About Us

Codenotary expanded immudb to store SOC and SIEM data 

Codenotary has announced that it will be extending its immudb technology to store Security Operations Center (SOC) and Security Information and Event Management (SIEM) data with cryptographic verification. 

immudb is a decentralized database that uses cryptographic techniques to ensure the integrity and immutability of data. It allows users to store and retrieve data with confidence, knowing that it has not been tampered with. The extension of immudb to SOC and SIEM data will allow organizations to store this critical data in a secure and tamper-proof manner. 

Moshe Bar, CEO of Codenotary, the primary contributor to the open source immudb project said, “It’s important to store logs and events data and know that it can be trusted in six months, one year, or even five years from now, which is essential in the event of a security issue discovery and then audit and forensic analysis to go back in time to understand what happened and when. 

From our experience, it’s not uncommon to have enterprise SOC platforms tracking 100,000 events per second or more. “ 

SOC and SIEM data are crucial for organizations to detect and respond to security threats and incidents. These systems generate vast amounts of data that must be collected, analyzed, and stored in a secure manner. By using immudb to store this data, organizations can have confidence that the data has not been altered or manipulated in any way. 

The cryptographic verification provided by immudb is an important security feature for SOC and SIEM data. It allows organizations to verify the authenticity of the data and ensure that it has not been tampered with. This is especially important in the case of incident response, where it is crucial to have accurate and reliable data in order to effectively respond to a security threat. 

The use of immudb for SOC and SIEM data also has the added benefit of decentralization. Decentralization means that the data is not stored in a single location, but rather is distributed across a network of nodes. This makes it much more difficult for an attacker to compromise the data, as they would have to attack multiple nodes in order to have any chance of success. 

Overall, the extension of immudb to SOC and SIEM data is a significant development for organizations looking to secure their critical data. By using immudb, organizations can store their data with confidence, knowing that it is secure and tamper-proof. This is an important step towards improving the security and reliability of SOC and SIEM systems and will help organizations to better protect themselves against cyber threats. 

Delinea released DevOps Secrets Vault enhancements

Delinea released the most recent version of its high-speed vault for DevOps and DevSecOps teams, DevOps Secrets Vault. In an effort to speed up development and increase visibility, the newest Mac computers are now supported for development and automation for improved secret management usability.  

Jason Michell, SVP of Engineering at Delinea “The exponential growth of machine identities as applications are modernized and architected as micro-services continues to place organizations at increased risk. Delinea’s ongoing focus on making security seamless for developers is reflected in these recent enhancements, enabling them to use DevOps Secrets Vault to dynamically insert credentials in their code, in line with security best practices.” 

For developers using Macs, it offers expanded support with the addition of support for the M1 chip, developers writing code on the most recent Macs can now take advantage of the command line interface (CLI) and DSV Engine (an agent supporting database dynamic secrets) of DevOps Secrets Vault. Delinea continues to remove the friction that frequently occurs when securing sensitive secrets and credentials, particularly in hectic DevOps environments, by building on its focus on seamless usability. 

The friction between DevOps teams is constantly being reduced. Continuous usability and flexibility improvements are made to both the CLI and the graphical interface, enabling developers to work without interruption in their preferred interface with their preferred tools and assisting businesses in lowering the risk of credentials being compromised. 

In both interfaces, new features have been added, for improved Security Information and Event Management (SIEM) functionality support along with an approved ansible plugin for use with ansible automation Hub and additional authentication techniques. 

What is SIEM?

SIEM systems are the focal point of the IT environment that security analysts are defending. SIEM systems centralize the collecting of security data from all relevant data sources, storing a wealth of information that may be utilized to obtain insight into real-time events and processes.

SIEM (Security Information and Event Management) is a monitoring and analytical system for security and auditing. SIEM technology combines log data, security alerts, and events into a single platform for real-time security monitoring analysis. SIEM is becoming a mainstream security technique because of the recent increase in cyber-attacks, as well as the tighter security requirements that enterprises are forced to follow.

