Can security devices (e.g. Snort, Splunk, WAFs, etc.) generate alerts when they aren’t working as designed?

APRA’s CPS 234 regulation section 56 states:

An APRA-regulated entity would typically deploy appropriate
information security technology solutions which maintain the security
of information assets. Examples include firewalls, network acce… Continue reading Can security devices (e.g. Snort, Splunk, WAFs, etc.) generate alerts when they aren’t working as designed?

Maximize ROI with Greater Efficacy Using Unsupervised AI

Within the first 24 hours after deployment, MixMode had enabled the government entity to regain control over the security environment and network data infrastructure. No longer limited to log data analysis, they were able to identify and address real-t… Continue reading Maximize ROI with Greater Efficacy Using Unsupervised AI

How Self-Supervised AI Tackles Ambiguity in Network Security

Cybersecurity vendors promise the moon when it comes to AI. As the recent TechRepublic article, “Why cybersecurity tools fail when it comes to ambiguity,” makes clear, often, these promises fail short in real world network environments.
The post How Se… Continue reading How Self-Supervised AI Tackles Ambiguity in Network Security

What config files and logs files of a Linux system (CentOS 7) deserve to be monitored by a SIEM?

I am not a security expert (I am more a software developer) and I am working on a project related to a SIEM installation (Wazuh). This installation is only a demo for a customer, in a second time a real scenario project will be implemented… Continue reading What config files and logs files of a Linux system (CentOS 7) deserve to be monitored by a SIEM?

The Hidden Costs and Challenges of Log Data Storage Using a SIEM

Ultimately, MixMode found, the log-based SIEM approach resulted in five times the amount of data that needed to be stored, a cost that was passed along to the government entity.
The post The Hidden Costs and Challenges of Log Data Storage Using a SIEM … Continue reading The Hidden Costs and Challenges of Log Data Storage Using a SIEM

How a Government Entity Switched to MixMode and Decreased Data Storage Costs by 50%

Data is the beating heart of every modern organization, but it’s only valuable when it’s accessible, understandable, and most importantly, protected.
The post How a Government Entity Switched to MixMode and Decreased Data Storage Costs by 50% appeared … Continue reading How a Government Entity Switched to MixMode and Decreased Data Storage Costs by 50%

2021: The Year SOCs Embrace Cybersecurity Convergence

Staying on top of cybersecurity risk can feel like a losing battle in today’s modern, hyperconnected reality. The influx of IoT devices and increased reliance of BYOD devices has created a diverse, complex threatscape rife with overlapping vulnerabilit… Continue reading 2021: The Year SOCs Embrace Cybersecurity Convergence

Why Responding to a Cyber Attack with a Traditional SIEM Leaves You Vulnerable

An enterprise’s inability to detect cyber attacks has tangible effects on its productivity and profitability. Various reports have noted a correlation between the time it takes to spot an intrusion and the cost of recovery.
The post Why Responding to a… Continue reading Why Responding to a Cyber Attack with a Traditional SIEM Leaves You Vulnerable

Misconceptions of the SOAR “Playbook”

Most customers are surprised to learn that SOAR platforms rely on invoking 3rd party technologies, including next-generation firewalls and endpoint protection platforms via traditional API calls to isolate and quarantine malicious threats and users.
Th… Continue reading Misconceptions of the SOAR “Playbook”