The Logz.io Cloud SIEM team is excited to announce a new free trial! You’ll be able to ship 1 GB of security events per day for 21 days. Cloud SIEM makes it easy to centralize, prioritize, and investigate security events, so you can respond to threats faster than ever. Check out this short demo video to see how it works. Sound interesting? Check out the instructions for our 21 day free trial below!

I was really stoked to deliver a session at Microsoft Ignite with my long-time friend and fellow Head Geek™, Tom LaRock, on the topic of migrating an on-premises SQL Server database to the Azure cloud. You can watch the session on demand here. In addition, Microsoft MVP and SQL Server expert David Klee provides an excellent recap on each of the major elements Tom and I discussed.

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis. Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process.

How often do you check your event log monitor for potential security breaches? Did you know that many potential security breaches, events, and other problems are logged to event logs? Unfortunately, even the most skilled IT professionals have a hard time making sense of what to watch for that could indicate security issues or even a potential breach until it is too late. Event logs contain a ton of information that can be useful.

A ransomware attack is a bug that we can’t shake off. Or perhaps, it can even be called a shape-shifter that somehow finds a way into networks, no matter how many armed sentries you’ve deployed in and around your perimeter. The line between ransomware and a data breach is slowly fading. Threat actors prefer ransomware over other modes of attack because they work.

At Sumo Logic, our belief is that security operations is no longer a human scale problem. We need tools and technologies to aid our defenders and responders to be able to process, investigate and respond at machine speed. Our vision for modernizing security operations to deal with threats at machine scale has always encompassed more than just SIEM.

CVE-2020-13942 is a critical vulnerability that affects the Apache open source application Unomi, and allows a remote attacker to execute arbitrary code. In the versions prior to 1.5.1, Apache Unomi allowed remote attackers to send malicious requests with MVEL and OGNL expressions that could contain arbitrary code, resulting in Remote Code Execution (RCE) with the privileges of the Unomi application.

Microsoft recently announced a campaign by a sophisticated nation-state threat actor, operating from China, to exploit a collection of 0-day vulnerabilities in Microsoft Exchange and exfiltrate customer data. They’re calling the previously unknown hacking gang Hafnium. Microsoft has apparently been aware of Hafnium for a while — they do describe the group’s historical targets.

In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.

CIS (Center for Internet Security) is a non-profit organization that aims to develop a best practice in relation to cyber security. The CIS benchmarks have been adopted by many organizations as the standard against which to measure their systems.