Cyber News – SGBox Next Generation SIEM & SOAR

Next Generation SIEM uncovered: definition, benefits, and best practices

SGBox — Wed, 04 Feb 2026 14:31:13 +0000

What is Next Generation SIEM?

Next Generation SIEM represents the evolution of traditional Security Information and Event Management solutions.

Born to tackle the challenges of an increasingly complex and dynamic threat landscape, a Next Generation SIEM combines event collection and correlation with advanced analytics powered by Artificial Intelligence (AI), Machine Learning (ML), and orchestrated automation.

While traditional SIEMs focus primarily on log collection and alerting, a Next Generation SIEM goes further: it processes vast volumes of data in real time, identifies anomalous behavioral patterns, and enables automated threat responses, drastically reducing the average time to detect and respond.

This transformative approach is what shapes the future of SIEM, proactive cybersecurity designed to anticipate and mitigate attacks before they occur and impact business operations.

Components of Next Generation SIEM

A Next Generation SIEM is more than just a log and event management system, it’s an intelligent, integrated ecosystem for proactive security monitoring.

Key components include:

Data Collection and Normalization: gathers information from systems, applications, identities, cloud environments, and networks.

User Behavior Analytics: uses machine learning and User and Entity Behavior Analytics (UEBA) to detect anomalies and advanced patterns.

Event Correlation Engine: enriches events with third-party threat intelligence and operational context.

Integrated SOAR: automates responses, workflows, and playbooks to accelerate threat mitigation.

Visualization and Reporting: intuitive dashboards display attack timelines and insights aligned with security policies.
Scalable Cloud Architecture: Next Generation SIEMs integrate seamlessly with Cloud platforms, providing scalability and instant access to security insights without requiring complex hardware infrastructure.

This architecture supports a complete security cycle, from visibility to response, combining data science and security operations within a single platform.

Traditional SIEM vs Next Generation SIEM: what’s the difference?

Feature	Traditional SIEM	Next Gen SIEM
Data Analysis	Rule-based	AI/ML and behavioral analytics
Scalability	Limited, often On-Premises	Cloud-native and flexible
Detection	Reactive	Proactive and predictive
Automation	Manual or semi-automated	Full orchestration (SOAR)
Visibility	Partial and siloed	Unified, multi-environment

While legacy solutions focus on compliance and log management, Next Generation SIEMs address modern complexity with deep visibility into identities, Cloud environments, and user behavior, reducing “noise alerts” and focusing security resources on the highest-priority threats.

Benefits of Next Generation SIEM for SMEs

For small and medium-sized enterprises, adopting a Next Gen SIEM means closing critical gaps in defensive capabilities and response times:

Enhanced detection of advanced threats: AI and UEBA help identify sophisticated attacks before damage occurs.

Reduction of false positives: intelligent systems filter out noise, easing analysts’ workload and improving operational efficiency.

Automated responses: integrated SOAR allows mitigation and containment actions to run automatically, reducing average response time.

Compliance support: automated reporting and continuous visibility help SMEs stay aligned with regulations such as GDPR and NIS2.

Cost optimization: Cloud-native architectures allow businesses to pay only for what they use, avoiding heavy hardware investments.

Best Practices for Implementing a Next Generation SIEM

To fully leverage a Next Generation SIEM, it is essential to follow best practices:

Clearly define security objectives before implementation to align technology with operational priorities.

Integrate all relevant data sources, including cloud environments, endpoints, identities, and critical business applications.

Configure use cases and response playbooks based on realistic attack scenarios.

Continuously monitor and update AI/ML models to refine detection and reduce false positives.

Combine with SOAR and Threat Intelligence to maximize automation and contextual decision-making.

These steps help transform a SIEM from a simple log management tool into a predictive, operational security platform.

Future trends: AI challenges in SIEM

Looking ahead, AI and machine learning will remain a cornerstone of SIEM innovation. Emerging technologies will drive:

Predictive and contextual detection: systems capable of anticipating anomalous behaviors before they occur.

Increasingly sophisticated automation: enhanced SOAR capabilities with autonomous decision-making based on continuous learning.

Integration with XDR and Zero Trust security: SIEM merging with Extended Detection & Response and Zero Trust models for a fully integrated defense cycle.

Generative AI support: using generative models to simulate attack scenarios and improve automated playbooks.

These trends reflect the growing need for solutions that not only detect threats but also predict and autonomously adapt defenses.

SGBox: modular and scalable Next Generation SIEM & SOAR Platform

SGBox offers a next-generation platform designed to simplify ICT security management.

It integrates SIEM and SOAR capabilities into a single solution, combining advanced log collection and management, event correlation, in-depth analysis, and automated incident response.

Its modular design allows businesses to adapt the solution to their maturity level, while the scalable architecture ensures high performance even in Cloud and Multi-Tenant environments.

SGBox’s features help SMEs transform security management from an operational cost into a strategic asset, providing all the tools needed to protect data integrity and ensure business continuity against any cyber threat.

Discover the Platform>>

Zero Trust Security: what does it consist of?

SGBox — Mon, 02 Feb 2026 10:56:18 +0000

What does Zero Trust mean?

