The energy industry used to operate on a simple hub-and-spoke model, in which large power plants would produce energy in a centralized location and distribute it out to consumers. Yet as solar, wind, and other small-scale renewable energy sources take hold in the market, that hub-and-spoke model is being replaced by a complex grid of interconnected devices.

An organization can have multiple systems like Active Directory, SharePoint, Oracle, Outlook, Teams or simply web applications and they may have hundreds or thousands of employees or outside organization users that can access these systems. Managing accounts of every user and allowing proper access to their respective system is called Identity and Access Management (IAM).

In the previous blog in this series, we discussed authentication and authorization mechanisms, and how configuring them properly can help secure your databases. In this blog, we’ll talk about how data breaches can be prevented by implementing the principle of least privilege (POLP). According to Verizon’s 2019 Data Breach Investigations Report, insiders account for 76 percent of all compromised database records.

In part one of this two-part blog series, we discussed seven reasons security configurations are an important part of an organization’s security posture. In this part, we’ll look at eight security configurations that can help with ensuring comprehensive control over the endpoints, avoiding vulnerabilities, deploying security configurations, and automating a number of verticals of endpoint security.

What I love about our free and open Elastic SIEM is how easy it is to add new data sources. I’ve learned how to do this firsthand, and thought it’d be helpful to share my experience getting started. Last October, I joined Elastic Security when Elastic and Endgame combined forces. Working with our awesome security community, I’ve had the opportunity to add new data sources for our users to complement our growing catalog of integrations.

New Jersey-based service provider Cognizant is the latest victim of the Maze ransomware attack. This is an unfortunate reality check, proving that hackers don’t stop their calculated, malicious activities for COVID-19. Accordingly, managed service providers (MSPs) are still largely vulnerable to these malicious crimes.

Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.

WMI (Windows Management Instrumentation) is an actual standard to access and/or control Windows components, services and applications. With its query language (resembling the SQL used by many relational databases), WMI allows collecting information from multiple sources, so-called providers. However, this comes at a cost: running WMI query is a resource- and time-consuming operation (comparing to certain alternatives).

The Splunk Security Research Team has been working on new improvements and additions to the Splunk Attack Range, a tool that allows security researchers and analysts to quickly deploy environments locally and in the cloud in order to replicate attacks based on attack simulation engines. This deployment attempts to replicate environments at scale, including Windows, workstation/server, domain controller, Kali Linux, Splunk server and Splunk Phantom server.

AWS security is an ongoing battle that you must address during every release, every change, and every CVE. When you’re first launching your production application, it’s impossible to check all the boxes; you simply don’t have the time. Until your application gets more adoption, you only have the time to do the bare essentials of security.