SIEM

Defense in depth: DoublePulsar

Jul 7, 2020 By Sumo Logic In Sumo Logic

Unless you’ve been living under a rock you are probably familiar with the recent Shadow Brokers data dump of the Equation Group tools. In that release a precision SMB backdoor was included called Double Pulsar. This backdoor is implemented by exploiting the recently patched Windows vulnerability: CVE-2017-0143. For detection, we are going to first focus on the backdoor portion of the implant, hunting for traces left behind on the network.

Read Post

Sumo Logic

Read more about Defense in depth: DoublePulsar

Integrating Attack Behavior Intelligence into Logstash Plugins

Jun 30, 2020 By Elastic In Elastic

Are you new to Elastic SIEM? Join us for a demo and learn how to start investigating threats in your environment.

View Video

Elastic

Read more about Integrating Attack Behavior Intelligence into Logstash Plugins

Preventing "copy-paste compromises" (ACSC 2020-008) with Elastic Security

Jun 29, 2020 By Asjad Athick In Elastic

The Australian Cyber Security Centre (ACSC) recently published an advisory outlining tactics, techniques and procedures (TTPs) used against multiple Australian businesses in a recent campaign by a state-based actor. The campaign — dubbed ‘copy-paste compromises’ because of its heavy use of open source proof of concept exploits — was first reported on the 18th of June 2020, receiving national attention in Australia.

Read Post

Elastic

Read more about Preventing "copy-paste compromises" (ACSC 2020-008) with Elastic Security

What is SIEM?

Jun 26, 2020 By Laura Cano In Pandora FMS

SIEM (Security Information and Event Management) is a kind of software whose purpose is to provide organizations and corporations with useful information. “About what?” you may wonder. Well, about potential security threats related to your business networks. SIEM does this through data collation and by prioritizing all kinds of dangers or threats. In general, we already answered the question “what is SIEM?”, but how does it do it?

Read Post

Pandora FMS

Read more about What is SIEM?

Why cloud-native SIEM is vital to closing the security skills gap

Jun 24, 2020 By Dana Torgersen In Sumo Logic

Our digital surface is expanding rapidly and threats are becoming more sophisticated day by day. This is putting enormous strain on security teams, which have already been stretched to the limits. Nonetheless, organizations are skeptical of relieving this cybersecurity strain with AI and automation. Why does this situation persist when it’s simply against the logic?

Read Post

Sumo Logic

Read more about Why cloud-native SIEM is vital to closing the security skills gap

Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

Jun 23, 2020 By Elastic In Elastic

Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three part meetup series we will take you on a journey from zero to hero - getting started with the Elastic SIEM to beginner threat hunting.

View Video

Elastic

Read more about Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

How to Overcome the Drawbacks of SIEM Tools

May 31, 2020 By Bruno Amaro Almeida In logz.io

These days, “SIEM” (Security Information and Event Management) is all over the place. SIEM tools work by collecting data from multiple systems and noticing patterns in the data. This adds immediate value to the business by providing insights, security recommendations, and actionable intelligence. Despite being helpful tools for many companies, SIEM tools do have their drawbacks. This article will describe the four main ones and offer suggestions for how they might be overcome.

Read Post

logz.io

Read more about How to Overcome the Drawbacks of SIEM Tools

Automated incident response with Flowmon and FortiGate

May 18, 2020 By Flowmon In Flowmon

Flowmon has teamed up with Fortinet to provide security administrators with an integrated solution for automated threat detection and incident response. Join this webinar to learn about the benefits of the integration between Flowmon and the FortiGate next-generation firewall. You will experience a live demo demonstrating how Flowmon’s detection capabilities can enhance FortiGate’s security enforcement to create a truly automated security matrix. Incident logging to FortiSIEM included.

View Video

Flowmon

Read more about Automated incident response with Flowmon and FortiGate

Getting started with adding a new security data source in your Elastic SIEM: Part 1

May 8, 2020 By Tony Meehan In Elastic

What I love about our free and open Elastic SIEM is how easy it is to add new data sources. I’ve learned how to do this firsthand, and thought it’d be helpful to share my experience getting started. Last October, I joined Elastic Security when Elastic and Endgame combined forces. Working with our awesome security community, I’ve had the opportunity to add new data sources for our users to complement our growing catalog of integrations.

Read Post