Zero Trust is a security framework based on the principle “never trust, always verify.”

According to this principle, access to corporate resources is strictly controlled and granted only after thorough verification of the identity and context of the user or device, applying security rules based on the principle of least privilege.

This modern approach continuously validates security configurations and postures to ensure strong protection against rapidly evolving threats.

In recent years, the Zero Trust framework has become the foundational paradigm for securing digital infrastructures.

By 2026, Gartner estimates that approximately 10% of large enterprises will adopt a mature program based on this security approach.

Why the Zero Trust model emerged

Historically, cybersecurity relied on a perimeter-based approach (the so-called castle-and-moat model): everything inside the corporate network was considered trustworthy. Today, this paradigm is no longer sustainable.

Cloud computing, SaaS applications, remote access, mobile devices, and OT environments have dissolved the traditional perimeter. Modern threats also exploit compromised credentials and lateral movement, making implicit trust ineffective.

The Zero Trust model was created precisely to address these new challenges, eliminating the concept of default trust and introducing continuous, context-aware controls.

How to build a Zero Trust architecture

To implement a Zero Trust architecture, it is essential to follow several key steps:

Identification and authentication: every user and device must be accurately identified. Using multi-factor authentication (MFA) is a fundamental practice to enhance security.

Network segmentation: dividing the network into micro-segments isolates resources and limits lateral movement in case of a breach.

Continuous monitoring: real-time activity monitoring helps detect abnormal behaviors and potential threats, enabling timely responses.

Granular access policies: defining who can access what, under which conditions, and for how long allows for more precise and dynamic controls.

When integrated into a unified framework, these measures create a secure and resilient environment capable of meeting the challenges of Zero Trust cybersecurity.

The fundamental principles of the Zero Trust model

A proper implementation of the Zero Trust model is based on several key principles that ensure strong enterprise security:

Continuous verification: every user, device, or application must be verified each time it connects to the network, regardless of previous access.

Least-privilege access: each user or system is granted only the minimum privileges necessary to perform their specific tasks.

Micro-segmentation: the network is divided into small, isolated segments to contain and limit the spread of a threat.

Identity-based security: identity becomes the new security perimeter.

Visibility and continuous monitoring: constant collection and analysis of logs and security events.

What are the benefits of the Zero Trust approach?

Adopting the Zero Trust strategy offers numerous advantages:

Reduced risk of breaches: rigorous controls and constant verifications limit unauthorized access and contain potential threats.

Greater visibility and control: continuous monitoring systems provide companies with a detailed view of data flows and activities within the network.

Flexibility and scalability: the Zero Trust architecture easily adapts to dynamic networks and cloud environments, simplifying security management in complex scenarios.

Protection of critical assets: network segmentation and granular access policies ensure that the most sensitive resources are always protected, reducing the impact of potential attacks.

Zero Trust and Regulatory Compliance

The Zero Trust model provides concrete support for compliance with regulations and security frameworks such as:

NIS2, by improving access control, logging, and incident management.
GDPR, by strengthening the protection of personal data.
NIST standards, ISO/IEC 27001, and international best practices.

Event traceability and centralized policy management make audits and compliance activities easier.

How the SGBox Platform Supports Zero Trust architecture

The SGBox platform is designed to integrate Zero Trust security principles simply and effectively.

With advanced monitoring, authentication, and segmentation solutions, SGBox allows companies to:

Implement dynamic access controls: the platform supports the adoption of role-based, context-aware, and behavior-based access policies, ensuring maximum security.

Integrate heterogeneous systems: SGBox offers a unified environment to manage and monitor all network components, facilitating the adoption of a Zero Trust model.

Respond quickly to threats: with real-time analysis and monitoring tools, the platform enables rapid intervention in case of anomalies, reducing the impact of potential attacks.

DISCOVER THE PLATFORM>>

The Key Cybersecurity Challenges for SMEs and Large Enterprises in 2026

SGBox — Thu, 08 Jan 2026 14:09:40 +0000

What are the main cybersecurity challenges in 2026?

Throughout 2026, both small and medium-sized enterprises (SMEs) and large organizations will face increasingly complex cybersecurity challenges.

These challenges are driven by the rapid evolution of digital threats, stringent regulations such as the NIS2 Directive, and a persistent shortage of internal resources.

Defining clear roles, processes, and countermeasures to anticipate threats and mitigate incidents must become a strategic asset around which business continuity is built.

Traditional tools are no longer sufficient: the question is no longer if an organization will be attacked, but when.

Let’s explore the key trends and challenges that companies will need to address over the course of this year.

Regulatory compliance

The NIS2 Directive imposes strict obligations regarding risk management, incident reporting within 24 hours, and supply chain security management, with penalties of up to 2% of global annual turnover for non-compliance.

Many SMEs, lacking dedicated IT teams, will struggle to carry out risk assessments and develop Disaster Recovery plans, exposing themselves to regulatory penalties and reputational damage.

The year 2026 marks the final deadlines for the Directive’s full implementation, with the October deadline requiring the adoption of risk management measures to ensure supply chain security.

