SIEM

automated response integration cover Giacomo Lanzi

Integration of the automated response: the automations in SOCaaS

The issue of information security is very topical in this historical period characterized by digitization. To protect themselves, businesses and individuals can use a variety of tools that can prevent an attack, but also help manage it. In this article we talk about Automated Response Integration and the automations in the SOCaaS offered by SOD . Although the systems used…

Log Management Cover Giacomo Lanzi

The benefits of good log management

When we talk about log management we refer to a precise process which consists of the centralized collection of data that comes from different operating environments such as: devices, databases, applications and much more. Logs are produced by various system events , many of which are particularly important in the business environment. So let’s see some important details regarding log…

Left of boom cover Giacomo Lanzi

“Left of boom” and “right of boom”: having a winning strategy

When we talk about “left of boom” or “right of boom” we are referring to a concept that may appear superficial. Instead, it is a powerful tool that offers the ability to analyze security conflicts from both a offensive and a defensive perspective. In a hypothetical timeline of an attack, what is left of boom refers to what happens first….

Network Traffic Analyzer Giacomo Lanzi

Network Traffic Analyzer: an extra gear for the Next Gen SIEM

Businesses today have a hard time detecting hackers’ sophisticated intrusion techniques. To stem security problems, you need to use the combination of several elements. These elements are: accurate monitoring of network traffic, user actions and system behavior. The Network Traffic Analyzer tools can analyze and monitor traffic in order to detect anomalies, even the most difficult to identify. At SOD,…

Threat Intelligence Virtual Giacomo Lanzi

What is threat intelligence?

threat intelligence data provides companies with relevant and timely insights they need to understand, predict, detect and respond to cybersecurity threats . Threat intelligence solutions collect, filter and analyze large volumes of raw data related to existing or emerging sources of threats. The result is threat intelligence feeds and management reports. Data scientists and security teams use these feeds and…

data loss prevention data protection Giacomo Lanzi

Data Loss Prevention: definition and uses

data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused or accessed by unauthorized users . DLP software classifies regulated, confidential and business critical data and identifies policy violations defined by organizations or within a predefined policy package. Default policies are typically dictated by regulatory compliance such as HIPAA,…

Logic time bomb Giacomo Lanzi

Logic Bomb: what they are and how to prevent them

A logic bomb, also called slug code , is a piece of code inserted into an application, virus or malware that implements a malicious function after a certain time limit or under conditions specifications. These “bombs” are often used via viruses, worms and Trojans to better manage your time and do maximum damage before you are noticed . They perform…

Monitoring SIEM Analisi dati Giacomo Lanzi

SIEM monitoring: best practices

As the cybersecurity threat landscape becomes increasingly sophisticated, service providers, such as SOD, need to take additional precautions to protect their customers’ networks. An information management system and monitoring SIEM is an excellent choice in this respect. This system, in fact, helps mitigate cybersecurity threats from two different angles, all from a single interface . The SIEM monitoring system collects…

Next Generation SIEM Giacomo Lanzi

Next Generation SIEM: where are we?

SIEM has existed for quite some time, but it is not yet well understood. Also, the fact that technology has evolved significantly in recent years doesn’t help shed some light. Today we see where we are, trying to understand the Next Generation SIEM and the managed systems offered as services that make use of the latest generation SIEM (SOCaaS, for…

SIEM informatica Giacomo Lanzi

SIEM in computer science: history

A SIEM solution in IT is one of the essential components of a SOC (Security Operation Center). Its task is to collect information and analyze it in search of anomalies and possible breaches in the system. But the defense process hasn’t always been that simple. What we now call SIEM, Security Information and Event Management, is the union of two…

SIEM - Raccolta e analisi dei dati Giacomo Lanzi

SIEM software: what it is and how it works

Evolving beyond its roots in log file management, today’s security information and event management (SIEM) software vendors are introducing AI, advanced statistical analysis and other analytical methods into their products. . But what is SIEM software and what are its uses? SIEM software Acronym for Security Information and Event Management, it is a product that provides cyber security professionals in…

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL January 31, 2023
    Posted by Stefan Pietsch on Jan 30# Trovent Security Advisory 2203-01 # ##################################### Micro Focus GroupWise transmits session ID in URL ################################################# Overview ######## Advisory ID: TRSA-2203-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2203-01 Affected product: Micro Focus GroupWise Affected version: prior to 18.4.2 Vendor: Micro Focus, https://www.microfocus.com...
  • APPLE-SA-2023-01-24-1 tvOS 16.3 January 27, 2023
    Posted by Apple Product Security via Fulldisclosure on Jan 26APPLE-SA-2023-01-24-1 tvOS 16.3 tvOS 16.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213601. AppleMobileFileIntegrity Available for: Apple TV 4K (all models) and Apple TV HD Impact: An app may be able to access user-sensitive data Description: This issue was addressed […]
  • [SYSS-2022-047] Razer Synapse - Local Privilege Escalation January 27, 2023
    Posted by Oliver Schwarz via Fulldisclosure on Jan 26Advisory ID: SYSS-2022-047 Product: Razer Synapse Manufacturer: Razer Inc. Affected Version(s): Versions before 3.7.0830.081906 Tested Version(s): 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation (CWE-295) Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02 Solution Date: 2022-09-06 Public Disclosure:...
  • [RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin January 26, 2023
    Posted by RedTeam Pentesting GmbH on Jan 26RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript […]
  • t2'23: Call For Papers 2023 (Helsinki, Finland) January 24, 2023
    Posted by Tomi Tuominen via Fulldisclosure on Jan 23Call For Papers 2023 Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for rain or slush. In […]
  • Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm January 24, 2023
    Posted by Marco Ivaldi on Jan 23Hello again, Just a quick update. Mitre has assigned the following additional CVE IDs: * CVE-2023-24039 - Stack-based buffer overflow in libXm ParseColors * CVE-2023-24040 - Printer name injection and heap memory disclosure We have updated the advisory accordingly: https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt Regards, Marco
  • APPLE-SA-2023-01-23-8 Safari 16.3 January 24, 2023
    Posted by Apple Product Security via Fulldisclosure on Jan 23APPLE-SA-2023-01-23-8 Safari 16.3 Safari 16.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213600. WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with […]
  • APPLE-SA-2023-01-23-7 watchOS 9.3 January 24, 2023
    Posted by Apple Product Security via Fulldisclosure on Jan 23APPLE-SA-2023-01-23-7 watchOS 9.3 watchOS 9.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213599. AppleMobileFileIntegrity Available for: Apple Watch Series 4 and later Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened […]
  • APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3 January 24, 2023
    Posted by Apple Product Security via Fulldisclosure on Jan 23APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3 macOS Big Sur 11.7.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213603. AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling […]
  • APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 January 24, 2023
    Posted by Apple Product Security via Fulldisclosure on Jan 23APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: […]

Customers

Newsletter