Humio and SOC Prime have built a deep set of platform integrations that simplify security operations for our joint customers. The SOC Prime Threat Detection Marketplace contains over 5,700 detection rules for Humio and with a single click customers can now push these rules to their Humio service. With SOC Prime’s Continuous Content Management feature customers can have new detection rules that match a defined criteria automatically pushed to their Humio service.
What is SIEM? SIEM stands for Security Information and Event Management that collects, aggregates, and analyses activity from different resources across the entire IT infrastructure of the organization. It collects security data from network devices, servers, domain controllers and more. It provides organizations with next-generation detection, analytics, and response. It provides information of utmost importance but the critical decision lies in how to choose the right SIEM solution for you.
While bad actors have become more organized and sophisticated by refining their craft, they are not the only attackers a security professional needs to be concerned with in 2020. There are still opportunistic, less skilled hackers that utilize commoditized exploits. These attack strategies are made possible by leveraging resources that are highly profitable and simple to use, such as simple phishing kits or even ransomware-as-a-service (RaaS) tactics.
Not many things keep company executives and heads of federal agencies up at night like mega cyber breaches do. Mega cyber breaches are not only on the rise, but are also becoming increasingly costly to treat. IBM found that a mega-breach can cost an organization anywhere between $40 to a whopping $350 million. There are two variables contributing to mega breaches, and these variables are spread among most organizations.
CCPA, the recent legal privacy innovation in the US, has introduced a lot of requirements for online businesses. We have previously covered the principle of accountability in both CCPA and GDPR, and how an audit log of all data-related activities as well as handling user rights’ requests is important for CCPA compliance. But we sometimes get the question “Is your SIEM going to help us with CCPA compliance?” or even “Is SIEM required for CCPA compliance?”.
XDR (Extended Detection and Response) is a new trend by large security vendors, and too often people find themselves asking “okay, what’s the difference with SIEM?”. According to Gartner, the main difference is that it is natively integrated with products, typically from the same vendor, which helps in providing better detection and response capabilities. But let’s take a look into what this means in practice.