Advanced AI-driven threats

The use of artificial intelligence by malicious actors represents a critical challenge. To mitigate these risks, it is essential to adopt multi-layered security measures and strategies capable of evolving in step with the growing complexity of emerging threats.

SMEs are a preferred target for cybercriminals due to their lack of internal expertise and technological resources able to detect threats within corporate IT infrastructures and respond effectively to incidents.

This makes AI a key element of the Cybersecurity Trends 2026, as its applications continue to expand and evolve, giving rise to increasingly sophisticated and dynamic threats.

How will the Zero Trust model evolve in 2026?

The “Zero Trust” security model is redefining corporate security strategies, based on the principle of “never trust, always verify.”

Its key elements include:

Continuous authentication: dynamic validation of users and devices.
Micro-segmentation: isolation of resources to limit the risk of lateral compromise.
Intelligent orchestration: integration of orchestration and automation components (SOAR) for managing multi-cloud and distributed environments.

Implementing this model requires not only technological innovation, but also a cultural shift, supported by adaptive policies and advanced monitoring tools.

Zero Trust architecture stands out among the Cybersecurity Trends 2026 as an essential approach to tackling increasingly sophisticated threats. Gartner predicts that 10% of large enterprises will implement well-defined Zero Trust programs.

IoT security: protecting complex ecosystems

The rapid proliferation of IoT devices introduces new vulnerabilities, making targeted security strategies essential:

Global standards: unified protocols to ensure interoperability and security.
Automated patch management: intelligent systems capable of detecting and fixing vulnerabilities in real time.
Edge computing protection: security solutions deployed at edge nodes to enhance network resilience.

The integration of IoT and AI will enable more efficient distributed control, optimizing operational costs and strengthening threat response.

Within the Cybersecurity Trends 2026, IoT confirms its role as a critical domain where security must be treated as a strategic priority.

SGBox’s SIEM & SOAR platform and Managed Services

Thanks to the modular and scalable features of its proprietary SIEM & SOAR platform, combined with the SOC as a Service offering provided by the dedicated CyberTrust 365 business unit, SGBox delivers tailored solutions to support your organization in building a robust strategy for comprehensive cybersecurity and compliance management.

In this unpredictable and dynamic landscape, we help companies overcome daily IT security challenges by providing a high level of support, specialized expertise, and continuously updated technologies.

Would you like to explore the features of our platform and related services in more detail?

CONTACT US FOR A FREE DEMO >>

Cyber Security in Italy: analysis of the Clusit 2025 Report and solutions for protecting SMEs

SGBox — Wed, 03 Dec 2025 15:28:19 +0000

The new update of the Clusit 2025 Report paints a picture of rapid evolution. While the world battles financial cybercrime, Italy faces an unprecedented wave of geopolitical activism.

In this article, we analyze the main data and how SGBox technology can support Italian SMEs in defending themselves against the most prevalent threats.

Cber Security in 2025: a rapidly evolving landscape

2025 is proving to be a disruptive year for information security. While 2024 already signaled a worrying increase in incidents, the first half of 2025 confirms and aggravates this trend, bringing to light new dynamics that directly impact the operational continuity of companies and Italian institutions.

The latest update of the Clusit Report leaves no doubt: the frequency and severity of attacks are constantly increasing, making cybersecurity no longer an option, but a fundamental pillar for business survival.

The most significant data from the Clusit Report (H1 2025)

Globally, the situation is critical. In the first half of 2025, 2.755 severe incidents were recorded, the highest number ever logged for a single semester, marking an increase of 36% compared to the previous semester.

It is not just a matter of quantity, but of quality and impact: 82% of the incidents analyzed had consequences of “Critical” or “High” severity.

This means that when an attack succeeds, the economic, reputational, and operational damages are almost always devastating.

Focus on Italy: a worrying anomaly

Italy continues to be in an uncomfortable position. Despite representing a minimal fraction of the world’s population, our country suffered 10.2% of the global attacks recorded in the first half of 2025.

However, what distinguishes Italy from the rest of the world is the nature of the attackers. While globally Cybercrime (driven by profit) dominates with 87% of incidents, in Italy, we are witnessing the overtake by Hacktivism. In our country, 54% of attacks are of activist/geopolitical matrix, versus 46% of cybercrime.

This peculiarity is reflected in the attack techniques:

DDoS (Distributed Denial of Service): this is the leading technique in Italy, used in 54% of cases (versus 9% globally), aimed at paralyzing services and creating visible disruptions.

Malware and Ransomware: although decreasing to 20% of the total in Italy, they remain a lethal threat to the integrity of company data.

Which sectors are most affected?

No sector can be considered safe, but 2025 has seen specific targeting of certain verticals:

Government & Military: this is the most affected sector in Italy (38% of the total), with a dizzying growth in incidents (+600% compared to the same period in 2024), driven by geopolitical tensions.

Transportation & Storage: rises to second place (17%), highlighting the fragility of supply chains and logistics.

Manufacturing: represents 13% of Italian incidents, confirming itself as a critical target due to the convergence between IT and OT and the value of intellectual property.

How SGBox responds to emerging threats

Faced with a scenario where DDoS attacks aim to halt operations and “Agentic” Artificial Intelligence begins to make threats more autonomous and sophisticated, Italian SMEs need total visibility into their infrastructure.

