#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Wazuh | Breaking Cybersecurity News | The Hacker News

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity
Feb 09, 2024 Cloud Security / Open Source XDR / SIEM
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and challenges that demand diligent consideration. In this blog post, we will explore some challenges of cybersecurity in the cloud era. We will also delve into how Wazuh, a cybersecurity solution supporting cloud platforms like Amazon Web Services (AWS), Microsoft Azure, Github, and Google Cloud Platform (GCP), can help address these challenges effectively. The rise of cloud computing Cloud computing deploys services, including servers, storage, software, databases, networking, and intelligence over the Internet " the cloud " to offer flexible resources, faster innovation, and cost efficiencies. Cloud c

Building a Robust Threat Intelligence with Wazuh

Building a Robust Threat Intelligence with Wazuh
Dec 07, 2023 Threat Intelligence / Network Security
Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem Threat intelligence is a crucial part of any cybersecurity ecosystem. A robust cyber threat intelligence program helps organizations identify, analyze, and prevent security breaches. Threat intelligence is important to modern cyber security practice for several reasons: Proactive defense:  Organizations can enhance their overall cyber resilience by integrating threat intelligence into security practices to address the specific threats and risks that are relevant to their industry, geolocation, or technology stack. Threat intelligence allows organizations to identify potential threats in advanc

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Protecting your IT infrastructure with Security Configuration Assessment (SCA)

Protecting your IT infrastructure with Security Configuration Assessment (SCA)
Oct 03, 2023 Network Security / XDR / SIEM
Security Configuration Assessment (SCA)  is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular  security configuration assessments  are essential in maintaining a secure and compliant environment, as this minimizes the risk of cyber attacks. The assessment provides insight into your current security posture by performing configuration baseline checks on services and applications running on critical systems. How SCA works  SCA is performed by checking the configurations of your IT assets against known benchmarks such as the Center for Internet Security (CIS) benchmark and compliance standards such as NIST, GDPR, and HIPPA. Regulatory standards provide a global benchmark for best practices to help organizations enhance their IT hygiene and improve customer trust. The CIS benchmark provides a guideline for best practices for security c

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM

Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM
Aug 07, 2023 SIEM and XDR Platform
In today's interconnected world, evolving security solutions to meet growing demand is more critical than ever. Collaboration across multiple solutions for intelligence gathering and information sharing is indispensable. The idea of multiple-source intelligence gathering stems from the concept that threats are rarely isolated. Hence, their detection and prevention require a comprehensive understanding of the broader landscape. A comprehensive and robust security framework should be established by aggregating resources, knowledge, and expertise from various sources. This collaborative effort allows for the analysis of diverse data sets, the identification of emerging patterns, and the timely dissemination of crucial information.  In this article, we discuss a versatile security platform that can operate in two distinct roles within a security ecosystem. This platform can function as a subscriber, actively collecting and aggregating security data from various endpoints and other so

How Wazuh Improves IT Hygiene for Cyber Security Resilience

How Wazuh Improves IT Hygiene for Cyber Security Resilience
Jun 01, 2023 Threat Detection / SIEM
IT hygiene  is a security best practice that ensures that digital assets in an organization's environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment. As technology advances and the tools used by cybercriminals and cybersecurity professionals evolve, the strategies used to carry out cyber attacks differ based on their complexity and uniqueness. Threat actors continuously target organizations practicing poor IT hygiene to exploit known security weaknesses and human error. Security administrators can defend against cyberattacks by implementing good  IT hygiene  practices like whitelisting programs, keeping systems up to date, and more. Gaining complete visibility into the IT assets is fundamental to developing an effective security strategy. The emergence of shadow IT, like rogue assets, s

Protecting your business with Wazuh: The open source security platform

Protecting your business with Wazuh: The open source security platform
Apr 10, 2023 Endpoint Security / Threat Detection
Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use processes and security solutions to curb these challenges. These solutions include firewalls, antiviruses, data loss prevention services, and XDRs (Extended Detection and Response). Wazuh is a free and open source security platform that unifies XDR and SIEM (System Information and Event Management) capabilities. It comprises a universal security agent for event data collection from various sources and the central components for event analysis, correlation, and alerting. The central components include the Wazuh server, dashboard, and indexer. Wazuh offers a suite of modules capable of providing extended threat detection and response for on-premises and cloud workloads.  In this article, we emphasize the

Auditing Kubernetes with Open Source SIEM and XDR

Auditing Kubernetes with Open Source SIEM and XDR
Feb 01, 2023 SIEM / Kubernetes
Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. What is Kubernetes? Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers. It organizes containers into logical units for simple management and discovery. Kubernetes extends how we scale containerized applications so that we may use a truly persistent infrastructure. You can build cloud-native applications based on microservices with Kubernetes. Enthusiasts view Kubernetes as the cornerstone of application m

How XDR Helps Protect Critical Infrastructure

How XDR Helps Protect Critical Infrastructure
Dec 07, 2022 SIEM / XDR / Threat intelligence
Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the optimal operation of these critical infrastructures. Critical infrastructure is made up of digital and non-digital assets. Organizations must stay ahead of cybersecurity threats to prevent failures caused by cyber attacks on critical infrastructure. Finding ways to protect digital assets in an ever-changing landscape filled with threats is a continuous activity. Organizations must also employ efficient security solutions and best practices to stay protected and reduce the chances of compromise. Security solutions help secure and improve the visibility of an organization's threat landscape. Different solutions use different concepts and approaches. An important concept that has risen recently

Threat hunting with MITRE ATT&CK and Wazuh

Threat hunting with MITRE ATT&CK and Wazuh
Nov 18, 2022
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right opportunity to exploit discovered weaknesses. Therefore it is important to perform threat hunting to identify malicious actors in an environment and stop them before they achieve their ultimate goal.  To effectively perform threat hunting, the threat hunter must have a systematic approach to emulating possible adversary behavior. This adversarial behavior determines what artifacts can be searched for that indicate ongoing or past malicious activity. MITRE ATT&CK Over the years, the security community has observed that threat actors have commonly used many tactics, techniques, and procedu
Cybersecurity Resources