%term

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Elastic Security 101

Mar 11, 2021 By Elastic In Elastic

Elastic Security empowers analysts to collect data from multiple data source integrations, perform traditional SIEM functions, and take advantage of machine learning-based malware protection on the endpoint. Analysts can filter, group, and visualize data in real-time while performing automated threat detection across various security events and information. In this video, you’ll learn about the components that make up Elastic Security and what those components do to help you protect your data.

View Video

Elastic

Read more about Elastic Security 101

How to configure your Endpoint Integration policy in Elastic Security

Mar 11, 2021 By Elastic In Elastic

Elastic Security offers the ability to open and track security issues using cases. Cases created directly in Elastic Security can be sent to external systems like Atlassian’s Jira, including Jira Service Desk, Jira Core, and Jira Software. In this video, you’ll learn how to connect Elastic Security to the Jira Service Desk.

View Video

Elastic

Read more about How to configure your Endpoint Integration policy in Elastic Security

Further Tips on our Database Migration to the Azure Cloud Session at MS Ignite 2021

Mar 11, 2021 By Kevin Kline In SolarWinds

I was really stoked to deliver a session at Microsoft Ignite with my long-time friend and fellow Head Geek™, Tom LaRock, on the topic of migrating an on-premises SQL Server database to the Azure cloud. You can watch the session on demand here. In addition, Microsoft MVP and SQL Server expert David Klee provides an excellent recap on each of the major elements Tom and I discussed.

Read Post

SolarWinds

Read more about Further Tips on our Database Migration to the Azure Cloud Session at MS Ignite 2021

Validating Elastic Common Schema (ECS) fields using Elastic Security detection rules

Mar 11, 2021 By Eric Beahan In Elastic

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis. Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process.

Read Post

Elastic

Read more about Validating Elastic Common Schema (ECS) fields using Elastic Security detection rules

What You Need to Know About Server Security in 2021

Mar 11, 2021 By Doug N In Power Admin

How often do you check your event log monitor for potential security breaches? Did you know that many potential security breaches, events, and other problems are logged to event logs? Unfortunately, even the most skilled IT professionals have a hard time making sense of what to watch for that could indicate security issues or even a potential breach until it is too late. Event logs contain a ton of information that can be useful.

Read Post

Power Admin

Read more about What You Need to Know About Server Security in 2021

Next Generation Email Security for Next Generation Threats

Mar 11, 2021 By Pulseway In Pulseway

View Video

Pulseway

Read more about Next Generation Email Security for Next Generation Threats

Ransomware in 2021: What has changed? Detection and mitigation strategy

Mar 10, 2021 By Log360 In ManageEngine

A ransomware attack is a bug that we can’t shake off. Or perhaps, it can even be called a shape-shifter that somehow finds a way into networks, no matter how many armed sentries you’ve deployed in and around your perimeter. The line between ransomware and a data breach is slowly fading. Threat actors prefer ransomware over other modes of attack because they work.

Read Post

ManageEngine

Read more about Ransomware in 2021: What has changed? Detection and mitigation strategy

Detecting and mitigating Apache Unomi's CVE-2020-13942 - Remote Code Execution (RCE)

Mar 10, 2021 By Stefano Chierici In Sysdig

CVE-2020-13942 is a critical vulnerability that affects the Apache open source application Unomi, and allows a remote attacker to execute arbitrary code. In the versions prior to 1.5.1, Apache Unomi allowed remote attackers to send malicious requests with MVEL and OGNL expressions that could contain arbitrary code, resulting in Remote Code Execution (RCE) with the privileges of the Unomi application.

Read Post

Sysdig

Read more about Detecting and mitigating Apache Unomi's CVE-2020-13942 - Remote Code Execution (RCE)

Hafnium Hacks Microsoft Exchange: Who's at Risk?

Mar 10, 2021 By Eric Thomas In logz.io

Microsoft recently announced a campaign by a sophisticated nation-state threat actor, operating from China, to exploit a collection of 0-day vulnerabilities in Microsoft Exchange and exfiltrate customer data. They’re calling the previously unknown hacking gang Hafnium. Microsoft has apparently been aware of Hafnium for a while — they do describe the group’s historical targets.

Read Post