What resonated with our readers this past year? What were the top 10 Gurucul blog posts of 2021? We thought 2021 would be on its way back to normal. Despite vaccinations, Covid-19 still impacted operations across the globe, requiring new ways to secure the remote workforce and manage remote access. Trends such as increased ransomware created new challenges for SOC teams.
At Gurucul, we covered all of these problems and their solutions in our blog posts, but as always some of our blogs were liked more than others. Here are our top 10 most-read blog posts of the year as measured by pageviews.
10. September is National Insider Threat Awareness Month
Every September is National Insider Threat Awareness Month. In this blog, we discuss insider threat resources, the sources of insider threats, the government task force on insider threats, and why organization-wide awareness of insider attacks is part of a comprehensive cybersecurity strategy – among other topics.
9. Why Legacy SIEM Makes Little Sense Today
Legacy SIEM today is far less useful than it was a decade ago. But that says more about the changing attack landscape than anything about the SIEM software itself. Also, despite vendor marketing claims, SIEM—even 10 years ago—was never designed to be a standalone system. Read this blog to find out why legacy SIEM makes little sense today.
8. Top 10 Tips to Prevent Insider Threats
Everyone loves listicles. For September’s National Insider Threat Awareness Month (NIATM), we compiled a list of the Top 10 Tips to prevent insider threats. The best firewalls in the world won’t keep out someone who can log in inside the wall. The most advanced multi-factor authentication system on the market won’t stop someone who is fully authorized to be there. Keeping files isolated won’t stop the person whose job includes access to the files. So, what can you do? Read this blog for details.
7. The Benefits of Cloud Native SIEM
There are a couple of different ways of taking an enterprise-hosted application, including a SIEM, and migrate it into a commercial cloud. The easiest way might be termed “lift and shift”, in that you simply take the existing application in a corporate data center and upload it to run on the cloud hardware. It might run directly on an OS like Linux, or it might be encapsulated in a VM, but little or nothing changes within the application. A cloud-native implementation offers to many advantages and is the best way to go. Read this blog to find out why.
6. Security Gaps in Access Management
One critical question security leaders are contending with in today’s emerging environments is, “how do you manage threats if you don’t know where the risk is?” More specifically, how do you effectively manage access risk? The solution begins with closing the key security gaps in access. But what are the security gaps? Leaders in predictive security analytics have identified two critical gaps and in this blog we discuss how to close those gaps.
5. Automating Incident Response with Machine Learning
One of the threads we’ve been picking up is how Artificial Intelligence driven Security Analytics can play into improving the response times and overall efficiency of the Security Operations Center (SOC). Automating Incident Response with machine learning adds enormous value to the SOC. The whole “New Normal” we established during the pandemic has already changed how the SOC does what it does. Remote work and distributed teams are where it’s at, and it seems like it’s where we’ll be for a good long time to come. Read this blog to understand how AI-driven security analytics automates incident response.
4. How MITRE ATT&CK Coverage Improves the Effectiveness of Your SIEM
Security Information and Event Management (SIEM) is an important part of IT security management that many organizations have come to rely on. With their powerful data-backed tools, SIEM has significantly reduced threat detection times and managed risks more efficiently. SIEM allows companies to scale well as they support large amounts of data and can be used for a wide range of use cases that involve logging, security program, auditing, compliance reporting, help desk, network troubleshooting, and so on. It is an evolving cybersecurity product backed up by several advanced tools that enable intelligent security operations. The MITRE ATT&CK coverage framework is one such data-based platform that allows for SIEM systems to leverage a globally accessible knowledge base. Read this blog for more information.
3. Predictive Security Analytics Use Cases
The range of predictive security analytics use cases a vendor offers fundamentally defines the maturity of their solution offerings and the breadth of their capabilities. A number of vendors offer only a limited selection of use cases, while others are more inclusive and comprehensive in their offerings. This blog provides an optimal list of use cases for predictive security analytics. Use cases are organized in three categories: User and Entity Behavior Analytics (UEBA), Identity Analytics (IdA), and Cloud Security Analytics (CSA). Also keep in mind the need and ability to create custom models for private data and confidential use cases common with federal, military, and private industry deployments.
2. When Cyberattacks Get Physical
The events of January 6th, 2021 have had some profound consequences both political and social. From our perspective in the cybersecurity community, regardless of our politics, the event put a razor focus on how physical security can influence what we do and how we do it. All the firewalls, secure VPN tunnels, multi-factor authentication, and a host of other security tools are considerably less effective when an attacker gains physical access to a device. Which is what happened when a crowd of protestors stormed the US capitol in an effort to disrupt the certification of 2020’s presidential election. Read this blog to learn how behavior analytics can help identify potential issues after a physical breach.
1. Famous Insider Threat Cases
Insider threats are the biggest security risk for organizations because they can cause the most destruction. From taking advantage of privileged access to stealing company data – sometimes the biggest and worst threats to a company’s security program is right under its nose. There are so many Insider Threat Personas and in this blog we share famous insider threat cases to expose the serious risk of insider cyberattacks.
We hope you found the top 10 Gurucul blog posts of 2021 interesting. Happy new year and thanks for reading the Gurucul blog!