As if your detection and response efforts needed any more reminding, the tenuous state of geopolitics has left many security operations teams anxiously anticipating an uptick in attacks targeting Western interests.  And, by the way, that everyday stuff, including vulnerabilities, banking Trojans (hello, Emotet!) and phishing attacks, are still running rampant. Thus the first 2022 installment of the quarterly Google Security Talks, happening March 9, could not be arriving at a better time to help you discover ways to bulk up your organization’s last lines of defense, especially critical as ..read more

[Chris Crowley is a cybersecurity instructor and industry analyst. This is Part 3 of his series of easy-to-use “best practice” documents – a veritable Swiss Army Knife of security operations assets on topics ranging from email writing to shift handoffs to training –  created to help SOC professionals save time on common housekeeping tasks. You can read Part 1 and Part 2 here.] Security operations centers (SOCs) exist to deliver sustained monitoring and response capabilities. Staff members are a core pillar of this mission. Each SOC should have clearly articulated roles and levels for its ..read more

Today, I am excited and proud to announce that Siemplify has been acquired by Google. This marks an important milestone in the Siemplify journey. When co-founders Alon Cohen and Garry Fatakhov and I started Siemplify in 2015, we all knew, from our experience building and training security operations centers from around the world, that security operations was a function in dire need of innovation. Naturally, security orchestration, automation and response (SOAR) as a category did not yet exist, and as is often the case with startups, we had to keep innovating, working with customers and listeni ..read more

Our “holiday” edition of Sitdown gives you the gift of Todd Pigram, who began his IT career in the late 1990s as a laptop repairman. His lengthy tenure in the IT space has truly come full circle, as his role now involves helping to protect those popular endpoints, especially vulnerable in the era of heavy remote work. In addition to learning about his current position, Pigram unwraps his thoughts on the powers of Python, shares his dream encounter with an industry luminary, plus much more! 1) Hi Todd! Thanks for (virtually) sitting down with us. Tell us about where you work, what you do t ..read more

For security professionals, 2021 will conclude with them racing to respond to one of the most grave internet vulnerabilities in recent memory. The Log4Shell vulnerability, an input-validation flaw in the omnipresent Apache logging library Log4j and disclosed by the open-source company on Thursday, exposes  “the world’s most popular applications and services” to remote code execution. Despite an update now available, companies worldwide are already under mass bombardment by attackers exploiting the vulnerability with everything from crypto-mining to ransomware to credential theft (includin ..read more

Within the security operations center, visibility is everything. Being aware of the details of users, assets, known threats, and specific vulnerabilities present across security, network, server, application and database sources allows security operations teams to act quickly and decisively to address possible risks. Here is where Linux and Windows event logs come in, providing that essential observability into the goings-on across your organization’s network and digital footprint. But it is not always easy for teams to know where they should be looking. That’s because your logs are likely cap ..read more

John DePalma, winner of the 2021 Security Engineer of the Year Award at the inaugural SOCstock Awards, joined the hot seat for another edition of “Sitdown With a SOC Star.” DePalma, a security engineer at Sentara Healthcare, describes himself as an “IT security enthusias,t” and after reading this interview, you’ll realize his fondness for protecting things transcends his professional career. Like others who have appeared in this space, DePalma’s career trajectory to his current role was anything but “ordinary,” but, in short, he swapped car engines for computer servers. We’ll explain more in a ..read more

The allure of the cloud is indisputable. Flexibility, reliability, efficiency, scalability and cost savings are tantalizing traits for a business at any time, never mind when most have been catapulted into a colossal work-from-home experiment. According to O’Reilly’s annual cloud adoption survey, nine out of 10 businesses now use cloud computing, with nearly half planning to migrate more than 50 percent of their applications into the cloud in the upcoming year. Amazon Web Services (AWS) is leading the pack, with a recent Vectra AI study reporting that 78% of organizations are running AWS acros ..read more

[Chris Crowley is a cybersecurity instructor and industry analyst. This is Part 2 of his series of easy-to-use “best practice” documents – a veritable Swiss Army Knife of security operations assets on topics ranging from email writing to shift handoffs to training –  created to help SOC professionals save time on common housekeeping tasks. You can read Part 1 here.] Security operations centers exist to delivery sustained monitoring and response capabilities. Well-performed shift handoffs are a part of that operational strategy.  It’s no surprise that longer-duration handoffs will usu ..read more

Amid all the seemingly unending stories about successful ransomware attacks – even my hometown of Middletown, N.J. is among the most recent to fall victim – there are reasons to feel optimistic.  Just in the past several weeks, the internet community united to compile a list of vulnerabilities most commonly used by ransomware attackers to gain initial access. The U.S. Department of Justice indicted two alleged members of the notorious REvil ransomware gang, on the heels of a White House-led summit of more than 30 countries to address the threat, while the BlackMatter ring said it was ..read more