Blogs
November 16, 2023 / January 2, 2024 by Dhiraj Sharan
It is said that ‘Knowledge is Power.’ For an analyst investigating an alert, having an extra boost of contextual knowledge can be liberating. Let’s look at how we can incorporate additional sources of knowledge in our alert investigation workflow. The truth will set you free! Dealing with a high volume of raw alerts? According to […]
Read more »
November 6, 2023 / February 1, 2024 by Dhiraj Sharan
Cisco IOS XE web UI zero-day announced October 19 On October 19, Cisco IOS zero-day vulnerability (CVE-2023-20198) was disclosed, impacting 40,000+ switches, routers, and access points running IOS XE. The vulnerability is in the web UI. See more at Hackers exploit zero-day to compromise tens of thousands of Cisco devices | TechCrunch. You should check […]
October 25, 2023 / May 29, 2024 by Dhiraj Sharan
Being an AI enthusiast, my plan heading into the weekend was to try out the amazing new ChatGPT capabilities OpenAI announced early last week: Then Friday happened. Okta disclosed the unfortunate unauthorized access of their support system (see here). So, I spent a few Saturday hours trying to use ChatGPT’s new features to see what […]
September 26, 2023 / January 20, 2025 by Dhiraj Sharan
Log and security event data normalization makes it possible to analyze data from multiple vendors. Commonly applied by SIEM and log management solutions, normalization transforms data from multiple disparate formats coming from different sources, to a single common format that can then be used for analytics, visualization, reporting, etc. There are challenges though. In particular, […]
September 5, 2023 / November 28, 2023 by Dhiraj Sharan
Current SIEM architecture is becoming untenable with increasing costs and limited visibility. The dream that cloud SIEM would magically make things easy didn’t play out. In fact, with security data now everywhere, it actually increases costs. Unfortunately, most of the revenue SIEM vendors get is going to their cloud providers, putting them in a tight […]
White Papers
August 22, 2023 / August 22, 2023 by Dhiraj Sharan
Learn how to measure and optimize your cybersecurity investigation costs by quantifying your analysts' searches per investigation (ASPI)...
August 8, 2023 / August 8, 2023 by Dhiraj Sharan
The advent of cloud, SaaS, and hybrid work environments have made conventional security data centralization pipelines less practical. The future is more flexibility and visibility, with less data shuffling and storage costs. Security data is now more heterogeneous, omnipresent, and expansive than ever, but the pipeline for log management has not adapted. Organizations are seeking […]
August 1, 2023 / August 1, 2023 by Dhiraj Sharan
This blog is part 4 of a 4 blog series on Measuring and Optimizing Enterprise Security Search Costs. See Part 1, Part 2, and Part 3. There are real cost to usability trade-offs when it comes to cybersecurity data storage that have long term consequences. Storage costs increase as you move to more dedicated and […]
July 25, 2023 / July 20, 2023 by Dhiraj Sharan
This blog is part 3 of a 4 blog series on Measuring and Optimizing Enterprise Security Search Costs. See Part 1 and Part 2. To manually piece together information from multiple sources is a complex and error prone task for security analysts. In our previous blog, we discussed how to calculate Analysts’ Searches per Investigation […]
July 24, 2023 / July 25, 2023 by Dhiraj Sharan
Investigating zero-day vulnerabilities and exploits is becoming impractical Unfortunately, zero-day vulnerability exploits are increasingly common...
