Security Incident and Event Management

Nebulous Security Visibility Needs 3 Vantage Points

Posted on August 21, 2020 by Artur Kane

Most of cybersecurity is based on having visibility of security events and providing protection ranging from preventing the action from being executed as it is being found to alerting the security team of a threat in progress. Endpoint protection, or … Continue reading Nebulous Security Visibility Needs 3 Vantage Points→

Enrich Your SIEM with Real-Time Event Contextualization

Posted on December 19, 2018 by Siddhant Mishra

A sizable portion of security research has gone into creating security alerts that are effective at informing security analysts when certain events happen. For example: more than 50 failed SSH login attempts within 10 seconds from the same IP address … Continue reading Enrich Your SIEM with Real-Time Event Contextualization→

Splunk Brings SOAR to SIEM Platform

Posted on October 5, 2018 by Michael Vizard

Splunk this week at its .conf18 conference deliver on a promise to integrate the security orchestration and automation response (SOAR) technology gained through its acquisition of Phantom with the security information event management (SIEM) platform … Continue reading Splunk Brings SOAR to SIEM Platform→

The Biggest Mistakes to Avoid with Incident Response

Posted on July 1, 2018 by Dave Rickard

Incident response is a critical component to containing and remediating security incidents and events. It can also be an incredibly detailed and difficult process to manage when you’re trying to restore business operations.
The post The Bigg… Continue reading The Biggest Mistakes to Avoid with Incident Response→