As networks become more distributed and complex, it’s becoming ever more challenging for IT professionals to track all the events happening on their networks. Still, it’s vitally important to do so—logging activity on an agency’s network is critical to determining who’s on the network, what applications they’re using, and whether those applications can compromise the network and user data.

At Elastic, we believe in the power of open source and understand the importance of community. By putting the community first, we ensure that we create the best possible product for our users. With Elastic Security, two of our core objectives are to stop threats at scale and arm every analyst. Today, we’re opening up a new GitHub repository, elastic/detection-rules, to work alongside the security community, stopping threats at a greater scale.

A few years ago I wrote a blog article about the zero-trust network security model and why I thought it was something every organization should be thinking about implementing. While I still believe that to be true—probably more true than ever, in fact—the landscape since then has changed a great deal, particularly because of the increase in cloud-based services, and zero-trust is now an extremely achievable goal.

Today’s modern deployment pipeline is arguably one of the most important aspects of an organization’s infrastructure. The ability to take source code and turn it into a production application that’s scalable, reliable and highly available has become an enormous undertaking due to the pervasiveness of modern application architectures, multi- or hybrid-cloud deployment strategies, container orchestration and the leftward movement of security into the pipeline.

Very few things available online are truly free of cost. If you don’t pay with cash, chances are you are paying with your personal information or other data. The Chrome web store is filled with free extensions that users install on their browsers to enhance their online experience. However, more and more of these extensions are being discovered and removed from the store due to their malicious intent.

The Australian Cyber Security Centre (ACSC) recently published an advisory outlining tactics, techniques and procedures (TTPs) used against multiple Australian businesses in a recent campaign by a state-based actor. The campaign — dubbed ‘copy-paste compromises’ because of its heavy use of open source proof of concept exploits — was first reported on the 18th of June 2020, receiving national attention in Australia.

SIEM (Security Information and Event Management) is a kind of software whose purpose is to provide organizations and corporations with useful information. “About what?” you may wonder. Well, about potential security threats related to your business networks. SIEM does this through data collation and by prioritizing all kinds of dangers or threats. In general, we already answered the question “what is SIEM?”, but how does it do it?