Query

We're psyched to release Query's integration with Google SecOps today! Google SecOps enables customers to securely retain, analyze, and search large volumes of security and network telemetry. It normalizes, indexes, and correlates data to provide instant insights into risky activities. Query's federated search expands access to security-relevant data from any connected source to help analysts make better decisions, faster. You can learn more about our integration here: https://lnkd.in/dnj7XytP Thanks to Jonathan Rau and Avnish Anand for building a powerful integration, and to Google's Stacey King for her partnership and help along the way. Google Cloud Security #SecDataOps #CISO #securityoperations

?? SOC Manager: Hey folks, you have probably heard that our deal with Big Rocket Co. has closed! Guess who the lucky SecOps team is that will ensure security during the M&A!? ?? SOC Analyst #1: Let me guess…another MSSP?! ?? SOC Manager: Lol. No. Us, it’s us! ? SOC Analyst #2: I’ve never done M&A before, what security technology does Big Rocket Co. use? ?? SOC Manager: Well, they *were* using a MSSP, but not anymore. They used Google Security Operations as their SIEM. It used to be called Chronicle back in the day. They kept the SIEM, though. ??SOC Analyst #1: I swear, we just migrated away from our SIEM, and now we have another SIEM?! ?? SOC Analyst #2: Not only that, what other query languages do you have to learn now? [SMASHES KEYBOARD WITH ANNOYANCE] Oh…Unified Data Model…UDM? ?? SOC Manager: Folks, folks…please. We are all good! Query has a Connector for Google SecOps. It will handle the query translation into UDM, it will normalize the results to OCSF, it will smartly search the data they have just like it does for all of our Connectors that we have in Query Federated Search. ??SOC Analyst #2: Wow, Query makes it almost *too easy* for us! It’s like they know what we’re thinking?!? ??SOC Manager: Our first priority is to check if there are any critical alerts from their onboarded datasets, let’s normalize some OCSF Detection Findings based on what they have in there. I have all of their Feed Names in a document from the M&A due diligence. ???SOC Analyst #2: Aye-aye cap’n, this will be far too easy! Read more: https://lnkd.in/emuAnx9H #googlesecops #googlesecurityoperations #nextgensiem #gcp #siem #federatedsearch #observability #chronicle

The Open Cybersecurity Schema Framework (OCSF) is an open-source and collaborative effort across the industry to define a vendor- and platform-agnostic schema for security and IT observability data. It has been contributed to by Query, Amazon Web Services (AWS), Splunk, Cisco, CrowdStrike, and several dozen other organizations and individuals. Find out more from our partner Query in their latest blog below ? ? https://lnkd.in/es45jfsv Simon Johnson, Peter Vorley, Lawrence McEwen, Lisa Ventura MBE

It's today! Join Noah Hoag, Director of SOC at BitLyft Cybersecurity, and Neal Bridges on this week's SecDataOpsCast to learn what SOC teams really want! Faster answers? Better answers? Free snacks? Tune in to this episode of #SecDataOpsCast today at 3:00p ET to hear some truth!

?? SOC Analyst #1: Tell me again, why don’t we store all of the observability and network logging data in the data lake? ?? SOC Analyst #2: Well, that would be a lot of data to keep indefinitely! ?? SOC Analyst #1: Uh, yeah, duh. The IT Ops team has it though, it’s inside of Amazon OpenSearch Service. ?? SOC Analyst #2: Don’t you need to know Lucene to get at the data? ?? SOC Analyst #3: Actually, I am pretty sure it is a domain specific language… ?? SOC Manager: You’re both right, it can use either, or a graphical interface. ?? SOC Analyst #1: Okay, that’s well and good, but we got off the SIEM and moved to the data lake and I feel we’re still missing stuff. I thought cheap storage was the reason to get off of the old SIEM?! ?? SOC Manager: Well, those things tend to equal out, we also have to be careful with our compute charges. ?? SOC Analyst #3: They always get you! ???? SOC Analyst #1: Alright, fine, I’m here to do SecOps not to do FinOps…even if IT does give us access, I don’t miss having to search across a bunch of different indices and learn another query language. Ain’t no one got time for that! Any chance https://query.ai can help us dodge that bullet again? ?? SOC Analyst #2: Hold on. [TYPES FURIOUSLY] Yes! They are working on an Amazon OpenSearch Service integration right now! No Lucene, no DSL, no one-index-at-a-time – just like they do it for our lake and our other tools! ?? SOC Manager: Yes…says they will handle all of the query translation, and normalize the data in OCSF like everything else, so we can reuse a lot of our playbooks and automation content. ?? SOC Analyst #1: LFG! I love OpenSearch Service and Query together. Nothing is beyond our reach! ?? SOC Analyst #2: Based. Read more: https://hubs.ly/Q02Z3msP0 #opensearch #opensearchservice #loganalytics #elk #siem #federatedsearch #observability #aws

