BLOG

The massive shift to remote work makes managing endpoint security more critical and challenging. To be successful, you need to secure your endpoints. High-fidelity endpoint log monitoring capabilities can help you do that. 

Many of the challenges companies faced in 2021 aren’t going anywhere. In 2022, common security problems will become a variation in previous issues. To move forward with confidence, you want to be prepared for what you know and ready to face and overcome those security challenges you haven’t yet encountered. 

Quick update to say that Graylog (and elastic), in their default configuration, are not vulnerable to the dos issue that was addressed in the Log4j 2.17.0 release on 12/19/21. No mitigating actions are necessary.

Even if an organization has developed a governance team, aligning integration decisions with business needs must be incorporated into the zero trust architecture. The company’s business model drives the applications chosen.

Graylog’s log aggregation and analysis capabilities are applicable to far more than just security. They can create new value in almost every business process or technical domain organizations want to improve, including regulation compliance, DevOps, and service resilience.

Small IT teams face the same big security problems as large SOCs. They just have fewer - or no - specialists. This makes their smaller teams a bigger target for threat actors. Centralized log management gives small IT teams a way to manage both security and operations so that they can do more with less.

CISOs face two big problems: protecting data and reporting their activities to the Board. Log management is fundamental to protecting data, but high volumes of data generated by cloud applications make using logs difficult. With modernized log management, CISOs can get the best of both worlds: the visibility they need and the visibility they need to provide.

To continue to fight the good fight, security analysts need cybersecurity awareness training around how to optimize their log management strategies so that they can keep pace with threat actors.

High-profile security incidents might be making headlines, but those headlines are impacting companies’ bottom lines. Businesses need to stay aware as best practices change and start modernizing their own security infrastructures.

It’s that time of year when the skeletons and pumpkins are in the windows and the bad actors are lurking in the shadows of your network. Watch this space for blog posts focused on Cybersecurity Awareness. Don’t get phished by the bucket of candy. 

There’s no single tool or security concept that will have a greater impact on the overall cyber landscape than making security analytics a team sport. Here’s our reasons and recommendations for taking a more collaborative, company-wide approach to cybersecurity.

Despite best intentions, organizations focus more on cybersecurity than security hygiene. As threats become more numerous and diverse, here’s how fixing the relationship between cybersecurity and security hygiene better protects your organization.

Many organizations struggle to secure OT assets like pumps, turbines, and generators. Graylog can help by discovering key asset information that informs security strategies, quantifying and supporting OEM negotiations, empowering backup strategies that mitigate ransomware, and delivering the insights of AI security solutions to the rest of the security architecture.

Storage is one of the most promising ways to shift from the "more is better" philosophy to the "work smarter" philosophy. Find out how Graylog can help you create strategies to virtualize your storage, ensuring that you waste as little as possible and that services always get the storage they need. You can also optimize storage, so only the most important services use SSD. 

Gary's Defcon 2021 recap.

Graylog can help organizations create AI that generates key insights, detects emerging problems, and in some cases, predicts problems well before they happen.

Graylog recently discovered a Session ID leak in the Graylog DEBUG log file and audit log. This presents a risk of unauthorized privilege escalation with active and previously active session IDs running Graylog. To mitigate the issue, we have published Graylog v3.3.14, 4.0.10, and Graylog v4.1.2.

The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better. 

As your security capabilities improve with centralized log management, you can create proactive threat hunting queries for proactive planning. Setting baselines, determining abnormal behavior, and choosing an attack framework helps you mitigate risk and respond to incidents. 

Nearly all security experts agree that event log data gives you visibility into and documentation over threats facing your environment. Even knowing this, many security professionals don’t have the time to collect, manage, and correlate log data because they don’t have the right solution. The key to security log management is to collect the correct data so your security team can get better alerts to detect, investigate, and respond to threats faster.