Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you haven't heard the gospel of risk-based alerting (RBA) in a SIEM context, by the end of this sermon you'll see why you’ll want it running in your environment yesterday, whether you're an analyst, an engineer, or in leadership.

That’s right all, it’s time for the latest MITRE Engenuity ATT&CK® evaluation. As we have come to expect each year, Elastic — along with other security vendors — are evaluated by MITRE Engenuity, a tech foundation that brings MITRE research to the public. The evaluation focuses on emulating techniques from the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to assess vendor protection capabilities.

Cyberattacks are fast becoming a part of our daily lives. Multiple sources such as Norton Security and Forbes suggest that since the pandemic, attacks are not only increasing in number, but they are becoming more targeted and sophisticated. The attackers using Ransomware as a Service and double extortion techniques are prime examples of how sophisticated attacks are becoming these days. Norton Security states that there are more than 2,200 cyberattacks on a daily basis.

Editor’s note: Latest update, April 6, 2022, 7:30 p.m. U.S. EDT — This post now includes an example query to aid SOC teams in generating alerts for their specific WAF data sources. See the section “Create New Web Application Firewall (WAF) Rules” for details. A critical zero-day vulnerability in Java’s popular Spring Core Framework is being actively targeted, according to multiple reports submitted to Bleeping Computer.

The era we live in requires the digitalization of all subjects interacting with people, from giant companies to small-scale organizations. It is unquestionable that this trend has made significant contributions to the data collection process. But the larger the volume of data collected, the greater the risk of a security breach. For this reason, it is essential to control the security and transparency of personal data.

Cyberthreats continue to evolve, causing trillions of dollars in losses. There will be a 76% increase in cybersecurity breaches by 2024, according to StealthLabs. A report by IBM states that it took an average of 287 days to identify and contain a data breach in 2021. According to Verizon’s 2020 Data Breach Investigations Report, 86% of cybersecurity breaches were financially motivated, and 10% were motivated by espionage.

As revealed in the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work. To combat the concerns the survey identified, it’s important for SOCs to refine how they operate.

Financially motivated adversary groups executing ransomware attacks have rightfully gotten our attention in recent years. Similar to Lulzec, there’s a new group catching attention with different motivations, targeting larger organizations.

Building an in-house security operations center represents a significant commitment, both financially and strategically, to securing your enterprise. According to the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — 73% of respondents said their SOC was “very important” or “essential” to their organization’s overall cybersecurity strategy.