As said mostly, SIEM is a security solution that assists enterprises in identifying potential security threats and vulnerabilities prior to their disrupting company operations. It detects anomalous user behavior and uses artificial intelligence to automate many of the manual processes associated with threat detection and incident response, and it has become a standard in today’s Security Operation Centers (SOCs) for security and compliance management use cases.

SIEM has evolved over time to become more than the log management systems that came before it, according to InfosecurityOutlook. It’s all because of the power of AI and machine learning, SIEM now enables advanced user and entity behavior analytics (UEBA). It’s a powerful data orchestration solution for dealing with constantly changing risks, as well as regulatory compliance and reporting.

SIEM software gathers log and event data from applications, devices, networks, infrastructure, and systems to do analysis and provide a comprehensive perspective of an organization’s information technology (IT).

The following are some of the key components of the SIEM solution:

Open and scalable architecture: Ability to consolidate data from multiple systems, including on-premises, cloud, and mobile, into a single entity.

Real-time visualization tools: Tools that assist security teams in visualizing linked security events to appropriately depict threat incidents.

Big Storage: Capability to collect and manage massive, complicated data sets for indexing and organized and unstructured search.

User and entity behavior analytics (UEBA): A solution for tracking behavioral changes in user data and detecting anomalies when patterns deviate from “normal.”

SOAR (security, orchestration, and automation response): Technology that automates regular, manual analyst operations throughout the incident response workflow to boost operational efficiency.

This solutions can be installed on-premises or in the cloud. SIEM leverages rules and statistical correlations to produce actionable information during forensic investigations by analyzing all data in real-time. This technology evaluates all data, categorizing threat behavior by risk level to assist security teams in promptly identifying malicious actors and mitigating cyber-attacks.

SIEM is being implemented by organisations to protect their environments and to comply with an increasing number of compliance types. The next logical step once a company has accepted the necessity for SIEM is to design the technological implementation.

Microland And Securonix Formed Partneship To Deliver State-Of-The-Art Managed SOC Solutions

Microland, a worldwide leading firm in digital transformation services, announced a strategic partnership with Securonix, a provider of Next-Gen SIEM platforms to enhance its managed Security Operations Center offering. The collaboration would enable businesses to gain from advanced artificial intelligence-based solutions to detect and eliminate threats in a world where data theft is on the rise and data protection is becoming increasingly difficult due to a highly complex security landscape.

“Microland advocates a Cyber Resiliency First approach to defend enterprise critical assets and a strategic partnership with Securonix, a Gartner Magic Quadrant leader, is a significant milestone. It reiterates our commitment to providing a Modern Managed SOC with behavior analytics, powered by the elastic Securonix cloud, with ADR – true open XDR Architecture,” said Robert Wysocki, SVP & Global Client Solutions Leader, Cybersecurity, Microland.

Microland provides a 24 x 7 SOC-as-a-Service solution that tracks and records the organization’s expanding digital footprint, contextualises the value of data assets, inspects the IT estate for cyber threats, and protects it by taking real-time necessary actions. Microland would enhance its cyber security services by adding functionality to trace advanced threats and provide artificial intelligence-based security incident response, leveraging Securonix capabilities in UEBA, online monitoring, and log management.

“We are thrilled to be working with Microland to help customers thwart the advanced attacks that modern organizations experience daily. Our modern, proactive approach to enterprise defense, coupled with Microland’s global presence, is sure to deliver unmatched value to organizations looking for a managed SOC offering. The early traction we have experienced together has been incredible, and we look forward to building on that momentum throughout the balance of the year and beyond,” said David Wagner, Vice President, Global MSSPs & Systems Integrators, Securonix

Huntsman Security Introduced SmartCheck for Ransomware

Huntsman Security introduced new solution SmartCheck for Ransomware, an automated, on-demand diagnostic application developed to analyse the risk of a ransomware outbreak. The application captures data directly from security activities in order to report on an organization’s security posture in comparison to a set of security measures. These measures are similar to those recently recommended by the UK National Cyber Security Centre (NCSC) and the US National Institute of Science and Technology (NIST), and will provide users with assurance that they are adhering to known cyber security best practice.

