Detecting Vulnerable and Compromised Certificate Use/Abuse with Splunk Enterprise Security and Stream

Recently, we have received a number of questions about compromised SSL certificates. One of the challenges this problem presents for analysts is how to gain insight into what these compromised SSL certificates are transporting and with whom are they communicating.

If you were to encounter this situation, you might find yourself being asked the following questions:

  • How would you identify which assets in your organization are affected?
  • How could you arrive at a strategy to prioritize what to remediate first?
  • How do we start looking for these certificates being used in communication across our networks and systems?

Detecting and Remediating

For users of Splunk, many of you know that the Splunk App for Stream can capture wire data. Stream can …

» Continue reading

Wait, what – a youtube video for my app!?

At Splunkbase we are constantly striving to improve the experience for our users – whether it’s the app-discovery process for a Splunk admin/user, or the app-submission and management experience for our developers. We’ve been busy making changes over the last few months, and I thought this would be a good time to cover some of the more important changes we’ve made recently.

There was a lot of backend engineering work done to spruce up the infrastructure, the API, and search results relevancy – changes that are not always apparent to an end-user of Splunkbase. However, in this post I will talk about some user-facing features we recently added with the goal of improving the experience for our developer community. These features will allow you to …

» Continue reading

Help Local Kids in the Bay Area – Come Bowl for Kids’ Sake!

By Kelly Kitagawa

I’ve been involved with Big Brothers Big Sisters for almost two years now. We pair at-risk kids with a Big Brother or Sister – someone they can look up to, explore the world with, put their trust in – truly a role model that can be life-changing. Just by spending one-on-one time with someone with different experiences and a fresh perspective, kids learn more about the world and their own place in it. It can open doors, and their eyes, to a future full of possibilities.

And while every story is unique and different and beautiful, researchers have found that these relationships pay off. After 18 months of spending time with their Bigs, the participating children are:…

» Continue reading

Smart AnSwerS #44

Hey there community and welcome to the 44th installment of Smart AnSwerS.

Have you been looking for an opportunity to expand your Splunk search fu? Look no further! As mentioned in a previous Smart AnSwerS post, come join 60+ RSVP’d users (and counting!) this Monday, November 23rd, 2015 @ 11:00AM PST in attending the SplunkTrust Virtual .conf Session #2. The presenter, Kyle Smith, will be covering his popular .conf2014 session “Lesser-known Search Commands”. Be sure to visit the Meetup page to RSVP, find the URL to the WebEx session, and come learn a thing or two with the rest of us next week :)

Check out this week’s featured Splunk Answers posts:

Is there a posted percentage

» Continue reading

Splunk Provides Analytics Driven Security for SC15

sc15-logo-250x250The Splunk team is providing analytics driven security for the “World’s Most Powerful Computer Network”.

“On November 14, the Austin Convention Center became home to the fastest and most innovative computer network in the world, delivering more than 1.6 terabits per second of network bandwidth to the SC conference (SC15).”SCnet Blog

Splunk Enterprise and Enterprise Security technologies are being used to monitor, alert and visualize activity across the network. During the course of the week, the Splunk team will be posting updates on things we learn and some dashboards and views.

Members of Splunk’s Cyber Research Lab and Security Practice teams will be at SuperComputing 2015 for the entire week. We are looking forward to learning, supporting, …

» Continue reading

Splunk App for PCI Compliance 3.0

pci-dssA few weeks ago we proudly announced the release of the Splunk App for PCI Compliance 3.0, which I will call in this post “the App”. The App, developed and supported by Splunk, helps organizations comply with PCI DSS, a global data security standard developed by a consortium of leading payment card companies to protect debit, credit and pre-paid card holder information.

We have many happy customers using this App and also many customers interested in evaluating it. This blog post addresses some of the most commonly asked questions around the App.

How does the Splunk App for PCI Compliance work and what pre-built content is in it?

For the App to work, first you need to index …

» Continue reading

Monitor your own Smart Home – three top tips from Splunk

Hi all,

One of the great thingIMG_4812s at Splunk is that there are so many devices you can collect data from and make something meaningful out of. We often hear from our (very smart) customers that they are figuring out cool use cases – but we also hire new data geeks like Udo Götzen from the EMEA Technical Services Team, too. He joined Splunk a few weeks ago with a deep security background and has already started to Splunk his postbox (mailbox for the American readers) and the rest of his smart home.

1. Yes you heard right – his postbox!

Sensor in the postbox

infrared sensor built into the postbox

How does it work? He has built an infrared photo sensor into the postbox that gets …

» Continue reading

From the Locker Room to Silicon Valley: Career Advice for Women in Male-Dominated Workplaces

SherryThe following excerpt is from a contributed article to Fast Company:
Career Advice from one of the First-Ever Female Sportscasters

As one of the first female sportscasters in the country, it wasn’t unusual for me to be the only woman in the locker room. In fact, I’ve spent my entire career working in male-dominated fields, first as a broadcast journalist for FOX and ABC affiliates, and later working in, then running, marketing departments in Silicon Valley.

Screen Shot 2015-11-16 at 9.23.07 AMWhile the U.S. has come a long way since passing the Equal Pay Act in 1963, gender equality in the workplace remains elusive. Particularly in male-dominated fields, women often face challenges that go far beyond the wage gap. Researchers from Indiana University, for instance, …

» Continue reading

.conf2015 Highlight Series: Gatwick Airport Looks up to the Cloud

Screen Shot 2015-11-13 at 9.45.12 AMAt Splunk .conf2015, Joe Hardstaff, Business Systems Architect at Gatwick Airport, spoke about the challenges his organization faced as an airport, trying to compete with other local airports with more runways. To give us background on the size of Gatwick Airport, he shared the following stats (you can share them too):

  • Gatwick is the busiest single-runway airport in the world hosting 925 flights per day
  • By 2016, the airport will have serviced 40 million passengers
  • 52 airlines flying to 200 locations in 90 countries (more destinations than any other UK airport)
  • Hardstaff explained that to set themselves apart, his colleagues developed an on-time efficiency solution for Gatwick to allow for an increased number of slots/flights per hour.…

    » Continue reading

    How to Secure Our Nation by Securing Our Networks

    SplunkGov LogoAt our inaugural Splunk GovSummit last month, I told our attendees that in this fast-paced cyber climate, security touches every aspect of our lives. Looking back on 2015, it is no surprise cybersecurity was one of the most heavily discussed topics of the year due to the countless number of cyber attacks and loss of confidential data. It seems like every network is struggling to defend itself from increasingly advanced cyber adversaries. In the OPM cyber breach alone, more than 21.5 million people had their personal information stolen, making it the largest-known loss of federal personnel data. This past year has served as a serious wake-up call for both government and industry to change their cybersecurity posture and start investing …

    » Continue reading