Using Data Analytics to Help Secure State and Local Government Networks

B_GSiiLXIAAU1wsWhile we eagerly await the government’s 30-day cybersecurity sprint report, it is important to remember that large federal agencies such as OPM aren’t the only ones susceptible to cyberattacks. State and local governments handle and collect confidential data just as frequently as federal agencies, which makes them attractive targets for cyberattackers. As the feds search for answers in the wake of OPM, state and local governments should likewise be reevaluating their cybersecurity approaches.

A lot of talk around cybersecurity focuses on improving data encryption, password protection and authentication practices. But one of best, and most underutilized, security resources in government is the data already being collected and the insights that information contains. State and local governments need to start embracing …

» Continue reading

Evaluating the Government’s Approach to Investing in Cyber

B_GSiiLXIAAU1wsAs you’ve probably noticed, there has been significant media coverage lately about federal agency breaches and the importance of improving cybersecurity practices. The most recent breach of the Office of Personnel Management (OPM) has put a spotlight back on the security practices of federal agencies and has created questions for government leaders around how they can better secure their data. In fact, the incident prompted U.S. Federal CIO Tony Scott to issue a 30-day cybersecurity sprint calling on agencies to evaluate current practices and begin addressing any security gaps or vulnerabilities. But what else can agencies be doing to improve their security posture?

One of the best ways agencies can start doing a better job of securing their networks is …

» Continue reading

Use Splunk to detect and defeat fraud, theft, and abuse

In case you haven’t heard, an emerging and fast-growing use case for Splunk is using Splunk for anti-fraud, theft, and abuse (which I will just call “fraud”). Many Splunk customers across a wide range of industries Splunk their machine data and log files for a wide range of anti-fraud use cases, including fraud investigations, detection, and analytics/reporting. They also put the event data from other point anti-fraud tools into Splunk and use Splunk to: (1) break down the siloed nature of these point tools to present a more unified view on fraud, and (2) correlate fraud events with other data sources. Splunk’s flexibility enables it to be an anti-fraud solution and/or enhance existing fraud tools.

A few weeks ago, Splunk …

» Continue reading

Splunk Named a Leader in Gartner Magic Quadrant for SIEM…again!

This week Splunk was named a leader in Gartner’s 2014 Magic Quadrant for Security Information and Event Management (SIEM) for the second year in a row. For the MQ, Gartner evaluated Splunk® Enterprise and the  Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here.

We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We now have thousands of security and compliance customers across the world using Splunk for a wide range of use cases including log management, incident investigations, forensics, real-time correlations and alerting, advanced …

» Continue reading

“Best of SIEM” 2013 award from the readers of TechTarget

It’s a great time to be doing product marketing for security here at Splunk. Especially because the security awards & accolades keep on coming :) Just last week we won the “Best of SIEM” 2013 award by the readers of TechTarget’s Information Security magazine and SearchSecurity.com. These awards are especially meaningful because it is you, our customers, who vote on them. You use our software for a wide range of security use cases, get tremendous value out of it, and this is reflected in our Gold award. Thank you!

See the full award here. Some great snippets from the write-up include: “Splunk’s flagship SIEM system, a security tool for machine-generated big data, received top scores across the board.”…….“Splunk indexes ACSII …

» Continue reading

Splunk Named a Leader in Gartner Magic Quadrant for SIEM

Last week, Splunk was named a leader in Gartner’s Magic Quadrant for Security Information and Event Management (SIEM). For the MQ, Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here

We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We are now up to over 2000 global security and compliance customers using for a wide range of use cases including, incident investigations, forensics, reporting and dashboarding, real-time correlations and alerting, advanced threat detection, compliance reporting, fraud detection, and more.

The history …

» Continue reading

Using Splunk for Computer Forensics

I was talking to one of our Sales Engineers, Bert Hayes, the other day about using Splunk for computer forensics. Bert formerly was a Splunk customer at a large university in the southern U.S. where he used Splunk for security….he really knows his stuff in this area. Anyhow, Bert mentioned to me how he used to use Splunk for computer forensics and pointed me to a great blog that he found helpful on the topic. I found the blog post to be a great read and wanted to share it.

The blog is courtesy of Klein & Co, experts in computer forensics. In the posting they detail how to use Splunk to build a computer forensic timeline for analysis.  The …

» Continue reading

Splunk Enterprise Selected Best SIEM Solution in 2013 SC Awards

A few weeks ago I was fortunate to be in the room at the SC Magazine U.S. Awards in San Francisco where Splunk Enterprise was selected the “Best SIEM Solution” in the 2013 SC Magazine U.S. Awards, winning a competitive category containing five other SIEM vendor finalists. It was a Readers Trust Award where SC Magazine readers, experienced IT professionals, cast the votes.

It was quite the honor and all of us at Splunk were very proud to win it. It is quite the feat especially when one considers that Splunk has been in the SIEM space for a much shorter time period than most of the other vendors. In that time period, not only have we caught up to …

» Continue reading

SPLUNK 5 – WHAT IT MEANS FOR SECURITY AND COMPLIANCE USE CASES

Splunk 5 – What it means for security and compliance use cases

As you may have read, today we announced Splunk Enterprise 5.0, a major upgrade to the core Splunk platform. There are many new benefits enabled by this release, but I wanted to call out three benefits to security practitioners looking to improve their security and compliance posture.

Easier to Build and Faster Security/Compliance Reports

Often times for security or compliance use cases, reports are needed that cover very large data sets which might even span TBs a day. This could be an aggregation of firewall, IDS, authentication, or anti-malware log events. Maybe you are using these reports to see how threats are trending with time, or to baseline …

» Continue reading

New SANS DShield App..and other free data sources for security

Quick update in the world of security-related Apps for Splunk. Last week, one of the good folks affiliated with SANS, Bojan Zdrnja, created a cool, free “DShield for Splunk” app and put it up on Splunkbase at:

http://splunk-base.splunk.com/apps/51609/splunk-for-dshield

For those of you unfamiliar with DShield, it is a community-based collaborative firewall log correlation system. It receives logs from volunteers worldwide and uses them to analyze attack trends. It is used as the data collection engine behind the SANS Internet Storm Center (ISC).  Detail on the app is on Bojan’s blog posting at:

https://isc.sans.edu/diary.html?storyid=13591

In his words “The application downloads the DShield data (the published All Sources IPs dump) once per day and indexes it into your local Splunk. Once the …

» Continue reading