SmartCheck for Ransomware tests an organization’s ransomware readiness quickly and effectively, providing a numeric score for each of the 12 security controls. As a result, companies can findout their risk exposure and modify any security policies that are needed to enhance their security posture and ransomware preparation. At the same time, the verifiable report gives higher security trust levels to third parties, such as insurers or potential partners, at a time when supply chain security is a big issue.

“To protect against ransomware and effectively manage their security risks, it is vital that senior executives have clear visibility of their cyber posture. This goes beyond annual audits to having the relevant information available whenever the organisation needs it – whether to modify security settings to improve readiness; or to verify their posture to partners or insurers. By making assessments automated and in line with established best practice, we have given organisations access to reliable security information that they can use with confidence to improve their risk management processes,” said Peter Woollacott, CEO, Huntsman Security.

SmartCheck for Ransomware is developed with much the same precision and reliability as Huntsman Security’s other defence-grade SIEM and Scorecard products, and is meant to be simple to install and use. It assesses the effectiveness of important cyber-attack prevention, containment, and restoration mitigation tactics across the course of a cyber-attack.

“As the threat of ransomware grows everywhere, organisations need to regularly assess their state of readiness. With insurers such as AIG tightening terms and raising premiums in response to the ransomware threat, organisations that can’t demonstrate adequate security precautions will find insurance terms increasingly difficult to negotiate. At the same time, organisations need to take steps to ensure that ransomware will not disrupt their operations or those of their supply chains – making assessing partners’ security posture just as important as assessing their own. Updating ransomware risk management efforts to include SmartCheck for Ransomware to better address their ever changing risk environment will put organisations in a much better position to combat the threat of ransomware,” said Woollacott.

Cohere Cyber Secure and SecurityScorecard formed Partnership to Enhance Cybersecurity of Financial Sector

Cohere Cyber Secure announced a partnership to provide cyber ratings for clients and cooperatively push market penetration with a single integrated solution of SecurityScorecard, the worldwide market leader in cyber security ratings. These include the most recognised financial firms worldwide, including different groups of registered investment advisors, private equity, portfolio managers, hedge funds, and LBO funds. As part of this partnership, Cohere will include the monitoring capabilities of SecurityScorecard in our security operations using SIEM technology from Cohere to constantly monitor and mitigate possible cyber threats, both on- and in the cloud.

“Financial organizations are the biggest target for cyber criminals, and security teams need a comprehensive and compliant cybersecurity strategy that provides in-depth intelligence,” says Aleksandr Yampolskiy, CEO at SecurityScorecard. “This partnership provides real actionable insights into the real-time threats facing financial organizations, and ensures that they will maintain the strongest possible security posture and conform to industry compliance standards.”

The combined Cohere solution offers a 360-degree vision and addresses essential safety issues including risk and vulnerability assessment, risk detection, real-time monitoring, response to incidents and regulatory reporting. Partnership clients can check their SecurityScorecard rating and extend that support to their portfolio and selling companies. This complete solution provides on-going monitoring to ensure that organisations are able to maintain the most safe financial services for their customers. Customers can also generate complete monthly or on-demand cyber-based health reports for governance committees and regulators as a tightly interconnected solution.

“Security organizations are often hamstrung by only looking within their cyber borders with an inside-out view into their vulnerabilities, and often have to break up monitoring tools with multiple outside vendors,” says Steven Francesco, Chairman and CEO at Cohere Cyber Secure. “Investors, customers, regulators, CISO’s and compliance officers can rest easier knowing our solution keeps your company safe and secure.

LogPoint completes acquisition of SecBI and added native SOAR to its core SIEM offering

LogPoint, a worldwide leader in cybersecurity, announced that the acquisition process of Tel Aviv-based SecBI is completed. LogPoint’s native integration with SecBI’s SOAR and XDR universal SOAR and XDR technology will create a foundational Security Operations platform. In December, SOAR and LogPoint 7.0 will be available together as a bundle.

