Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

“Computers are bicycles for the mind,” said Steve Jobs once. Security Information and Event Management (SIEM) is biking uphill. Picture this: You cycle hard against the incline and ensure the bike holds up, all the while watching out for incoming traffic in blind turns. The worst part? The bike grinds to a halt when you stop pedaling. You simply can't coast on the steep hill of security operations.

These days the word ‘intelligence’ pops up in any conversation on security. Why is the industry cannot get enough of it? What is the difference between intelligence and information? What is intelligence-led security? Let’s take a look.

Hello all and welcome to the first episode of a new blog series focused on how to prevent WordPress site hacks. In this first post of the series, I will provide videos and articles that will comprise a set of tutorials to show you the ins and outs of building a home lab that will give you the flexibility to test, hack, or learn just about anything in IT.

These days the word ‘intelligence’ pops up in any conversation on security. Why is the industry cannot get enough of it? What is the difference between intelligence and information? What is intelligence-led security? Let’s take a look.

We’re proud to announce a new USM Anywhere App for Box! We use the Box Events API to track and detect detailed activity on Box. This new addition to the set of USM Apps arrives to provide an extra security layer to cloud storage services that many enterprises are outsourcing to Box. Beyond monitoring and data collection, USM offers early detection of critical events and alerting, thanks to event correlation and business intelligence.

In our previous blog, we analyzed how it is possible to map malware threats using the MITRE ATT&CK™ framework. In this blog, we will test the USM Anywhere platform against red team techniques and adversary simulations. We performed this analysis as part of our continuous efforts to improve the platform’s detection effectiveness.

Data is a raw material, which is often unstructured, extracted in massive quantity, and requires processing before calling it an information and actionable intelligence. A good example is the Indicators of Compromise (IoCs). A big list of domain names or IP addresses can be ingested into the SIEM system to identify whether this list contains any malicious IP or not.

In information warfare, the need to develop SIEM architecture has become a crucial factor due to the existence of ever-growing cyber threats and their creators – cyber pests. The SIEM (Security Information and Event Management) presents a broad range of products or services for the purpose of managing security information and security events simultaneously.

Since Active Directory is the foundation of all Windows networks, monitoring Active Directory needs to be part of any comprehensive security strategy. Up to version 3.5, EventSentry utilized Windows auditing and the security event log to provide reports on: User Account Changes, Group Changes and Computer Account Changes.