Deploying a next-gen cloud-native security information and event management (SIEM) in your security operations center (SOC) is a big step in the right direction toward significantly improving your organization’s security capabilities. But once you have that state-of-the-art SIEM in your SOC, how do you get the most out of it? One key step is building and executing specific SIEM use cases designed to meet the particular needs of your organization.
Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.
Defending against security threats is a full-time job. The question is: Whose job is it? Our cybersecurity landscape is in constant flux, with more users having increased access to corporate data, assets, APIs, and other entry points into the organization.
The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.
For the past 10-plus years, cybersecurity solutions have been innovating rapidly to thwart new threats. But as they solved security challenges, new ones constantly emerged — especially as organizations continue to expedite their digital transformation efforts and shift to the cloud.
Technology companies love abbreviations and acronyms. Starting with what’s probably the original tech company, International Business Machines (better known as IBM), initials, abbreviations and acronyms continue to dominate the personal computer (PC), telecommunications (telco), security operations (SecOps), and many other tech industries.
Security analysts know this situation well: inundated by alerts, alternating between 10 different security tools, and feeling the pressure of responding to each and every threat. It’s typically around this point that SOC teams realize it’s humanly impossible to process the amount of data that needs to be processed, and they should start looking for a solution. Gretchen White, Chief Information Security Officer at Minnesota Judicial Courts, experienced this firsthand.
