After a long time on Mailchimp, we are moving our newsletter to Substack. Not only Substack is blogging and newsletter in one, it is also a more modern platform with social-friendly features. However, the biggest reason is that Substack actually comes with fewer bells and whistles than a platform like Mailchimp. By removing complicated options, we feel that we can go back to the basics, which is focusing on the content.
Speaking of which …
Rain Capital Founder Launches New D&I Non-profit
Rain Capital’s founder Dr. Chenxi Wang and a group of senior women leaders in Cybersecurity this week announced the formation of a new non-profit organization — the Forte Group.
Photo by Pixabay
FORTE’s MISSION: Elevate the positive role of cybersecurity and diversity in the business environment. The group believes that Cybersecurity and Diversity are two parallel business imperatives. The members will harness the collective strength, wisdom, and resources of the community to foster true diversity & inclusion for the industry. The Forte Group will offer a wide array of programs such as board journey coaching, networking and mentorship opportunities, career development resources, and wellness programs.
The Forte members include C-level Cyber leaders from companies like Johnson & Johnson, Microsoft, Plaid, Sutter Health, Cisco, Claroty, Oracle, Unilever, Wayfair, and others. “Super stoked to be part of the group and continue learning from each other while lifting up more women into cyber leadership roles!” Algirde Pipikaite, former Cybersecurity lead for the World Economic Forum, wrote on LinkedIn.
Rain Capital Portfolio Leads with Top RSA Sessions
This year at RSA, the industry’s top cybersecurity conference. Ofer Maor of Mitiga with his talk of It's Getting Real & Hitting the Fan! Real World Cloud Attacks, and Sounil Yu of JupiterOne with his session on Cyber Defense Matrix: Revolutions, led the top-rated sessions roster, which were selected by conference attendees. Both sessions are packed with insights and valuable lessons from a practitioner’s point of view.
Rain Capital congratulates Mitiga and JupiterOne for achieving this top distinction. Both sessions are now available online at the RSA website.
Think You Are Logging Correctly? Think Again
Logging for security differs from system-level logging as the former tracks events related to the security operations of your environment. But in practice, how do you know which events are actually relevant?
Turns out, most organizations either log the wrong thing or don’t know if they are logging the right events. Here are just some of the questions that you should be asking for security logs:
Do you have the appropriate coverage? Are all the relevant sources covered in logging? For instance, are you collecting logs from your cloud instances and SaaS providers? What about cloud data warehouses like Snowflake? Do you know which logs your cloud providers allow you to access?
Is the timestamp correct and consistent? Timestamp integrity and consistency has a huge impact on the accuracy of security analytics. When was the last time you checked for timestamp consistency across your infrastructure?
Are security event data retained for an appropriate length of time? For compliance and policy reasons, companies often need to access historical incident data. Is your log retention policy configured accordingly to meet those requirements? What about cloud logs?
Do you have a way of handling and analyzing large streams of data? When it comes to cloud event logs, most organizations are ill-equipped to handle the volume as well as the format of cloud data. Attaining the right set of utilities and tools is imperative when you have environments straddling modern stacks like the cloud and also legacy on premises infrastructure.
Security logs contain a wealth of information to help you reduce exposure to intruders, malware, and data loss in your network. That is why you need to be proactively planning, configuring and collecting critical logs from your environments.
Log often, log early, but don’t log blindly.
Mitiga’s excellent information source on preparing for security incidents is a must-read for those dealing with cloud incident response. This article, Proactive Forensic Data Acquisition, is where you want to start.