All news with #siem tag

Understanding Differences Between NDR, EDR and XDR

🛡️This article compares three related threat-detection approaches: Endpoint Detection and Response (EDR), Network Detection and Response (NDR) and Extended Detection and Response (XDR). It explains that EDR focuses on endpoint agents and can leave visibility gaps, while NDR analyzes packet-level network traffic for real-time detection, forensic review and retrospective analysis. XDR is described as a strategy that unifies telemetry from multiple sources to accelerate response; when combined, these capabilities offer complementary coverage and reduced operational risk.

How CISOs Can Learn from ERP Migration Lessons - Practical

🔒 Many large enterprises deploy 40–80 distinct security tools, creating data silos, integration headaches and alert fatigue. Vendors such as Cisco, CrowdStrike and Microsoft are responding with integrated platform bundles that centralize cloud, email, endpoint, network, SIEM and threat intelligence. Drawing on the pitfalls of 1990s ERP migrations—data incompatibility, heavy customization and neglected organizational change—the article offers five practical tips for CISOs: secure executive buy-in, prioritize people over tech, phase implementations, build a modern data pipeline and use the move to streamline processes.

Ransomware Defense with the Wazuh Open Source Platform

🛡️Wazuh is a free, open-source security platform that provides SIEM and XDR capabilities to detect, prevent, and respond to ransomware. The article highlights Wazuh features such as file integrity monitoring, vulnerability detection, security configuration assessment, and automated active responses. It illustrates rule-based detections and automated remediation using practical examples (DOGE Big Balls, Gunra) and discusses Windows integration for VSS-based recovery. The coverage frames Wazuh as a practical, extensible tool for multi-layered ransomware defense.

Early Threat Detection: Protecting Growth and Revenue

🔎 Early detection turns cybersecurity from a reactive cost into a business enabler. Investing in continuous visibility, threat intelligence, and rapid detection reduces incident costs, preserves uptime, and protects revenue and reputation. Solutions such as ANY.RUN's Threat Intelligence Feeds and TI Lookup deliver real-time IOCs, context-enriched analyses, and STIX/TAXII-ready integrations so SOCs can prioritize and act faster, lowering MTTR and operational burden.

CISOs' 2025 Priorities: Data, AI, and Simplification

🔒 CSO's 2025 Security Priorities Study finds security leaders are juggling expanding responsibilities while facing greater complexity in selecting the right tools. Seventy-six percent say solution selection is more complex and 57% had trouble finding incident root causes in the past year. Top focuses are protecting sensitive data, securing cloud systems, and simplifying IT infrastructure, with 73% now more likely to consider AI-enabled security. Many plan to rely on managed service providers and maintain level budgets while driving strategic AI and governance initiatives.

AI in Today's Cybersecurity: Detection, Hunting, Response

🤖 Artificial intelligence is reshaping how organizations detect, investigate, and respond to cyber threats. The article explains how AI reduces alert noise, prioritizes vulnerabilities, and supports behavioral analysis, UEBA, and NLP-driven phishing detection. It highlights Wazuh's integrations with models such as Claude 3.5, Llama 3, and ChatGPT to provide conversational insights, automated hunting, and contextual remediation guidance.

ML-Based DLL Hijacking Detection Integrated into SIEM

🛡️ Kaspersky developed a machine-learning model to detect DLL hijacking, a technique where attackers replace or sideload dynamic-link libraries so legitimate processes execute malicious code. The model inspects metadata such as file paths, renaming, size, structure and digital signatures, trained on internal analysis and anonymized KSN telemetry. Implemented in the Kaspersky Unified Monitoring and Analysis Platform, it flags suspicious loads and cross-checks cloud reputation to reduce false positives and support retrospective hunting.

Microsoft Named a Leader in IDC MarketScape for XDR

🔒 Microsoft has been named a Leader in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 assessment. Microsoft Defender XDR is highlighted for broad signal coverage across endpoints, identities, email and collaboration, SaaS apps, cloud workloads, and data, plus AI-driven automation and native SIEM integration that consolidate visibility and accelerate response. IDC also cited Microsoft Security Copilot and automatic attack disruption as key differentiators that reduce dwell time and free SOC teams to focus on higher-value tasks.

Managed SOCs: Practical Path to Stronger IT Security

🔒 Companies face rapidly evolving threats and tightening regulation, and many — especially SMEs — lack the staff and budget to build an effective in‑house Security Operations Center. A Managed SOC delivers continuous 24/7 monitoring, rapid deployment and specialized analysts without the multi‑million euro investment or hiring of 10–20 experts. Choose providers with proven detection and response experience, recognized certifications such as ISO 27001, strong data protection practices and a focus on integrating existing tools. Internal readiness — defined escalation paths, fast decision-making and employee awareness — remains essential for any managed service to be effective.

Avnet Reclaims Security Data, Cuts Costs, Boosts AI

🔐 Avnet moved away from vendor-bound SIEM, EDR and RBVM silos toward a centralized security data pipeline built on Cribl, prompted by a legacy SIEM renewal that became a strategy inflection point. The redesign gave Avnet full ownership of telemetry, enabled large-scale ETL and flexible routing, and freed analysts from vendor dashboards. Operationally, licensing and storage costs dropped dramatically to 15% of prior levels while processing capacity doubled and pipeline staffing fell from four engineers to one. With its own data layer in place, Avnet is accelerating analytics and AI use cases such as tailored LLMs and retrieval-augmented generation (RAG) to improve investigations and reduce analyst workload.

Why SIEM Rules Fail — Causes and Practical Fixes in 2025

🔍 The Picus Blue Report 2025, derived from over 160 million real-world attack simulations, found that organizations detected only 1 in 7 simulated attacks, exposing significant detection and response gaps. The report attributes most failures to missing or misrouted telemetry, misconfigured detection rules, and performance bottlenecks that delay or drop alerts. It recommends continuous validation—for example, using Breach and Attack Simulation—to routinely test rules, verify end-to-end log collection, and prioritize fixes so defenses remain effective against current adversary TTPs. Practical steps include regular log-source audits, optimizing rule logic and thresholds, deploying lightweight test filters, and running ongoing simulation-based validations to reduce noise and recover blind spots.