Cloud SIEM are now popular and considered a cheaper solution. There is no software to purchase, cybersecurity professionals to hire or additional training needed to the staff up. But you have to consider log shipping costs, data sensitivity, data sovereignty as potential cons with this approach. There is a [...]

The right SIEM tool varies based on a business’ security posture, its budget, and other factors. However, the top SIEM tools, such as LOGTITAN, usually offer the following capabilities: 1. Scalability — Ensure the solution can accommodate the current and the projected growth. 2. Log compatibility — Ensure that the [...]

LOGTITAN Rule As a Code [1] streaming platform detection capability is more than the traditional SIEM correlation engine. LOGTITAN is a real-time security analytics platform that ingests, normalizes, enriches, triages, and manages application and security data at scale. Let’s look at a chain of suspicious events. A user clicks on [...]

Cyber Criminals are using various malicious tools for cyber-attacks based on the target’s strength to infiltrate the sensitive data and more often nowadays Publicly Available Hacking Tools are mainly used by threat actors for various attacks around the world. Here we can see the top most used 4 publicly available [...]

Data sources that stop logging to your SIEM put your organization at risk. If one of your organization’s firewalls stops logging to the SIEM, your SOC will be blind to malicious traffic traversing it. If your endpoint protection application stops logging, your analysts won’t be able to see if malicious [...]

There are malware tools available that can create Windows services with random service names and descriptions. Emotet infection is an example of malicious services created on the machine. This is due to how Emotet installs itself on a machine, creating randomly named numeric services, which in turn try to run [...]

A popular technique for hiding malware running on operating systems is to give it a name that’s confusingly similar to a legitimate operating system process, preferably one that is always present on all systems. Processes whose names are confusingly similar to those of critical system processes are likely to be [...]

DNS is probably the best source of data for detecting an attacker’s command and control activity, which can be isolated by looking at outbound DNS requests. Botnets play an important role in malware distribution and they are widely used for spreading malicious activities on the Internet. Identifying algorithmically generated domains [...]

Next-generation detection engine of LOGTITAN Next-Generation SIEM combining rule-based and ML-based techniques. LOGTITAN Next-Generation SIEM utilizes machine learning models and advanced correlation rules together, and dynamically update each of them. [1] Anomaly detection via classification Anomaly detection with LOGTITAN SIEM infers a probabilistic model for the network behaviors of each [...]

We will show you how LOGTITAN can effectively identify and stop malware on the host.   Use case: Malware Dropped to a HOST   URL link over an email received The user clicked on it and provided the required information The user received a LOG-IN notification from a system, he/she [...]