ASCERA’s Post

Another quick article, another nitpicking topic. 😄 After onboarding to the unified SIEM & XDR portal, the incident status and history log table gets a rewrite. We need a new approach to distinguish #MicrosoftSentinel and #DefenderXDR incidents.

Enterprise SIEMs cover only 19% of MITRE ATT&CK techniques used by adversaries... 🤯 Think about that. That means 4 out of 5 adversary techniques would go undetected. 📓 Our 4th annual Report on State of SIEM Detection Risk highlights the difficulty that organizations face in building and maintaining effective detection coverage in their SIEM tools. 🙈 Security teams continue to struggle with getting the most out of their SIEM and worse, often falsely believe that they are protected when in reality they are at great risk. 💎 Learn more about this and other SIEM detection trends along with how to measure and improve the detection posture of your existing SIEM – https://lnkd.in/ehXNpq9M

Leverage the power of API transaction logging to strengthen your API governance strategy. API audit logs can help organizations unlock key insights into their API usage and security. However, with the number of APIs deployed in most organizations, implementing gateways is an essential practice to keep your APIs organized and for capturing logs for visibility and security. These logs can be sent into an analytics or SIEM platform and can help ensure compliance with your organization's API governance strategy. 💻 Read our blog to learn how Solsys' SOLACE service can help your organization capture critical data for comprehensive API compliance reporting to empower your API governance and management: https://lnkd.in/ghF_Ziyu

I cannot agree more! Most of the organizations are going with #outOfTheBox rules instead of investing where they truly should! A team of experts to maintain the SIEM in alignment with the #ThreatLandscape of your organization! According to CardinalOps research: - 19% of all MITRE ATT&CK techniques covered, with a potential of 87% if well developed; - 18% of rules will never trigger - misconfigured data, parsing issues, etc... Two issues here, a silent rule can be good and bad... over-firing rules is also not a good thing! that's why you need to constantly test it - 43% of organizations have 2 or more SIEMs - How are you going to correlate events coming on different #SIEM?? At least once a month, you should review threat landscape reports on your organization's industry and most common attack techniques; do a table-top exercise to confirm you have all sensors/devices sending logs to the SIEM and plan running tests (either through a #BAS Breach and Attack simulation tool or grey-box pen-test). And please, stop using out-of-the-box rules, it just overload your SIEM with useless events and high resource consumption

This is an interesting article on how XDR won't solve your SIEM problems. Exabeam has integrations with all EDR/XDR solutions. https://lnkd.in/gMaQGBtP

Large SIEM providers are falling behind in today’s cybersecurity landscape. The good news is that switching vendors is easier than you may think. Learn how to switch to a smarter, AI-driven SIEM in 4️⃣ simple steps. #SIEM #migration

Large SIEM providers are falling behind in today’s cybersecurity landscape. The good news is that switching vendors is easier than you may think.🧑🏽💻 Learn how to switch to a smarter, AI-driven SIEM in 4️⃣ simple steps. #SIEM #migration

Large SIEM providers are falling behind in today’s cybersecurity landscape. The good news is that switching vendors is easier than you may think.🧑🏽💻 Learn how to switch to a smarter, AI-driven SIEM in 4️⃣ simple steps. #SIEM #migration

Large SIEM providers are falling behind in today’s cybersecurity landscape. The good news is that switching vendors is easier than you may think.🧑🏽💻 Learn how to switch to a smarter, AI-driven SIEM in 4️⃣ simple steps. #SIEM #migration

Large SIEM providers are falling behind in today’s cybersecurity landscape. The good news is that switching vendors is easier than you may think.🧑🏽💻 Learn how to switch to a smarter, AI-driven SIEM in 4️⃣ simple steps. #SIEM #migration