Find Malicious Insiders Before You Become a Headline

Screen Shot 2017-02-14 at 10.13.21 AMThe media is filled with reports of Russia’s possible influence over the U.S. presidential elections. While American security agencies are investigating the Kremlin’s possible involvement in a hack of the Democratic National Committee, a U.S. Intelligence Service unclassified report suggests the Russians motive, at least in part, may have been retaliation for the U.S. working with a malicious insider to leak news of a Soviet Olympic athlete doping scandal.

Regardless of whether the report is true, it reveals a growing concern over insider threats for foreign governments everywhere. Countries such as Canada are heavily investing to protect its citizens against insider and foreign attacks, while the U.S. Department of Defense Inspector General found in a recent audit that the U.S. …

» Continue reading

Stop Security Threats With Real-Time Data Monitoring

Imagine having a vast library of books but not being able to see what words live on the page that you are reading or want to read. That would be like being able to ingest security relevant data from a diverse array of data sources but not being able to use that information to monitor your security posture in near real time.

Library of Congress

Library of Congress

Real-time data monitoring is essential to secure an enterprise because it gives security practitioners the ability to monitor and manage the consumption and use of machine data across complex IT and security systems with visual insights into that data. The data can come from sources such as web logs, application usage to digital transactions. Why …

» Continue reading

Make Security Incidents Less Scary By Organizing Your Response

The Federal Emergency Management Agency (FEMA) created the National Response Framework in 2008 to organize how the national government responds to natural disasters, terrorist attacks and other catastrophic events. Unfortunately, government resources alone can’t properly respond to disasters. That’s why the framework exists. It helps organize FEMA’s limited resources to respond to threats in the most efficient manner possible.

The six-step planning process from FEMA’s National Response Framework

The six-step planning process from FEMA’s National Response Framework

Similarly, incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. The goal is to best organize alerts and resources within a security information and event management (SIEM) system to handle the situation in a way that limits damage and reduces recovery time and …

» Continue reading

Three Ways Machine Data Makes Your SIEM Better at Security

All data is security relevant is a mantra that security practitioners should get used to saying. But knowing what sources you need to tap into to improve your security posture can seem like a daunting task. It doesn’t need to be.

Data sources are a way companies solve the security issues causing them pain or issues that may cause harm. So what exactly is a data source? It can be almost anything from the machine data being generated by your existing firewall to online web logs. Just what data sources you tap into depends on your security use case.

There are already companies that have found unique ways to leverage machine data to work for their specific needs – whether …

» Continue reading

Analytics, SIEM, Nerve Center, Lean SOC to Headline Security Day at AWS re:Invent 2016

Learn all about Splunk at AWS re:Invent 2016.

reinvent-logo-2x-centeredIt is a special time of the year for the Splunk Security Team as we are few weeks away from AWS re:Invent 2016.  It will be an electrifying few days and we look forward to interacting with the AWS community, Splunk customers, security practitioners, and partners. Furthermore, we are excited to learn about their use cases, workloads and innovative ways in which they use Cloud, Splunk Cloud and Splunk security solutions.

Security Day
Join us on December 1st in the Splunk booth #206 to learn about key security themes and solution that will help accelerate your journey to the Cloud.

The Splunk theater session will have presentations throughout the day …

» Continue reading

Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM

New Webinar — register now:
Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM

In the Gartner 2016 Critical Capabilities for Security Information and Event Management (SIEM) report, Splunk scored the highest in all three use cases*: Basic Security Monitoring, Advanced Threat Detection and Forensics and Incident Response

In this report, each capability is then weighted in terms of its relative importance for specific product/service use cases.

SIEMPIC1
 
SIEMPIC2
 
SIEMPIC3

SIEM technologies provide a set of common core capabilities that are needed for all basic security monitoring use cases. Other SIEM capabilities are more critical for the advanced threat detection or incident response and management use cases.

The eight critical capabilities used in the 2016 report to determine scores …

» Continue reading

Use Analytics-Driven Decision Making and Automation to Improve Threat Detection and Operational Efficiency

SCL-Splunk-conf2016-Badge-4_fb-1200x627Today, we announced major advancements to our security analytics portfolio with a new version of Splunk Enterprise Security 4.5 (ES), which introduces significant innovations to Splunk ES.

Enterprise Security (ES) 4.5 includes Adaptive Response, which helps extend security architecture beyond legacy preventative technologies, and events-based monitoring to use connected intelligence for security operations to gain full visibility and responsiveness across the entire security ecosystem. The new release introduces Glass Tables, which expands the visual analytics capabilities of Splunk ES.

Meeting the growing needs of CISOs adopting automation and orchestration

Many Splunk security customers already use automation to eliminate routine tasks in order to accelerate detection and streamline their response times. A recent survey conducted by 451 Research reveals that 57% …

» Continue reading

#splunkconf16 preview: Automation, Machine Learning, Incident Response and Hunting are dominant themes for .conf2016

SCL-Splunk-conf2016-preview-BigDataIdeas_twtr1-440x220It is that special time of the year for the Security Markets team at Splunk as we are few weeks away from .conf2016, Splunk’s annual user conference!

The security track has over 40 learning sessions and numerous hands-on activities.

It will be an incredible four days to interact with our passionate users, CISOs, CIOs, business leaders and learn about the innovative ways in which Splunk users solve their security needs.

You will hear how Splunk customers such as Accenture, Bloomberg, CAA, Aflac, Workday, CERT-EU, MITRE, Sony, Capital Group, Bechtel, Republic Services and more use Splunk to solve their security needs.

This year, we have more than twenty customer led security sessions where you can learn how our customers use …

» Continue reading

Splunk Named a Leader in Gartner SIEM Magic Quadrant for the Fourth Straight Year

Gartner has published the 2016 Magic Quadrant for Security Information and Event Management and Splunk was named a leader for the fourth straight year.

In the report, Gartner placed Splunk in the Leaders quadrant and positioned Splunk furthest overall for completeness of vision.

MQ SIEM FINAL

Our security portfolio, including Splunk® Enterprise and the Splunk Enterprise Security solves basic, advanced and emerging SIEM use cases to dramatically accelerate the detection, investigation of advanced threats and attacks and to rapidly respond and remediate them by providing security intelligence from all security relevant data that is collected across IT, the business, and the cloud.

A growing number of organizations are using Splunk Enterprise Security to augment, replace and go beyond their legacy SIEM deployments.…

» Continue reading

The 4-minute mile challenge and securely moving to the Cloud

roger-bannister_YaXSaAs a runner, I am always fascinated by Dr. Roger Bannister’s achievement of shattering the 4-minute barrier to run a mile. Even though, I was not around to witness this landmark feat, the 4-minute barrier holds a special significance.

Splunk is excited to share with you a new interactive, sub 4-minute video, in which Splunk’s Senior Vice President of Security Markets, Haiyan Song, takes you on a journey to discover how cloud-based SIEM services can cut costs, help security teams reduce remediation cycle times, and demonstrate regulatory compliance, without the hassle of setting up and managing complex hardware.

Within this interactive video, you can access additional customer videos, peruse white papers, listen to a webinar and much more!

The …

» Continue reading