Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security vendors seem to have a complicated relationship with the MITRE ATT&CK(™) matrix. With one hand, they hold it high as a powerful resource, and with the other, they criticize some aspect of it. But regardless of your viewpoint on any given day, ATT&CK is one of the most important resources for improving your understanding of threat capabilities and aligning those to technical controls, countermeasures, or mitigations.

From on-demand healthcare services like telehealth to wearable technologies, predictive healthcare to blockchain technologies for electronic health records, or 5G for healthcare services to AI and augmented reality for state-of-the-art medical treatments, the healthcare industry is at an inflection point. These digital transformations also bring along elevated cybersecurity risks.

Splunk has been named a Leader in the IDC MarketScape: Worldwide SIEM 2022 Vendor Assessment (doc #US49029922, November 2022). We believe this recognition is a testament to our commitment to delivering a best-in-class, data-centric security analytics solution that helps our customers accelerate threat detection and investigations, and achieve cybersecurity resilience.

The SOC is changing. And to keep cybercriminals from wreaking havoc, security teams must mature their security operations to derive more value from the systems, tools, and data at their disposal. To do so, organizations are increasingly automating more SOC tasks and have long-term plans to build autonomous SOCs to augment their security analysts.

Cloud adoption and digital transformation have enlarged attack surfaces that can be exploited by malicious actors to harm your organization. Traditional SIEMs and EDRs fall short as they are not cloud-native and also difficult to scale. Further, there are inherent fixed costs that need to be considered when adopting any modern threat detection apparatus.

It’s an ever-changing and ever-evolving threat landscape out there today. Bad actors are smarter, more sophisticated, and better at evading detection. Security teams are also facing a barrage of overwhelming information, continually expanding the stream of alerts that must be reviewed, triaged and investigated.

Devo recently announced that it has entered into a strategic collaboration agreement with Amazon Web Services (AWS). This is a significant milestone for Devo and great news for our mutual customers with AWS. We caught up with Tony Le, cloud partnerships director, to take a deeper dive into what this means and how the collaboration will benefit our users in the long run.

Amazon Security Lake allows customers to build security data lakes from integrated cloud and on-premises data sources as well as from their private applications. Directing your security telemetry into a unified data lake makes it easier to manage, analyze, and route security-log and event data to third-party SIEM solutions that leverage that telemetry.

As organizations are rapidly moving to the cloud to leverage the cloud advantage, services are also moving to the cloud, including cybersecurity solutions such as SIEM. In fact, SIEM as a Service is rapidly gaining momentum as an alternative to traditional, on-premises SIEM solutions. In its 10 Questions to Answer Before Adopting a SaaS SIEM report, Gartner had predicted that by 2023, 80% of SIEM solutions will have capabilities that are delivered via the cloud.

Investigating the origin of activity in cloud-native infrastructure—and understanding which activity is a potential threat—can be a challenging, time-consuming task for organizations. Cloud environments are complex by nature, comprising thousands of ephemeral, interconnected resources that generate large volumes of alerts, logs, metrics, and other data at any given time.