Detecting and Responding to the Accidental Breach

Hello All,

Splunk recently commissioned analyst firm IDC to conduct research in EMEA into how capable organizations are at protecting and responding to hapless user activity. The research questioned 400 organizations across the region, producing some really valuable insights.

header_english

At a time when security breaches are inevitable, one of the primary threat vectors is what IDC calls the hapless user. It isn’t a case of the user being stupid – it’s because attacks are getting far better at tricking users into unintentionally clicking on the wrong link or opening attachments which they shouldn’t.

Why organizations cant deal

In the IDC report you can find out about the threats that companies are most worried about in EMEA, what security technologies they are using and what …

» Continue reading

Eureka! Extracting key-value pairs from JSON fields

With the rise of HEC (and with our new Splunk logging driver), we’re seeing more and more of you, our  beloved Splunk customers, pushing JSON over the wire to your Splunk instances. One common question we’re hearing you ask, how can key-value pairs be extracted from fields within the JSON? For example imagine you send an event like this:

{"event":{"name":"test", "payload":"foo=bar\r\nbar=\"bar bar\"\tboo.baz=boo.baz.baz"}}

This event has two fields, name and payload. Looking at the payload field however you can see that it has additional fields that are within as key-value pairs. Splunk will automatically extract name and payload, but it will not further look at payload to extract fields that are within. That is, not unless we tell it to.

Field

» Continue reading

2016 Scalar Security Study – The Cybersecurity Readiness of Canadian Organizations

This is a guest post contributed by Aoife Mc Monagle, Director, Marketing & Communications at Scalar Decisions
scalar-NoTagline_4CAs Canada’s #1 IT security company, Scalar spends a lot of time advising clients on how to manage cybersecurity risk. We also spend time researching the market to better understand the needs of Canadian clients and how they are dealing with cybersecurity today. In February 2016, we published our second annual security study: The Cyber Security Readiness of Canadian Organizations.

Our objective was to examine changes in the cyber threat landscape, and what strategies, tactics, and technologies respondents were finding most useful in combatting these threats.

2016-scalar-security-study-the-cyber-security-readiness-of-canadian-organizations-1-638

The findings showed that the landscape was generally getting worse year-over-year: more attacks, more breaches, …

» Continue reading

Groupon Standardizes on Splunk Solutions

SM_Share_Twitter_Groupon_102Whether it’s a tempting all-inclusive vacation package or taking advantage of an amazing deal on dinner for two, Groupon’s exciting offers continue to push me to discover new things. The global online and mobile marketplace has been one of our valued customers here at Splunk for five years, and we like to think that during that time we’ve helped Groupon discover a few things as well.

Like many of our retail and e-commerce customers, Groupon relies on the Splunk platform to gain insight into massive amounts of machine data. Now, Groupon has agreed to a multi-year Enterprise Adoption Agreement (EAA) for Splunk Enterprise and Splunk Enterprise Security (ES) that will enable it to gain Operational Intelligence across multiple teams …

» Continue reading

Smart AnSwerS #68

Hey there community and welcome to the 68th installment of Smart AnSwerS.

It’s the week of LGBT Pride in San Francisco, so SplunQers and fellow allies came together yesterday afternoon for our second party ever in the new building at HQ. The courtyard was set up with rainbow themed decorations, treats, and libations (of course) to celebrate the many identities that make up the diversity of our company. The turnout was amazing as we filled the courtyard with lively energy and blaring music in true Splunk fashion. Big thanks to the SplunQers, Fun Council, and Facilities for organizing and promoting an open culture.

Check out this week’s featured Splunk Answers posts:

How to speed up LDAP / Active

» Continue reading

.conf2015 Highlight Series: City of LA and Splunk Cloud as a SIEM for Award-Winning Cybersecurity Collaboration

Updated June 23, 2016:

Screen Shot 2016-06-23 at 1.29.51 PMWe are pleased to announce the City of Los Angeles was recently presented with the City on a Cloud award at the AWS Public Sector Summit in Washington, DC. The City on a Cloud Innovation Challenge recognizes and celebrates local and regional governments in three categories: Best Practices, Partners in Innovation and Dream Big. The City of Los Angeles was selected as the Best Practices winner for its use of innovative, world-class cybersecurity to protect digital assets and deployment of a unique, cloud-based security information and event management (SIEM) solution for the Integrated Security Operations Center (ISOC), to help consolidate, maintain, and analyze security data across the city’s departments.

All of the below was first published

» Continue reading

Full-Scale Operational Intelligence Through CDM

SplunkGov LogoIn the face of high-profile breaches and increasingly sophisticated hackers, the Federal Government’s Continuous Diagnostics and Mitigation (CDM) program is one of the most important and widely discussed cybersecurity initiatives in recent history.

Did you know that Splunk Enterprise will be used at 25 of the largest civilian departments and agencies covering 97% of the federal civilian government workforce?

On Wednesday, May 11, I spoke at the Face-to-Face Cybersecurity CDM event hosted by FCW to discuss how Splunk’s solutions and government’s CDM program fit together. As Nick Murray noted in a recent blog post, the CDM program makes tools and services available to agencies via a government wide contract to help them identify cybersecurity risks on an ongoing basis, prioritize …

» Continue reading

How Otto Gains Multichannel Visibility Into Business Transactions With Splunk

splunk-webinar-logoEvery sector in today’s economy is being impacted in a big way by Digitization. The retail industry is at the forefront. Customers have the ability to order online, in-store, or using their smartphone and they can pick up goods in-store or have them shipped to their doorstep. Retailers that have successfully embraced digitization have seen their market share grow, along with an increasing customer base. Otto (a subsidiary of Otto Group), headquartered in Germany is one such example of a retailer. Founded in 1949 as a mail order catalog company, Otto delivers a comprehensive, multi-channel retail environment and gives its customers the flexibility in how they order their goods. As a result of successfully embracing digitization, Otto has seen their …

» Continue reading

2016 State of DevOps Report: Release 200x and Recover 24x Faster

D1339Sponsor_Graphics_600x300I am happy to announce that Splunk is a proud sponsor of  2016 State of DevOps 2016 Report authored by our technology partner Puppet and DevOps Research and Assessment (DORA). With more than 4,600 responses from IT professionals around the world, this report is one of the most comprehensive in the industry. It examines important trends in the DevOps community today. Key results include:

  • High-performing organizations deploy 200x more frequently than low performers, with 2,555x faster lead times and 24x faster recovery times
  • High performers spend 22% less time on unplanned work and rework, and 29% more time on new work than low performers
  • High performers spend 50% less time remediation security issues than low performers
  • Employees in
» Continue reading

AWS Agility + Splunk Visibility = Customer Success

If you’ve ever wondered how Splunk and AWS work together to drive customer success in the cloud, hear it directly from AWS CEO Andy Jassy and Splunk CEO Doug Merritt in this new 4-minute video:

What’s best is that this message is not just coming from Andy and Doug – so many of our joint customers have publicly shared the value they gain using Splunk and AWS together:

  • Autodesk has gained critical security and operational insights.
  • Coca-Cola North America engaged in a digital marketing transformation.
  • EnerNOC succeeded with DevOps on AWS.
  • FINRA gained security and operational insights, as well as real-time cost management where they are saving over 50% on select AWS workloads.

Screen Shot 2016-06-22 at 8.46.02 AMWhat’s our “secret sauce”?  It’s simple… customer

» Continue reading