The SGBox platform offers a concrete and modular response to the critical issues highlighted by the Clusit Report:

Real-Time monitoring against DDoS: given the prevalence of DDoS attacks in Italy, SGBox’s ability to collect and correlate logs from different sources (firewalls, routers, servers) allows for real-time identification of traffic anomalies. This enables security teams to react promptly before the service is completely interrupted.

Defense against Malware and Ransomware: with 20% of Italian attacks still based on Malware, SGBox’s Event Correlation (SIEM) functionality is decisive. By analyzing suspicious patterns and correlating seemingly disconnected events, the platform can detect early signs of anomalies and automatically generate security alerts.

User Behavior Analytics (UEBA) for Agentic AI: the new threats based on Agentic AI operate autonomously and adaptively. The SGBox UEBA module analyzes the behavior of users and entities: if an account or a process begins to behave abnormally (e.g., accesses at strange hours, data exfiltration), the system signals it, regardless of whether the attacker is human or an AI-guided bot.

NIS2 Compliance and reporting: with the consolidation of the requirements imposed by the NIS2 Directive, risk management and incident notification become mandatory for many companies in the Supply Chain (Manufacturing, Transport). SGBox simplifies compliance by centralizing logs and generating advanced reporting ready for audits, reducing the bureaucratic burden.

Future prospects

The analysis of the Clusit 2025 report suggests that uncertainty is the “new normal”.

The gap between the offensive capability of attackers and the defense of companies is widening, and for the coming year, we expect the use of Artificial Intelligence in attacks to become increasingly pervasive and “underground,” making threats less evident but more insidious.

The challenge for Italian SMEs is not just technological but also cultural: it is necessary to move from a reactive approach to a proactive one, through well-defined security strategies and technologies capable of promptly detecting and responding to new cyber threats.

SGBox is committed to remaining at the forefront of cyber threat evolution, continuously developing new features and updating its solutions to guarantee the maximum level of protection to its customers.

To find out how SGBox can help your organization build a solid cybersecurity strategy, contact us for a personalized consultation.

PROTECT YOUR COMPANY>>

11 ways to optimize logging costs

SGBox — Mon, 17 Nov 2025 13:06:22 +0000

How can you optimize log-related costs?

In an increasingly data-driven world marked by constantly evolving threats, efficiently managing logs becomes a key strategic lever: it’s not just about controlling costs, but about ensuring operational visibility, security, and compliance without unnecessary expenses.

Adopting a Log Management platform allows you to achieve the right balance between visibility into security data across IT (Information Technology) and OT (Operational Technology) environments, while reducing overall costs.

Here’s how, together with SGBox, you can turn log management into an efficient process that creates a competitive advantage in terms of security and compliance.

1 – Define log retention policies

Keeping every generated event may seem like a cautious choice, but it often results in unnecessary expenses. Logs must be segmented by importance (critical / operational / less relevant) and assigned appropriate retention periods.

SGBox helps companies map log flows, define retention policies aligned with regulatory requirements (e.g., GDPR, NIS2), and automate archiving or deletion at the end of the useful lifecycle.

2 – Filter based on log level

Not all logs have the same value, meaning some are redundant and unnecessary for initiating security activities. Irrelevant, low-value logs should be reduced, as they can negatively impact SOC team operations.

SGBox supports the configuration and monitoring of log levels in complex environments, helping filter out priority alerts that are truly useful for security operations and audits.

3 – Use log compression

The volume of collected logs can grow quickly and disproportionately. Applying compression techniques reduces storage space and transfer costs without compromising accessibility.

SGBox offers integrated solutions for log compression and archiving, ensuring that data remains available for analysis while occupying fewer resources.

4 – Centralize Log Management

When logs originate from multiple applications, microservices, and regions, spreading them out makes analysis, correlation, and cost-control significantly harder. A centralized platform provides visibility, aggregation, and control.

SGBox delivers an advanced Log Management and SIEM platform that centralizes logs and security events, streamlines analysis procedures, and optimizes storage and access, reducing duplication and inefficiencies.

5 – Monitor and control log ingestion

Controlling which logs are ingested avoids allocating financial and technological resources to store unnecessary data. It’s important to set thresholds, control metrics, and anomaly alerts for log ingestion.

With SGBox, you can define automatic rules and alerts for log ingestion, exclude irrelevant traffic, and act quickly in the event of unexpected variations or spikes.

6 – Analyze data before archiving

Not all data deserves long-term storage. Enrichment and normalization at the point of entry allow filtering, aggregation, and transforming logs into more useful and compact formats, reducing costs and improving analysis quality.

SGBox supports data-enrichment pipelines, log transformation, and intelligent filtering so that only data truly needed for security, auditing, and actionable SIEM inputs is retained, optimizing threat detection performance.

7 – Use Tiered storage

Not all logs require the same level of accessibility: recent logs are consulted frequently, while historical logs are typically used only for audits or compliance. Using lower-cost storage tiers (cold, deep-archive) leads to significant savings.

With SGBox, you can define automatic policies that move logs across tiers (hot → warm → cold) based on usage, ensuring fast access where needed and more economical storage elsewhere.

