Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cato networks

Cato XDR: Finally, A Tool Built by People Who Actually Read the Logs!

Feb 27, 2025 By Shani Kurtzberg In Cato Networks
Ever feel like some tools are designed by people who’ve never had to use them? Like those public restroom hand dryers that leave your hands wetter than before, or CAPTCHAs that make you question if you even know what a bicycle looks like—it’s like a bad joke at our expense. In the 2022 Devo SOC Performance Report, questions were raised about the biggest challenges faced by security operations center (SOC) teams.
Read Post

Keeping Secrets Out of Logs: Building a Robust Defence Against Log Leaks

Feb 27, 2025 By GitGuardian In GitGuardian
Ever found sensitive data in your logs? You're not alone - even tech giants like Google and Facebook have faced this challenge. Watch this actionable webinar on keeping secrets out of logs featuring our special guest speaker, Allan Reyes. �������� ������'���� ����������: No theoretical fluff - just practical solutions that you can start using tomorrow. Perfect for security engineers, developers, and tech leads who want to sleep better at night knowing their logs aren't accidentally exposing sensitive data.
View Video
splunk

What Is a Watering Hole Attack? Detection and Prevention

Feb 25, 2025 By Muhammad Raza In Splunk
We already know that cybercriminals exploit the weakest link in your IT networks. The best defense against these exploits comes down to safeguarding the most vulnerable entry points. But what if the weakest link in your cybersecurity defense lies beyond your IT network itself?
Read Post
graylog

The Ultimate Guide to Sigma Rules

Feb 18, 2025 By Jeff Darrington In Graylog
In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.
Read Post

Access your data with Federated Analytics for Amazon Security Lake with Splunk, AWS, and Accenture

Feb 18, 2025 By Splunk In Splunk
Federated Analytics gives organizations the full power of Splunk extended to data stored in Amazon Security Lake. Trusted partners like Accenture are helping bring these new capabilities to life at organizations around the world.
View Video
splunk

Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time

Feb 18, 2025 By Michael Haag In Splunk
Windows permission misconfigurations remain a common attack vector in enterprise environments. Attackers consistently leverage these misconfigurations for privilege escalation, with Security Descriptor Definition Language (SDDL) emerging as a blind spot. From LockBit's manipulation of event log permissions to RomCom's exploitation of Task Scheduler vulnerabilities (CVE-2024-49039), SDDL misconfigurations have become a prime target for sophisticated attacks.
Read Post
graylog

Using MITRE ATT&CK for Incident Response Playbooks

Feb 14, 2025 By Jeff Darrington In Graylog
A structured approach to incident response enables you to create consistently repeatable processes. Your incident response playbook defines responsibilities and guides your security team through a list of activities to reduce uncertainty if or when an incident occurs. MITRE ATT&CK Framework outlines the tactics and techniques that threat actors use during different stages of an attack.
Read Post
graylog

Adversary Tradecraft: A Deep Dive into RID Hijacking and Hidden Users

Feb 12, 2025 By Graylog Security In Graylog
Researchers at AhnLab Security Intelligence Center (ASEC) recently published a report on the Andariel threat group, a DPRK state-sponsored APT active for over a decade, that has been leveraging RID hijacking and user account concealment techniques in its operations to stealthily maintain privileged access to compromised Windows systems.
Read Post
graylog

Using Streaming Data for Cybersecurity

Feb 10, 2025 By Jeff Darrington In Graylog
After a long day, you sit down on the couch to watch your favorite episode of I Love Lucy on your chosen streaming platform. You decide on the episode where Lucy can’t keep up with the chocolates on the conveyor belt at the factory where she works. Without realizing it, you’re actually watching an explanation of how the streaming platform – and your security analytics tool – work. Data streaming is the real-time processing and delivery of data.
Read Post
splunk

Autonomous Adversaries: Are Blue Teams Ready for Cyberattacks To Go Agentic?

Feb 7, 2025 By Ryan Fetterman In Splunk
2024 was a year of incredible progression for Artificial Intelligence. As large language models (LLMs) have evolved, they have become invaluable tools for enriching the capabilities of defenders – instantly providing the knowledge, procedures, opinions, visualizations, or code any given situation demands. However, these same models provide outputs that enable even low-sophistication attackers to uplift their own skill-levels.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.