Blogs
August 8, 2023 / August 8, 2023 by Dhiraj Sharan
The advent of cloud, SaaS, and hybrid work environments have made conventional security data centralization pipelines less practical. The future is more flexibility and visibility, with less data shuffling and storage costs. Security data is now more heterogeneous, omnipresent, and expansive than ever, but the pipeline for log management has not adapted. Organizations are seeking […]
Read more »
August 1, 2023 / August 1, 2023 by Dhiraj Sharan
This blog is part 4 of a 4 blog series on Measuring and Optimizing Enterprise Security Search Costs. See Part 1, Part 2, and Part 3. There are real cost to usability trade-offs when it comes to cybersecurity data storage that have long term consequences. Storage costs increase as you move to more dedicated and […]
July 25, 2023 / July 20, 2023 by Dhiraj Sharan
This blog is part 3 of a 4 blog series on Measuring and Optimizing Enterprise Security Search Costs. See Part 1 and Part 2. To manually piece together information from multiple sources is a complex and error prone task for security analysts. In our previous blog, we discussed how to calculate Analysts’ Searches per Investigation […]
July 24, 2023 / July 25, 2023 by Dhiraj Sharan
Investigating zero-day vulnerabilities and exploits is becoming impractical Unfortunately, zero-day vulnerability exploits are increasingly common...
July 18, 2023 / November 15, 2024 by Dhiraj Sharan
This blog is part 2 of a 4 blog series on Measuring and Optimizing Enterprise Security Search Costs. See part 1 here. Security teams are collecting, centralizing, and storing data in SIEMs, EDRs, enterprise search platforms, big data lakes, and vanilla cloud blob storage. The primary purpose is to store, lookup, and investigate activity data […]
July 11, 2023 / July 10, 2023 by Dhiraj Sharan
Abstract Progress Software’s MOVEit Transfer solution is a widely used secure file transfer product. In late May, they announced a critical vulnerability that has left about 2,500 organizations vulnerable, most of them in the US. The worst part of it is that the MOVEit Transfer instances are exposed on the public internet, so anyone can […]
June 27, 2023 / July 18, 2023 by Dhiraj Sharan
With the increased need to monitor more data sources, respond to security events, and analyze and investigate threats, enterprise security search costs are soaring. An oversized portion of that spend is for licensing and infrastructure costs associated with consoles to investigate cybersecurity data – SIEMs (Splunk, QRadar, etc), log management platforms (Elastic, Splunk, etc.), and […]
June 13, 2023 / June 27, 2023 by Dhiraj Sharan
With increasing costs of sending high-volume data sources into SIEM, organizations have switched to storing their EDR data into Amazon S3. It provides a scalable option that can easily accommodate the growing volume of EDR data generated by an organization’s endpoints. In this blog, we will discuss why that is happening, what new problems it […]
May 2, 2023 / May 25, 2023 by Dhiraj Sharan
Do Security Analysts have to become Cloud Platform Engineers? AWS-hosted SaaS has been widely adopted, but securing it is a tricky beast. Traditional on-prem security observability processes are not directly applicable in a microservices based SaaS environment. So, let’s take a look at a typical AWS-native SaaS application environment from a security observability and investigation […]
March 30, 2023 / May 25, 2023 by Dhiraj Sharan
Hello Readers!! My recent blog, Querying Cybersecurity Data Stored in Amazon S3, generated questions from some of you looking for an equivalent approach with Blob Storage, Azure’s object storage service. Your inquiries are excellent inspiration. So, here we are… SOC teams in companies that use Microsoft Azure as their primary cloud provider are starting to […]