8 – Automate Data Lifecycle Management

Manual interventions and sporadic actions lead to errors, hidden costs, or unnecessary data retained for too long. Automating the entire lifecycle, from collection, to tier transitions, to deletion, is essential.

SGBox integrates automation features for lifecycle management: automatic log transitions, scheduled expiration and deletion, all in line with internal policies and applicable regulations.

9 – Optimize indexing strategies

In log search engines indexing determines both cost and performance. Poor choices inflate costs.

SGBox supports companies in designing efficient log-search architectures: optimized mappings, shard/replica management, index rollover policies, and snapshot & archiving strategies that reduce costs and improve response times.

10 – Use cost governance tools

Understanding where money is spent, forecasting increases, and setting budget thresholds help maintain control over logging-related expenses. Dashboards, reports, and alerts are essential.

SGBox offers economic visibility across the entire log stack: dedicated reporting, cost driver analysis, alerts, and support for defining operational budgets, avoiding unexpected billing surprises.

11 – Apply log sampling

In high-volume environments (IoT, microservices, heavy traffic), recording every event can become prohibitive. Sampling consists of storing only a selected percentage of less-critical events while maintaining visibility into errors and anomalies.

SGBox helps define structured sampling policies: clear criteria (errors, security events, user behavior), dedicated flows for critical and non-critical events, and continuous monitoring of sampling effectiveness.

Discover SGBox Log Management >>

The role of SIEM in producing and managing security audits for regulatory compliance

SGBox — Wed, 15 Oct 2025 10:35:19 +0000

In a context where cybersecurity regulations are becoming increasingly stringent, ensuring compliance is no longer just a legal obligation, it’s a fundamental requirement for maintaining the trust of clients and partners.

Tools such as SIEM (Security Information and Event Management) play a crucial role in this process, enabling organizations to monitor, record, and analyze system activities to demonstrate their adherence to key regulations, including NIS2 and GDPR.

How SIEM enables regulatory compliance

Cybersecurity regulations like the NIS2 Directive, GDPR, and ISO 27001 standards require organizations to adopt appropriate technical and organizational measures to ensure data protection and effective incident management.

However, the real challenge for many companies lies in proving compliance, documenting every monitoring, analysis, and response activity.

This is where SIEM comes into play.

A SIEM system collects and correlates logs from all corporate devices and systems,such as firewalls, servers, endpoints, applications, and IoT devices, providing a comprehensive, real-time view of the organization’s security posture.

Thanks to its automated correlation and behavioral analysis capabilities, SIEM helps identify suspicious events, intrusion attempts, or data breaches.

More importantly, it records every activity in a structured and verifiable manner, ensuring the traceability required to meet audit and compliance obligations.

In practice, SIEM allows organizations to:

Centralize log collection and maintain logs in an unalterable format, as required by the GDPR.
Track and document access, changes, and security incidents.
Demonstrate the ability to promptly detect and respond to threats, as mandated by NIS2.
Automate the production of compliance reports according to predefined standards.

Security reports and audits

One of the main advantages of a Next-Generation SIEM system is its ability to automatically generate detailed and customizable security reports.

These reports are an essential resource for both internal and external audits, clearly demonstrating compliance with relevant regulations.

A security audit is an in-depth evaluation of an organization’s IT infrastructure and security practices, designed to identify existing vulnerabilities before they can be exploited by cybercriminals.

SIEM-generated reports may include:
Statistics on detected security events.
A timeline of incidents and corresponding responses.
Vulnerability analyses and attack trend assessments.
Comparisons between current security levels and regulatory requirements.

By automating reporting, SIEM reduces the workload of SOC teams, minimizes the risk of human error, and ensures the consistency and reliability of data over time.

During a security audit, having up-to-date and verifiable reports makes it easier to demonstrate to regulators that security controls are in place and that monitoring processes are actively maintained.

The importance of conducting periodic security audits

Performing periodic security audits is one of the best practices for maintaining compliance and ensuring an organization’s cyber resilience.

Audits help verify that security controls are effective, up to date, and aligned with current regulations.

Without appropriate tools, collecting and analyzing the data required for an audit can be a lengthy and complex process.

A SIEM system simplifies and accelerates this process by allowing organizations to:

Automatically analyze system logs and detect abnormal behavior.
Highlight potential risk or non-compliance areas.
Demonstrate continuous monitoring and timely corrective actions.

Conducting regular audits with the support of a SIEM transforms compliance from a mere obligation into an opportunity, enhancing not only security but also corporate transparency and governance.

SGBox and regulatory compliance

SGBox is a Next-Generation SIEM & SOAR platform designed to simplify security and compliance management for organizations of all sizes and industries.

Thanks to its modular architecture and advanced log management capabilities, SGBox enables organizations to:

Collect, normalize, and store security logs in full regulatory compliance.
Automate the generation of compliance reports for standards such as GDPR, NIS2, ISO 27001, and PCI-DSS.
Correlate security events and orchestrate incident responses (SOAR functionality).
Easily integrate new data sources and security modules to accommodate infrastructure growth.

