In this review, we explored the recently released LogRhythm CloudAI, which provides user-focused behavioral analysis built into LogRhythm. CloudAI encompasses a robust NextGen SIEM solution to extend recognition of user threats. LogRhythm’s application of user and entity behavior analytics (UEBA) capabilities can significantly enhance a traditional event management and security analytics tool set to monitor behaviors tracked over time, alerting analysts to unusual events or patterns of events.
LogRhythm now integrates user directories into the data sources it accepts for security analytics, allowing us to monitor activities from specific users over time and flag unusual or abnormal account activity. This new monitoring and alerting functionality is built right into the LogRhythm console, making it easy to create cases, add evidence and track events just as before, but with additional focus and filtering based on user activities and trends. Overall, we found the product easy to use, and with the fully integrated GUI, we found the tool’s self-learning capabilities to be very helpful for hunting, searching and detecting new events.View whitepaper
MITRE ATT&CK1 is an open framework and knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack beh ...
Organisations should think of security operations as a critical business process. Effective security operations are the first line of defence when it comes to preventing cyberattacks. To accomplish this, organisations need mature programs that leverage people, process and technology to rapidly detect and respond to sophisticated attacks.
Yet some organisations struggle with the overall effectiveness of their security operations. They also lack the basis for measuring the effectiveness and maturing capabilities. A mature security operation e ...
The news headlines are replete with stories of devastating data breaches,
compromising the personal and professional data of millions. Cyber attackers
spare no industry, infiltrating the assets of even the most sophisticated
technology adopters, in turn impacting their executives, employees, and
perhaps worst of all — customers and users.
The answer lies not in changing the motives of bad actors, but rather,
in the advanced techniques that help them evade traditional methods
of system protection. Traditional AV solutions, which adopt a ...
The Cylance 2017 Threat Report offers valuable analysis on the current state of cybersecurity. The information provided in the report is unavailable anywhere else. This Cylance® study includes research and information drawn from internal data and feedback provided by Cylance customers. The report offers considerable insights into recent threat trends and related security issues.
Some key findings of this report merit further discussion. These conversations represent an opportunity to dig deeper into the implications of current security stra ...
By focusing on frequent code integration, automated testing, and keeping
the mainline code version in a state that is deployable to production at any
time, CI/CD aims to eliminate the risks and friction of traditional waterfall
software development. Add to that the practice of continuous deployment
and you can move to a situation where the latest and greatest software version
is not just always ready to be deployed—it’s deployed on a frequent basis. ...
Passwörter stellen schon lange eine Herausforderung für die Cybersicherheit am Arbeitsplatz dar....