“With the tidal wave of cyberattacks threatening businesses and societies across the globe, a disruption of the way organizations respond to cybersecurity incidents is required,” said Jesper Zerlang, CEO LogPoint. “Building on LogPoint SIEM and UEBA to effectively detect threats, orchestration and automation of the response to incidents is key to advancing cybersecurity. Consequently, SOAR will be a capability included in LogPoint to advance foundational cybersecurity.”

In addition, all current and future LogPoint clients will be able to use SOAR in their security operations with the release of LogPoint 7.0, automating repetitive tasks and orchestrating threat remediation workflows, as well as facilitating autonomous investigation, prioritisation and execution of playbooks to minimize human involvement and speed up response time. Clients will be able to use SOAR as part of their LogPoint Core SIEM license.

“LogPoint SOAR has been in production with select customers over the past few months and we’re thrilled with the overwhelmingly positive feedback that analysts have more confidence that incidents are dealt with appropriately thanks to the automatic playbooks. Our customers have reported a significant decrease in the time it takes to detect and respond to a phishing email – down from three hours with manual processes to 10 minutes with automated LogPoint SOAR playbooks,” said Christian Have, CTO, LogPoint.

“SOAR is not only about coping with the increasing number of cybersecurity incidents. By including SOAR in the LogPoint SIEM solution, we will enable organizations of all sizes, especially companies that do not have a fully-staffed 24/7 Security Operations Center (SOC), to establish proper and relevant incident-handling processes and dramatically increase quality and speed in their response capabilities. It also helps those organizations assess the efficiency of new cybersecurity tools and measures,” said Have.

“Already a strong SIEM player in Europe, LogPoint’s new SOAR and XDR offerings, combined with its own notable TDIR advancements, position the vendor to compete globally for a growing share of enterprise customers.”

Hunters Raises $30 Million in Funding Round to Lead the Open Extended Detection and Response (XDR) Market

Hunters has raised $30 million in a Series B round led by Bessemer Venture Partners, with current investors YL Ventures, Blumberg Capital, Microsoft’s Venture Fund M12, and US Venture Partners also participating (USVP). The entire investment now stands at $50.4 million. Okta Ventures and Snowflake were strategic investors in the prior round of funding.

“Hunters’ customer engagements are accelerating with Fortune 1000 Companies adopting XDR to be at the heart of their security operations. Traditional security tools like SIEM have not fulfilled the need to clearly and rapidly identify and investigate threats at the scale of cloud data, leaving a crucial gap in supporting security analysts. Open XDR offers a new technology approach with a turn-key solution that stitches security events from across the entire security stack into contextualized and prioritized incidents. This maximizes the value security teams are getting from their current stack and enables them to see real incidents and rapidly respond,” said Uri May, CEO and co-founder of Hunters.

Hunters XDR is chosen by companies facing complex security threats because of its proven ability to speed up threat detection, investigation, and incident response. Known brands from the financial services, technology, retail, manufacturing, and media industries are among them.

“At NETGEAR, we support a complex IT environment. To keep pace with our rapidly growing business and the evolving threat landscape, we switched from a SIEM to Hunters XDR. Hunters now serves as our core SOC (Security Operations Center) platform. It enabled us to shift from manual to automated incident investigation and focus on incident resolution instead of tool management and IT complexity,” said Mihir Shah, Vice President of Information Technology at NETGEAR, one of the world’s leading network solution manufacturers, with offices in 25 countries.

”Hunters represents the future of security architectures, leveraging the performance and cost advantages of cloud data warehouses and Open XDR technology to deliver detection and response capabilities that were not historically possible on-premise. Hunters’ unique ability to identify low-fidelity signals of an attack that are traditionally missed and automatically stitch them together into a contextual attack story is a game-changer that helps organizations better address their cybersecurity risk, specifically for companies undergoing rapid cloud expansion and business growth,” said Alex Ferrara, Partner at Bessemer Venture Partners.

Ofer Schreiber, Partner at YL Ventures, that co-led Hunters’ seed round alongside Blumberg Capital said, “Today’s security operations have to support mixed multi-cloud and on-prem environments, as well as handle security data at cloud-scale. Its breakthrough technology and recent growth positions Hunters to disrupt the $4.3 billion SIEM market that’s predominantly built on pre-cloud technologies.”  

