Posted by Lydia Dwyer on Apr 25, 2018

Whether you already have a SIEM in place that’s not providing value or you’re looking for your first SIEM solution, we’ve put together a list of five things you should be sure to look for in your next SIEM solution. All too often, organizations purchase expensive SIEM technology without considering all the aspects necessary to make the SIEM deployment successful. The technology alone will end up as shelfware if you don’t have the trained staff to deploy and manage the solution, and a 24x7 SOC team to monitor and respond to potential incidents. It’s also important to integrate the SIEM into your overall security program and have a thorough plan for how you will respond to incidents. The combination of people, process, and technology are the key to a successful SIEM implementation that will help your organization reduce risk, prevent data breaches, and be compliant. Here are five things to look for in your next SIEM solution:

Posted by Trevan Marden on Apr 25, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Amazon DNS service server hijacked for $152,000 Ether theft - CyberScoop
• Yahoo! fined! $35m! for! covering! up!massive! IT! security! screwup! - The Register
• Closing the Gaps that Result in Compromised Credentials - SecurityWeek

Posted by Trevan Marden on Apr 24, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• New hacks siphon private cryptocurrency keys from airgapped wallets - Ars Technica
• What You Need to Know About GDPR Breach Disclosure, Response - Bank Info Security
• Tech support scams are on the rise, up 24%, warns Microsoft - CSO
• 'Orangeworm' Cyberspies Target Healthcare Sector in US, Europe, Asia -SecurityWeek

Posted by Trevan Marden on Apr 23, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• When you go to a security conference, and its mobile app leaks your data - Ars Technica
• UK Teen Who Hacked CIA Chief Gets Two-Year Prison Term - Security Week
• The Role of KPIs in Incident Response - DarkReading

Posted by Trevan Marden on Apr 20, 2018

If you are thinking of buying a managed detection and response (MDR) service, then you already know how these services can help your organization achieve security and compliance while reducing costs. These services can help by extending your team and offloading certain tasks related to security monitoring to a third-party, freeing up your team to better focus their efforts. But do you know what to look for in managed detection and response vendors? What sets some providers apart from others? Here are four important items to consider when buying an MDR:

Posted by Trevan Marden on Apr 20, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• PCI Council releases vastly expanded cards-in-clouds guidance  - The Register
• Two incident response phases most organizations get wrong - CSO
• Facebook moves to shrink its legal liabilities under GDPR - TechCrunch

Posted by Trevan Marden on Apr 19, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• TaskRabbit CEO posts statement as its app returns following a cybersecurity breach - TechCrunch
• U.S. UK Government Say Russia Increasing Infrastructure Attacks - eWeek
• A Sobering Look at Fake Online Reviews - Krebs on Security

Posted by Trevan Marden on Apr 18, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Nation state hackers attempted to use Equifax vulnerability against DoD, NSA official says - CyberScoop
• DHS Secretary Says U.S. Will Respond to Nation-State Cyber-Attacks - eWeek
• Prosecutors hand over terabytes of evidence in case against Russian charged with LinkedIn breach - CyberScoop
• Facebook Admits to Tracking Non-Users Across the Internet - SecurityWeek

Posted by Joseph Murphy on Apr 17, 2018

If you watched Zuck testify in Congress in early April 2018, you could feel the nation’s mindset around security and data privacy shifting in a positive direction. The people not in the security community learned that even when they think they’re protecting their data, they’re not. They might be asking themselves, what can I do to protect my data online? Delete my Facebook? Throw my cell phone into the abyss? Close my bank account? Then, you realize, we’d be lost without these life lines.

Posted by Trevan Marden on Apr 17, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Intel, Microsoft to use GPU to scan memory for malware - Ars Technica
• Windows 10 will soon get passwordless logins with Yubico’s Security Key - TechCrunch
• To Patch Or Not To Patch? Surprisingly, That Is The Question - Forbes
• Ransomware, healthcare and incident response: Lessons from the Allscripts attack - CSO