Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Elastic Infosec Detections and Analytics team is responsible for building, tuning, and maintaining the security detections used to protect all Elastic systems. Within Elastic we call ourselves Customer Zero and we strive to always use the newest versions of our products.

Our mission is to create a force multiplier for SOC teams and security analysts so they can reduce the time to verdict or judgment while triaging new Insights. At Sumo Logic, we take a different approach than other SIEM solutions. We don’t just create alerts and leave the analyst to gather other artifacts to gain context. We associate and group alerts, or what we call Signals, to an Entity (IP, User, Hostname, etc...).

The move to modernize security operations to keep up with the proliferation of complex, highly ephemeral apps and infrastructure has become more daunting than ever with the added explosion of remote work and the resulting acceleration of lift-and-shift and hybrid-cloud initiatives.

​​In an age of big data and connected devices, security information and event management (SIEM) is one of the key priorities for businesses of all sizes. At a time when data is everywhere, and cyber threats are growing, security information and event management is more important than ever. This is where information management meets security as companies seek to manage their incident response, compliance requirements, security, and analytics.

Devo’s strong relationship with Amazon Web Services (AWS) recently expanded to include our participation in the AWS ISV Workload Migration Program. This is important to cloud developers, DevOps engineers, solution architects (particularly cloud SAs), and cybersecurity architects working at organizations ready to transition their data to the cloud.

It’s not every day that you get four CTOs of leading Cloud companies in a discussion about security, the changing role of the security operations center (SOC), and how best to manage data, artificial intelligence(AI), and service providers in these challenging times. To close out the 2021 Modern SOC Summit, Christian Beedgen, Sumo Logic’s CTO, hosted a discussion with Peter Silberman, CTO at Expel.io, Scott Lundgren, CTO at Carbon Black, and Todd Weber, the CTO at Optiv.

Members of the cybersecurity industry — including the Devo team — are gathering this week for the annual Black Hat USA conference in Las Vegas. Some will be present in person. Many others will participate virtually due to travel issues related to the pandemic. In either case, the latest edition of Black Hat, and its home city, have me thinking about cybersecurity and… gambling.

What is it about Devo that enticed you to join the company? If you look at my history, you’ll quickly realise I am passionate about two things: data and cybersecurity. One other passion that is not widely known is that I am a bit of a graph-processing fanatic. Solving problems in the modern security landscape isn’t just about collecting loads of data — which Devo does well — but how you can turn that data into actionable intelligence.

Deploying a SIEM requires strategic planning. When deciding on a deployment, an organization must consider the level of risk it is willing to assume, what its security priorities are, and which use cases to implement. From there, your security operations team must thoughtfully identify their inputs — the data the SIEM solution will gather — before rolling out anything. Otherwise, you won’t obtain your desired outputs to identify high-fidelity alerts to act on.