“Hunters’ innovation stems from its focus on SOC analysts which is especially critical in light of the shortage in security talent. Unlike other tools, the platform was purpose-built to offload non-mission-critical tasks, automate detection and investigation, and provide SOC analysts with a clear understanding of every detected security incident, helping achieve faster resolution,” said Yodfat Harel Buchris, Managing Director at Blumberg Capital, who co-led Hunters’ Seed round.

“This investment takes us one step closer to building a pillar security company, becoming the centerpiece of the future SOC of the world’s leading organizations. The investment will be used to further drive innovation, enhance our customer satisfaction, increase our market reach, support partner expansion and hire exceptional talent,” said May.

Security Information and Event Management (SIEM) – An Overview

Security Information and Event Management (SIEM) is a branch of computer security that combines Security Information Management (SIM) with Security Event Management (SEM) in software products and services. Security devices, network equipment, systems, and applications all provide event data, which SIEM technology aggregates. They analyse security alarms generated by applications and network devices in real time. Contextual information on people, assets, threats, and vulnerabilities is linked with event data for compliance or security audit purposes.

SIEM (Security Information and Event Management) is a security system that assists enterprises in identifying potential security threats and vulnerabilities before they interrupt business operations. It identifies suspicious user behaviour for threat detection and incident response.

Log Management

SIEM (Security Information and Event Management) gathers event data from a variety of sources across an organization’s network. Logs and flow data from various users like employees or clients, applications, cloud environments, assets and networks are collected, saved, and analysed in real-time, allowing IT and security teams to monitor their network’s event log and network flow data from a single centralised location. Some SIEMs link with third-party threat intelligence channels to correlate their internal security data with previously identified threat signatures and profiles. Security teams can block or identify new attack signatures by integrating with real-time threat sources.

Security Alerts and Incident Monitoring

SIEM systems can identify all devices in the IT environment since they provide centralised control of on-premise and cloud-based infrastructure. SIEM technology monitors for security incidents across all connected individuals, devices, and applications, identifying suspicious activity as it occurs in the network. SIEM systems reduce IT security teams’ average time to detect and average time to respond by offloading the manual operations involved with in-depth security event analysis.

Analytics and Event Correlation

Any SIEM solution must include event correlation as a component. Event correlation gives insights to swiftly find and mitigate possible threats to enterprise security by utilizing advanced analytics to identify and analyse complex data patterns. Administrators can be warned promptly using customizable, specified correlation rules and take appropriate action to mitigate the incident before it escalates into more serious security risks.

Investigating for Forensic Purposes

When a security issue happens, SIEM systems are suitable for performing digital forensic investigations. SIEM systems enable businesses to collect and analyse log data from all of their digital assets in one central location. This enables them to reproduce previous occurrences or evaluate new ones in order to examine suspicious activity and improve security systems.

Compliance and Regulation

SIEM solutions are a popular choice for businesses that must comply with a variety of regulations. SIEM is a powerful tool for gathering and verifying compliance data across the whole corporate infrastructure since it allows automated data collection and analysis. SIEM solutions create real-time compliance reports for compliance requirements, easing security management and detecting any violations early. 

New Advanced Real Time Threat Detection

Organizations must be able to rely on solutions that can detect and respond to both known and new security threats, given how quickly the cybersecurity environment changes. SIEM solutions can successfully mitigate newer security breaches by utilizing integrated threat intelligence feeds.

SIEM products are available as software, equipment, or managed services, and they are used to log security data and generate compliance reports. Clients’ need to analyse activity data in real time for early identification of cyberattacks, data breaches, as well as collect, store, investigate, report on log data for incident management, forensic analysis and regulatory compliance, are the Security and Information Event Management (SIEM). Taking proactive actions to check and mitigate IT security risks is critical, regardless of how big or small your company is. Enterprises benefit from SIEM solutions in a variety of ways and they’ve become an important part of optimizing security procedures.