In case you missed the Office of Management and Budget (OMB) (memo M-21-31), Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents, let me provide you the information that you need to know if you are in the federal government.
For those who have played our Boss of the SOC competition or attended our security workshops, you are undoubtedly aware of Frothly, but in case you are not, here is a quick primer. Frothly is a fictional brewing supply company based in San Francisco who has successes and challenges, just like any other organization.
An indicator of compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached. The ability to monitor for indicators of compromise is critical to a comprehensive cybersecurity strategy, bringing improved detection accuracy and speed, along with faster remediation times.
Deploying a next-gen cloud-native security information and event management (SIEM) in your security operations center (SOC) is a big step in the right direction toward significantly improving your organization’s security capabilities. But once you have that state-of-the-art SIEM in your SOC, how do you get the most out of it? One key step is building and executing specific SIEM use cases designed to meet the particular needs of your organization.
Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.
The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.