Best Practices for using Splunk Enterprise for compliance
In September at .conf2016, the Splunk worldwide users conference, I co-presented a session titled “How to Use Splunk for Automated Regulatory Compliance.” It included a discussion of regulatory compliance and standard/framework 101 and how Splunk could be used for compliance, including some case studies and product demos of the Splunk App for PCI Compliance, the CIS Critical Security Controls App for Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics.
For the technical ninjas attending the session, the most interesting part was probably the closing section covering best practices related to using Splunk Enterprise for compliance which is the focus of this blog post. I have listed these best practices below in …
Splunk Security Takes Double Honors at SC Magazine 2016 Awards
Last week I was fortunate enough to accept not just one award, but two awards, on behalf of Splunk at the SC Magazine 2016 Awards in San Francisco. We were honored to be nominated among the other nominees in each category and were thrilled when Splunk Enterprise won a Trust award for “Best Fraud Prevention Solution” and Splunk Enterprise Security won a Trust award for “Best SIEM Solution”.
The awards reflect the value that you, our users and customers, get from our software. When thousands of users and customers across the globe sing the praises of Splunk and how it helps them detect and defeat cyber threats and fraudsters, the awards and accolades tend to follow!
One key observation I had …
Splunk App for PCI Compliance 3.0
A few weeks ago we proudly announced the release of the Splunk App for PCI Compliance 3.0, which I will call in this post “the App”. The App, developed and supported by Splunk, helps organizations comply with PCI DSS, a global data security standard developed by a consortium of leading payment card companies to protect debit, credit and pre-paid card holder information.
We have many happy customers using this App and also many customers interested in evaluating it. This blog post addresses some of the most commonly asked questions around the App.
How does the Splunk App for PCI Compliance work and what pre-built content is in it?
For the App to work, first you need to index …
Using Data Analytics to Help Secure State and Local Government Networks
While we eagerly await the government’s 30-day cybersecurity sprint report, it is important to remember that large federal agencies such as OPM aren’t the only ones susceptible to cyberattacks. State and local governments handle and collect confidential data just as frequently as federal agencies, which makes them attractive targets for cyberattackers. As the feds search for answers in the wake of OPM, state and local governments should likewise be reevaluating their cybersecurity approaches.
A lot of talk around cybersecurity focuses on improving data encryption, password protection and authentication practices. But one of best, and most underutilized, security resources in government is the data already being collected and the insights that information contains. State and local governments need to start embracing …
Evaluating the Government’s Approach to Investing in Cyber
As you’ve probably noticed, there has been significant media coverage lately about federal agency breaches and the importance of improving cybersecurity practices. The most recent breach of the Office of Personnel Management (OPM) has put a spotlight back on the security practices of federal agencies and has created questions for government leaders around how they can better secure their data. In fact, the incident prompted U.S. Federal CIO Tony Scott to issue a 30-day cybersecurity sprint calling on agencies to evaluate current practices and begin addressing any security gaps or vulnerabilities. But what else can agencies be doing to improve their security posture?
One of the best ways agencies can start doing a better job of securing their networks is …
Use Splunk to detect and defeat fraud, theft, and abuse
In case you haven’t heard, an emerging and fast-growing use case for Splunk is using Splunk for anti-fraud, theft, and abuse (which I will just call “fraud”). Many Splunk customers across a wide range of industries Splunk their machine data and log files for a wide range of anti-fraud use cases, including fraud investigations, detection, and analytics/reporting. They also put the event data from other point anti-fraud tools into Splunk and use Splunk to: (1) break down the siloed nature of these point tools to present a more unified view on fraud, and (2) correlate fraud events with other data sources. Splunk’s flexibility enables it to be an anti-fraud solution and/or enhance existing fraud tools.
A few weeks ago, Splunk …
Splunk Named a Leader in Gartner Magic Quadrant for SIEM…again!
This week Splunk was named a leader in Gartner’s 2014 Magic Quadrant for Security Information and Event Management (SIEM) for the second year in a row. For the MQ, Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here.
We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We now have thousands of security and compliance customers across the world using Splunk for a wide range of use cases including log management, incident investigations, forensics, real-time correlations and alerting, advanced …
“Best of SIEM” 2013 award from the readers of TechTarget
It’s a great time to be doing product marketing for security here at Splunk. Especially because the security awards & accolades keep on coming Just last week we won the “Best of SIEM” 2013 award by the readers of TechTarget’s Information Security magazine and SearchSecurity.com. These awards are especially meaningful because it is you, our customers, who vote on them. You use our software for a wide range of security use cases, get tremendous value out of it, and this is reflected in our Gold award. Thank you!
See the full award here. Some great snippets from the write-up include: “Splunk’s flagship SIEM system, a security tool for machine-generated big data, received top scores across the board.”…….“Splunk indexes ACSII …
Splunk Named a Leader in Gartner Magic Quadrant for SIEM
Last week, Splunk was named a leader in Gartner’s Magic Quadrant for Security Information and Event Management (SIEM). For the MQ, Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here
We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We are now up to over 2000 global security and compliance customers using for a wide range of use cases including, incident investigations, forensics, reporting and dashboarding, real-time correlations and alerting, advanced threat detection, compliance reporting, fraud detection, and more.
The history …
Using Splunk for Computer Forensics
I was talking to one of our Sales Engineers, Bert Hayes, the other day about using Splunk for computer forensics. Bert formerly was a Splunk customer at a large university in the southern U.S. where he used Splunk for security….he really knows his stuff in this area. Anyhow, Bert mentioned to me how he used to use Splunk for computer forensics and pointed me to a great blog that he found helpful on the topic. I found the blog post to be a great read and wanted to share it.
The blog is courtesy of Klein & Co, experts in computer forensics. In the posting they detail how to use Splunk to build a computer forensic timeline for analysis. The …