Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company or product can detect all of them. Organizations must prioritize their coverage of vulnerabilities that they determine will have the biggest impact.

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response commander, etc.) means that this is an area where the field of knowledge is intimidating because it’s so expansive.

This blog post is one in an occasional series about how we at Elastic embrace our own technology. The Elastic InfoSec team is responsible for securing Elastic and responding to threats. We use our products everywhere we can — and for more than just logs. By harnessing the power and breadth of capabilities of the Elastic Stack, we are working on tracking risk and performance metrics, threat intelligence, our control framework, and control conformance information within Elastic.

Historically, common detection methods have used file hashes (MD5, SHA1, and SHA256)—unique signatures based on the entire contents of the file—to identify malware. Modern threat actors have increased in sophistication to a point where every instance of a given malware will have a different hash, and that hash will vary from machine to machine.

As part of digital transformation, the adoption of a wide range of devices for work is on the rise. A unified endpoint management (UEM) solution is capable of enforcing management policies and configurations, as well as securing endpoints. In a previous blog, we reviewed the capabilities of a good UEM solution. In this instalment, we look at UEM security features.

Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component of this is trying to get as far as you can without alerting the defenders to what you’re doing.

The California Consumer Protection (CCPA) act took effect on January 1, 2020, and companies across the globe are scrambling to get their act together to avoid non-compliance penalties. Although enforcement of the CCPA doesn’t officially begin until July 2020, the California Attorney General’s office will still be able to penalize violations that occurred between implementation on January 1 and official enforcement in July.

What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs recovery. As noted on Wikipedia, it becomes “the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.”