Operations | Monitoring | ITSM | DevOps | Cloud

SOAR

Automating Security on Your Observability Platform: Cortex XSOAR & Logz.io

Managing a complex microservice-based architecture requires defending multiple endpoints. Automating security covers a vast amount of tools and methodologies, so making sure they all communicate is critical. Additionally, tool sprawl in any aspect of DevOps requires putting automation to good use. The Logz.io Cloud SIEM focuses on identifying threats. To optimize its effectiveness, we have negotiated and built out multiple integrations tying complementary tools together.

Orchestration and Automation Helps Defense, Intelligence Personnel Tackle Higher-Level Tasks

What if you could get your hands on a force multiplier that got rid of the repetitive, routine work that was tying down your team, got more productivity out of your assembled work force, and gave everyone a more challenging, meaningful to-do list that made better use of their knowledge, experience, and passion?

Between Two Alerts: Phishing Emails - Less Ocean, More Aquarium

When we discuss Splunk Phantom with customers here at Splunk, we end up talking about phishing pretty frequently. As discussed in a recent blog post, "Phishing Emails — Don’t Get Reeled In!," phishing is a super common issue that almost everyone deals with ad nauseum. It’s also a nuisance to investigate. The good news is that automation excels at dealing with repetitive, mind-numbing workflows like phishing investigations.

The Easy Guide to Adding COVID-19 Context to Any Process

Recently, my colleagues Ryan Kovar and Lily Lee created TA-covidIOCs, which is a Splunk TA designed for ingesting IOCs related to COVID-19. Per usual, I immediately saw this as an opportunity to hitch a ride on their coattails and benefit from their hard work. The product of this effort is a Splunk Phantom playbook uncreativly titled, "COVID-19 Indicator Check." The playbook is a simple, self-contained set of actions that takes MD5 file hashes, IPs, domains, and URLs as input.

Between Two Alerts: Phishing Emails - Don't Get Reeled In!

Potential attackers are really good at what they do. Security analysts see this firsthand with the amount of phishing emails their organizations see daily. A newly released State of the Phish report reveals that nearly 90% of organizations dealt with business email compromise (BEC) attacks in 2019. End users reported 9.2 million suspicious phishing emails globally for the year.

Security Automation & Orchestration Needs a Unified Platform

Today's Security Operations Centers are inherently at risk. Plagued with skill shortages and increasing incident volume, CISOs need to counteract widespread threats-like phishing, exfiltration, ransomware and lost devices-fast. A unified Security Incident Response Platform helps expedite your response by optimizing processes and empowering your security team.

Accelerating Security Incident Response

It's virtually impossible for today's typical security teams and Security Operation Centers (SOCs) to quickly and accurately respond to the massive volume of threat-related events encountered across their networks and systems. The trajectory of many security operations is unsustainable and alert fatigue is a real concern. What can you and your teams do to better mitigate risk?