In addition, SGBox offers intuitive, customizable dashboards that give IT Managers, CISOs, and DPOs a clear, real-time overview of security and compliance status, facilitating collaboration between technical teams and corporate management.

DISCOVER SGBOX SIEM>>

New threats (Ransomware and AI): defending with an advanced SIEM

SGBox — Tue, 02 Sep 2025 07:12:17 +0000

The current context: Ransomware and emerging AI threats

In recent years, Ransomware has become increasingly sophisticated and widespread. The rise of the Ransomware-as-a-Service model has enabled even criminals with limited skills to launch complex attacks.

In Italy, ransomware continues to rank among the most impactful threats during the first half of 2025, with a total of 91 attacks (compared to 92 in the first half of 2024). The most significant cases of the semester targeted a university, a hospital diagnostic lab, and several digital service providers for public administration. (Source: ACN Operational Summary).

The development of AI gives attackers new opportunities to create sophisticated threats that are becoming more frequent, adaptive, and difficult for traditional defense systems to detect.

This scenario makes intelligent and responsive security tools essential.

Challenges for SMEs, IT Managers, CISOs, and DPOs

Small and medium-sized businesses often lack dedicated security teams or large budgets. In this context, IT Managers, CISOs, DPOs, and Account Managers seek clear, effective, and ready-to-use solutions that ensure protection, business continuity, and regulatory compliance.

Why the adoption of an advanced SIEM is essential

A Next Generation SIEM leverages advanced contextual and behavioral data to detect subtle anomalies such as zero-day threats or unusual user behavior—issues that traditional defense systems often miss.

This enables the detection of silent attacks at their earliest stages, reducing response times and allowing the implementation of countermeasures to minimize damage.

Automation and Rapid Response

Modern SIEM solutions incorporate advanced correlation engines that proactively identify threat signals and trigger automated responses.

Centralization, continuous Monitoring, and Compliance

Advanced SIEMs centralize logs and events from multiple systems, enabling continuous monitoring and the creation of reports for security audits and compliance with GDPR, ISO 27001, or PCI DSS.

This streamlines operations and helps DPOs address regulatory requirements.

How SGBox’s Next Generation SIEM makes the difference

Modular, Scalable, and Cloud-Native Architecture

SGBox offers a Next Generation SIEM & SOAR Platform with a modular and distributed architecture, adaptable to the needs of both SMEs and large enterprises.

The Cloud SIEM version eliminates hardware and maintenance costs, offering automatic updates, customized integrations with existing infrastructures, and continuous monitoring.

In-Depth analysis, Threat Intelligence, and integrated SOAR

The SGBox platform includes a powerful correlation engine, Threat Intelligence capabilities for proactive analysis, and automated incident responses through its integrated SOAR component, which significantly reduces average detection and response times.

This allows IT Managers and CISOs to focus on priority threats, supported by intuitive dashboards and reports, achieving greater effectiveness in incident management.

Practical benefits of SGBox SIEM for businesses and Public Administration

Operational efficiency, thanks to automation that reduces workload and complexity.
Cost reduction, especially with the SaaS model, avoiding infrastructure investments.
Strategic support, with continuous monitoring, aggregated visibility, and compliance support.
Faster response times, powered by the SOAR engine, which shortens containment phases.

Explore the features of the Platform >>

SecureGate appoints Nusantara Asia Pacific as its Official Distributor in the ASEAN region

SGBox — Mon, 04 Aug 2025 07:52:53 +0000

Milan, August 4th – SecureGate, a leading provider of cybersecurity products and services, has officially appointed Nusantara Asia Pacific as its distributor across the ASEAN region.

The new partnership marks another step forward in the global expansion of SecureGate, that will enhance the availability of advanced cybersecurity solutions across the region through the 2 Business Unit: SGBox and CyberTrust 365.

SGBox’s Next generation SIEM & SOAR platform provides organizations with modular and scalable solutions to monitor, detect, and automatically respond to cyber threats effectively, while CyberTrust 365 offer tailored Managed Cyber Security Services for H24 security detection, prevention and response activities.

By partnering with Nusantara Asia Pacific, a leading value-added (VAD) technical distributor and authorized services, SecureGate aims to enhance the cyber security posture of SME’s and large enterprises with cutting-edge IT products and managed security services.

“We are delighted to announce Nusantara Asia Pacific as our official distributor for Indonesia and select regional markets,” said Patrick Ramseyer, Vice President of Sales for APAC and EMEA at SecureGate.

“This partnership marks a significant step forward in our regional expansion strategy. Nusantara’s strong local presence, deep market understanding, and proven track record in cybersecurity distribution make them an ideal partner to represent our solutions. We are confident that, together, we will bring greater value, visibility, and support to customers across Indonesia and beyond.”

The new distribution agreement represents a significant milestone for both companies, enabling them to support businesses in overcoming daily cybersecurity challenges in the Asia Pacific countries through continuous technical support and comprehensive pre- and post-sales assistance.

“We are pleased to be a part of this significant milestone with SecureGate”, said Susantari, Sales Director at Nusantara Asia Pacific.

“This partnership enhances our ability to provide businesses in the Asia Pacific region with the cutting-edge tools and comprehensive support they need to effectively address their daily cybersecurity challenges”.

