again. What better way to be recognized than by our customers?

Customers regularly ask me what types of data sources they should be sending to their SIEMs to get the most value out of the solution. The driver for these conversations is often because the customers have been locked into a SIEM product where they have to pay more for consumption. More log data equals more money and, as a result, enterprises have to make a difficult choice around what log sources and data are what they guess is the most important.

Ever since JASK was founded, we have heavily integrated with threat intelligence platforms to gain context into attacker activity through indicators of compromise (IOCs). Now that we have joined Sumo Logic, our customers have the ability to pull in more data than ever making this feature even more powerful. One of our tightest integrations is with the Anomali (formerly ThreatStream) platform.

If you’re responsible for cybersecurity at your company, you know that threats to your organization’s network and data have consistently increased. This has been happening at a point in time when your financial and staffing resources are staying flat (or going in the opposite direction). What does that all add up to mean? It means that regardless of the amount of resources you have to work with, you can’t afford to ease up on your cybersecurity protections.

Security Information Monitoring or Security Event Monitoring is part of Security Information Management. Yes, I acknowledge they are flashy names and that even experts have their differences about concept and scope. Here in Pandora FMS, flexibility is part of our name, so, hereby, I will abbreviate it as Security Monitoring. As you can see, it is short and manageable!

Unless you’ve been living under a rock you are probably familiar with the recent Shadow Brokers data dump of the Equation Group tools. In that release a precision SMB backdoor was included called Double Pulsar. This backdoor is implemented by exploiting the recently patched Windows vulnerability: CVE-2017-0143. For detection, we are going to first focus on the backdoor portion of the implant, hunting for traces left behind on the network.

With all the acronyms floating around in cybersecurity, it is easy to get confused by what means what. Security information and event management, or SIEM, is often confused with security orchestration, automation and response, or SOAR, and vice versa. The reason why stretches beyond their similar syntax. Both SIEM and SOAR live in the security operations center and act as the key technologies to helping organizations detect and respond to threats in an organized and timely manner.