Dinner and Data coming to Chicago on December 12th! Query CEO Matt Eberhart and partner Ginkgo IT Solutions CEO Tim Colby Sr. will co-host a dinner along with Zurich North America CISO Adam Page to talk overcoming security data challenges in the modern landscape. Looking to join the conversation? Details here: https://hubs.li/Q02YWHLV0

?? The Secret to Cybersecurity Success: It’s Not Just About Tech ?? Here’s the truth I wish someone had drilled into me earlier: If you don’t understand how your work in cybersecurity impacts the business, you’re leaving opportunities—and promotions—on the table. Cybersecurity is about more than just stopping hackers or fixing vulnerabilities. It’s about protecting and enabling the business. Whether you’re in a SOC or working on governance, here’s why understanding the business side is a game-changer: ?? Your Role Is Bigger Than You Think Every role in cyber—whether it’s engineering, threat hunting, or policy creation—ties back to the company’s goals. Ask yourself: How does your work reduce risk for the organization? Are you enabling teams to innovate safely, or are you seen as a “roadblock”? Can you articulate how what you’re doing aligns with the company’s bottom line? ?? Think Like a CFO Want to level up in your career? Start thinking about cost and ROI. ?? What’s the potential cost of a breach versus the investment in security tools? ?? How do your initiatives drive operational efficiency or protect revenue streams? Understanding the financial impact of your work sets you apart. Cyber pros who can connect their actions to dollars and cents aren’t just employees—they’re strategic partners. ?? It’s About Collaboration, Not Isolation Cybersecurity is no longer just about the IT team. It’s about working across HR, marketing, operations, and more. ? Know how to communicate with non-technical stakeholders. ? Be the bridge between business objectives and secure operations. ? Position yourself as someone who understands their pain points—not just the technical ones, but the business ones too. ?? Learn From My Mistakes In my early days, I was laser-focused on the tech. I thought knowing every tool, script, and framework would be enough. Spoiler alert: it wasn’t. It wasn’t until I started connecting the dots between cyber initiatives and business goals that I began to thrive. ?? So, How Do You Start? 1?? Ask business-oriented questions in meetings: “How does this initiative impact the company’s goals?” “What’s the biggest business challenge we’re facing this quarter?” 2?? Shadow colleagues outside of IT. Learn what drives them, what risks they care about, and how you can support them securely. 3?? Build a mental map of how your work fits into the bigger picture. If you want to move forward in your cybersecurity career, don’t just focus on the tech. Focus on understanding the business behind the tech. How do you align your work with your company’s business goals? Let’s talk about it in the comments ?? #Cybersecurity #CareerGrowth #BusinessLeadership #Infosec #ProfessionalDevelopment

?? Significant milestone in #cybersecurity standardization: The Open Cybersecurity Schema Framework (OCSF) joins the Linux Foundation. ?? Key facts: ? Founded in 2022 with support from AWS, IBM, Splunk, and derived from Broadcom's schema work ? Provides a unified language for security data management, sharing, and analysis ? Thriving ecosystem: 900+ contributors, 200+ participating organizations ?? OCSF's impact: ? Simplifies data normalization across diverse environments ? Enhances interoperability between security tools ? Facilitates more efficient threat detection and response ?? Diverse participation from: ? Security-focused ISVs ? Government agencies ? Educational institutions ? Enterprises ?? Linux Foundation backing enables: ? Expanded development opportunities ? Improved collaboration for addressing emerging cyber threats ? Empowerment of data producers, engineers, and security teams ??? Industry leaders from Amazon, HPE, CVS Health, and MGM Resorts support this move, citing benefits in data standardization and ecosystem-wide innovation. Want to learn more? Read https://lnkd.in/g9D7QkPe Want to contribute? Visit https://ocsf.io/ #OCSF #CyberSecurity #DataStandardization #OpenSource #LinuxFoundation #ThreatDetection?