SGBox Announces New Distribution Agreement with CIPS Informatica

SGBox — Thu, 19 Jun 2025 07:05:48 +0000

The new partnership will allow Italian companies to benefit from SGBox’s SIEM & SOAR platformand the related Manged Security Services to protect against cyber threats in compliance with regulations.

Milan, June 19, 2025 – SecureGate is pleased to announce a new partnership with the Italian distributor Cips Informatica for the supply of IT products included in the proprietary SIEM & SOAR platform, as well as the related managed security services provided through the CyberTrust 365 Business Unit.

Thanks to this collaboration, IT resellers, MSPs, and system integrators will have access to a modular and scalable platform for enterprise security monitoring, ideal for meeting the requirements of NIS2, ISO/IEC 27001, GDPR, and other European and national regulations.

SGBox is the Next Generation SIEM & SOAR platform — modular and scalable — entirely designed in Italy, developed to simplify and optimize ICT security management for companies of all sizes.

Its advanced log collection and management capabilities, correlation, analysis, and automated responses allow companies to protect themselves from all types of cyber attacks.

Thanks to intuitive reports and dashboards, the platform provides a comprehensive and real-time view of the IT infrastructure’s security status.

Based on these functionalities, Managed Cybersecurity Services are also provided through the CyberTrust 365 Business Unit, offering comprehensive management of security activities, compliance, and 24/7 monitoring of the IT infrastructure.

By partnering with CIPS Informatica—a provider of IT solutions with over 30 years of experience in the Italian market—SGBox aims to further expand its reach and equip local businesses with the necessary tools to overcome daily cybersecurity challenges.

We are excited to begin this collaboration with CIPS Informatica, a solid and well-established partner in the Italian IT distribution landscape.

Thanks to this agreement, we will be able to expand access to our SGBox SIEM & SOAR platform and related managed security services through a qualified and widespread sales network.

It’s a strategic step that allows us to respond even more effectively to the cybersecurity needs of Italian companies, providing scalable, reliable, and fully managed solutions,” said Massimo Turchetto, CEO of SGBox.

“We are proud to announce this partnership with SGBox, an Italian company that combines technical expertise, innovation, and strategic vision in the field of cybersecurity,” said Mario Menichetti, CEO of CIPS Informatica.

“With SGBox, we are further strengthening our offering to the channel, delivering concrete solutions to tackle the challenges posed by NIS2 and to support companies on their path to compliance and digital resilience.”

About SecureGate

SecureGate is a dynamic IT vendor providing advanced security solutions to protect companies from cyber threats, with high standards of support and technical assistance. SecureGate’s offerings are structured through two Business Units: SGBox and CyberTrust 365.

SGBox is the Business Unit focused on developing IT products. Through its “Next Generation SIEM & SOAR” platform, it offers a range of modular solutions for managing ICT security in compliance with regulatory requirements.

CyberTrust 365 is the Business Unit dedicated to Managed Cybersecurity Services. It provides full 24/7 protection by managing all activities related to an organization’s IT infrastructure security.

Website: https://www.securegate.it/

About CIPS Informatica

Since 1991, CIPS Informatica has been a reference point for the distribution of IT solutions in Italy, with a focus on cybersecurity, networking and data protection. Through a network of resellers and system integrators, CIPS supports companies in the digital transformation and protection of their IT infrastructures.

Website: www.cips.it

The most widespread cyberattacks in 2025

SGBox — Mon, 12 May 2025 09:05:25 +0000

Today’s digital landscape, marked by the proliferation of digital devices and new technologies, is seeing a rise in cyber threats that can compromise data integrity and operational security in organizations.

But which are the most common attacks? And how can you protect yourself?

We discuss this in the following article, analyzing the most prevalent attacks and emerging trends across key industries, and showing how SGBox can provide the tools needed to enhance organizational cybersecurity.

Cyberattacks in 2025

In 2025, the manufacturing, healthcare, and financial sectors, along with cloud and IoT technologies, are facing a proliferation of sophisticated cyberattacks.

The main threats confirm and intensify known trends: ransomware (often delivered as a service – Ransomware-as-a-Service), advanced phishing campaigns (sometimes AI-driven), software supply chain compromises, DDoS attacks (including ransom DDoS – RDoS), and zero-day vulnerabilities.

New technologies (generative AI, cloud microservices, IoT devices) and geopolitical tensions (e.g., international conflicts) have driven criminals to innovate: API attacks are on the rise, AI is being used to craft personalized phishing, and enhanced IoT botnets (Mirai/R2-D2) are powering mega DDoS attacks.

At the same time, there is a growing number of malware-free attacks, targeted social engineering, and cloud credential compromises.

From a regulatory perspective, directives like NIS2 in the EU, along with emerging laws on AI and healthcare data, have expanded the risk landscape for SMEs.

Summary of Key 2025 Attacks by Sector/Technology (Source: ENISA Europe):

Main trends in Cyberattacks

Ransomware on the rise: it remains the number one threat across all sectors. Victims range from major manufacturers to hospital networks; in 2024, 65% of industrial companies suffered ransomware attacks.

