All news with #siem tag

🔍 At .Conf in Boston, Splunk and parent company Cisco positioned machine data as central to next‑generation AI incident response, arguing telemetry represents roughly 55% of global data growth. They stressed tighter integration of security and observability, a federated data model with new support for Snowflake, and standards work such as OpenTelemetry and the Open Cybersecurity Framework (OCSF). Splunk also previewed enhanced security operations capabilities — a premier Enterprise Security bundle, Detection Studio, and agentic AI features — while acknowledging customer concerns about costs, legacy positioning, and support.

🔐 Avnet moved away from vendor-bound SIEM, EDR and RBVM silos toward a centralized security data pipeline built on Cribl, prompted by a legacy SIEM renewal that became a strategy inflection point. The redesign gave Avnet full ownership of telemetry, enabled large-scale ETL and flexible routing, and freed analysts from vendor dashboards. Operationally, licensing and storage costs dropped dramatically to 15% of prior levels while processing capacity doubled and pipeline staffing fell from four engineers to one. With its own data layer in place, Avnet is accelerating analytics and AI use cases such as tailored LLMs and retrieval-augmented generation (RAG) to improve investigations and reduce analyst workload.

🔍 The Picus Blue Report 2025, derived from over 160 million real-world attack simulations, found that organizations detected only 1 in 7 simulated attacks, exposing significant detection and response gaps. The report attributes most failures to missing or misrouted telemetry, misconfigured detection rules, and performance bottlenecks that delay or drop alerts. It recommends continuous validation—for example, using Breach and Attack Simulation—to routinely test rules, verify end-to-end log collection, and prioritize fixes so defenses remain effective against current adversary TTPs. Practical steps include regular log-source audits, optimizing rule logic and thresholds, deploying lightweight test filters, and running ongoing simulation-based validations to reduce noise and recover blind spots.

🔒 Falcon Next-Gen SIEM provides real-time, cross-domain detection to help organizations detect and respond to the identity-centric eCrime group SCATTERED SPIDER. The platform correlates identity, cloud, SaaS, network and email telemetry, offering out-of-the-box rule templates for phishing, MFA fatigue, suspicious SSO events and exfiltration. CrowdStrike recommends comprehensive log ingestion and tuning of these templates to improve detection and response across the full attack lifecycle.