Blogs
July 18, 2023 / November 15, 2024 by Dhiraj Sharan
This blog is part 2 of a 4 blog series on Measuring and Optimizing Enterprise Security Search Costs. See part 1 here. Security teams are collecting, centralizing, and storing data in SIEMs, EDRs, enterprise search platforms, big data lakes, and vanilla cloud blob storage. The primary purpose is to store, lookup, and investigate activity data […]
Read more »
July 11, 2023 / July 10, 2023 by Dhiraj Sharan
Abstract Progress Software’s MOVEit Transfer solution is a widely used secure file transfer product. In late May, they announced a critical vulnerability that has left about 2,500 organizations vulnerable, most of them in the US. The worst part of it is that the MOVEit Transfer instances are exposed on the public internet, so anyone can […]
June 27, 2023 / July 18, 2023 by Dhiraj Sharan
With the increased need to monitor more data sources, respond to security events, and analyze and investigate threats, enterprise security search costs are soaring. An oversized portion of that spend is for licensing and infrastructure costs associated with consoles to investigate cybersecurity data – SIEMs (Splunk, QRadar, etc), log management platforms (Elastic, Splunk, etc.), and […]
June 13, 2023 / June 27, 2023 by Dhiraj Sharan
With increasing costs of sending high-volume data sources into SIEM, organizations have switched to storing their EDR data into Amazon S3. It provides a scalable option that can easily accommodate the growing volume of EDR data generated by an organization’s endpoints. In this blog, we will discuss why that is happening, what new problems it […]
May 2, 2023 / May 25, 2023 by Dhiraj Sharan
Do Security Analysts have to become Cloud Platform Engineers? AWS-hosted SaaS has been widely adopted, but securing it is a tricky beast. Traditional on-prem security observability processes are not directly applicable in a microservices based SaaS environment. So, let’s take a look at a typical AWS-native SaaS application environment from a security observability and investigation […]
March 30, 2023 / May 25, 2023 by Dhiraj Sharan
Hello Readers!! My recent blog, Querying Cybersecurity Data Stored in Amazon S3, generated questions from some of you looking for an equivalent approach with Blob Storage, Azure’s object storage service. Your inquiries are excellent inspiration. So, here we are… SOC teams in companies that use Microsoft Azure as their primary cloud provider are starting to […]
March 2, 2023 / May 25, 2023 by Dhiraj Sharan
Testing the limits of ChatGPT has become a crowd favorite pastime in recent months. While I had casually played with ChatGPT a few times and was super impressed, I personally had not tried experimenting with it as a deeper/more relevant resource. Then last week, as they were knee deep in research, a couple of security […]
February 21, 2023 / July 11, 2023 by Dhiraj Sharan
Hello Readers!! Today, let’s talk about SOAR – Security Orchestration, Automation, and Response. SOAR attempts to address the cross-platform automation and response problem in enterprise security. The technology has been around for 5+ years now and is gaining adoption after its turbulent initial years. In Q4 2022, Query conducted a series of discovery interviews with […]
February 10, 2023 / May 25, 2023 by Dhiraj Sharan
Recently we gathered for a company all-hands in New Orleans. Since that event included a lot of recent hires, I shared the Query founding story with the team. It was a good time to look back, reflect, and discuss why we do what we do. That session with the team made me think, “why not […]
February 2, 2023 / May 25, 2023 by Dhiraj Sharan
Hello Readers! Today I wanted to share something very interesting that happened in Q4, 2022 at our company Query. We surveyed security professionals and found some major learnings that enabled me to write this blog. While the survey was broad, I will scope this blog to the top three investigation challenges that MDR customers face. […]