The ransomware-as-a-Service model continues to spread: new groups like RansomHub (active since 2024) allow even less skilled criminals to launch attacks. On the other hand, international law enforcement has struck major gangs, but the impact is limited due to the rapid emergence of replacements.

Malware-free and AI-driven attacks: advanced techniques are increasingly used, leaving no traditional payload. Cyber criminals leverage generative AI to create highly convincing phishing and custom exploits.

Supply Chain and third parties: attacks on the software and hardware supply chain are increasing. Vulnerable firmware and open-source libraries are preferred targets: in 2024, a backdoor was found in an open-source project, discovered only due to unusual CPU spikes. Organizations, including SMEs, must now treat third-party providers and software vendors as potential attack vectors.

Geopolitics and hacktivism: the Russia-Ukraine war and other conflicts have driven waves of DDoS attacks and disinformation campaigns. In finance, geopolitical events triggered DDoS surges (e.g., 58% of attacks targeted European banks). Manufacturing, with global supply chains, is also exposed to political tensions: state actors seek industrial data or aim to disrupt adversaries’ critical production.

Regulations and compliance: in Europe, new directives like NIS2 and DORA mandate cybersecurity measures in many sectors (including manufacturing and finance SMEs). Additionally, the EU’s AI Act imposes strict rules on AI use (e.g., in factories or financial services).

In healthcare, stricter data protection requirements (e.g., Health Information laws) are pushing SMEs to enhance internal controls. These regulations increase penalties in the event of an incident and raise the minimum standards for defense.

How SGBox protects organizations from Cyberattacks

Detects early signs of an attack

The SGBox Platform analyzes everything happening in IT systems in real time (logins, suspicious activity, intrusion attempts) and immediately alerts if something is wrong.

Aggregates and correlates data across technologies

Whether it’s an industrial machine, a healthcare app, or a financial system, SGBox connects the data, providing a comprehensive and up-to-date risk overview.

Responds automatically to limit impact

When it detects a real threat, SGBox can automatically trigger actions such as blocking suspicious access, isolating a device, or alerting IT staff.

Identifies unauthorized or unusual activity

It can detect when a user, even with valid credentials, does something unusual or risky—like accessing sensitive data at odd times or from unexpected locations.

Monitors Cloud services and secures digital identities

As more data moves online (e.g., Microsoft 365, SPID, digital healthcare services), SGBox checks for misconfigurations, unauthorized access, or credential theft risks.

Constantly monitors connected devices, even hidden ones

From medical tools to factory equipment and smart office devices, SGBox detects anomalies even in the hardest-to-monitor endpoints.

Supports regulatory compliance

SGBox generates automated reports and dashboards to help companies demonstrate compliance with increasingly strict regulations such as NIS2, GDPR and more.

Streamlines SOC team workflows

With SGBox, SOC teams have a powerful tool for monitoring, analyzing, and responding to critical events—all in one platform.

Thanks to its SIEM (Security Information & Event Management) functionality, all security information is centralized, offering clear and immediate insights into the most critical threats the SOC can act on without delay.

The SG-SOC Service by CyberTrust 365

Building on the SGBox SIEM & SOAR Platform, the SG-SOC managed service provides full cybersecurity activity management and 24/7 monitoring.

Here’s how CyberTrust 365’s SG-SOC as a Service helps organizations in manufacturing, healthcare, finance, cloud, IoT, and public administration address identified threats:

24/7/365 monitoring by a dedicated team

An external SOC department that’s always on, constantly monitoring your infrastructure and responding immediately to anomalies.

Early warning advisory

Continuous gathering and classification of threat intelligence sources to promptly alert you to emerging threats before they cause damage.

Automated Incident Response

Thanks to SOAR integration, SG-SOC can execute automated playbooks (system isolation, IP/domain blocking, IT team alerts) to quickly contain attacks like ransomware or credential compromises.

Centralized Log analysis (SIEM)

All events from networks, endpoints, cloud, and IoT feed into a single platform that correlates them in real time, allowing you to detect advanced phishing or malicious intent early.

Proactive Vulnerability Management

Regular scans and detailed reports on weaknesses (including OT/IoT devices and legacy software) to plan patches and reduce the attack surface.

Exposed surface mapping and protection (EASM)

Automated checks of external assets, cloud services, and public resources (e.g., SPID portals, PagoPA) to find insecure configurations or Dark Web leaks.

Advanced MITRE ATT&CK detection

Analysis of indicators of compromise and attacker TTPs (Tactics, Techniques & Procedures) to pre-empt APTs, supply chain attacks, and DDoS campaigns.

Incident handling & forensic analysis

In case of a breach, SG-SOC immediately initiates forensic investigations to trace the attack chain, eliminate residual threats, and support compliance processes.

Compliance Support

Ready-to-use reports and dashboards to help meet regulatory requirements (e.g., NIS2, GDPR, AdS), simplify audits, and reduce the risk of fines.

Scalability and Plug-and-Play Integration

SG-SOC adapts to the needs of both SMEs and large enterprises, requiring no extra infrastructure or in-house expertise. It integrates with existing IT tools, cutting down costs and implementation time.