Splunk Joins Public-Private Partnership to Improve Cybersecurity
Last week Splunk joined several other companies at U.S. NIST’s signing ceremony symbolizing our participation and partnership in the National Cybersecurity Center of Excellence (NCCoE).
There’s no doubt that there is a critical need to protect private-sector intellectual property and other valuable business data from a growing number of cyber threats. This partnership illustrates our commitment to the spirit of collaboration while providing real-world cybersecurity capabilities that address business needs.
The NCCoE has three key goals:
- Provide practical cybersecurity – Help people secure their data and digital infrastructure by equipping them with practical ways to implement cost-effective, repeatable and scalable cybersecurity solutions.
- Increase rate of adoption – Enable companies rapidly adopt commercially available cybersecurity technologies by reducing their total
Seeing the Future of Cybersecurity in Action
Submitted on behalf of Enoch Long
On March 14th I presented an overview of Splunk to contestant finalists at the CyberPatriot V National Finals Competition at the Gaylord National Resort and Convention Center in National Harbor, Maryland to approximately 125 – 130 students. Created by the Air Force Association (AFA), the Cyber Patriot competition was created as a response to the critical need for cyber professionals in the workforce by enhancing high school students’ knowledge of careers in cyber security, technology, engineering, and math disciplines. Splunk was a Diamond level sponsor of the event. This meant that for the first time in the history of the competition a proprietary piece of software allowed as part of the competition and…
A Way of Thinking about Big Data and Security
I often get asked questions like, “I like Splunk but how much data should I be collecting for security purposes? Is there such a thing as too much data? How do I know what matters in my data?
These are good questions but unfortunately the answer really can be, “it depends.” I still believe there’s no such thing as too much data for security purposes if you are using Splunk. For me there are only two types of data, the data your are using for security and the data you’ll need later that you didn’t think you needed at the time. There will come a time when security folk will be looking at the fidelity of the data as an…
Big data, Creativity and What I Learned On My Summer Vacation…
Vacations are good for you. You get a chance to decompress, experience new things and sometimes look at things in a new way or make a connection between things that at first glance may not seem connected at all. When I go on vacation I try to let my mind wander. Usually, I get rewarded with an epiphany or two that I take back to work when the vacation is done.
This vacation I read Imagine: How Creativity Works, by Jonah Lehreh, 2011 published by Canongate London. At 253 pages, it wasn’t very long read but as a former security practitioner it got me thinking a lot about the role of imagination and creativity in a security practice.…
Security and the Splunk for VMware app
There is a lot to be excited about in the GA of the Splunk for VMware app — especially for the security practitioner. The VMware app is the first Splunk app (other than the Splunk app for Enterprise Security) to offer dashboards and data for both the IT operations folks that have to manage the environment and the security folks who need to monitor threats to this key business investment. The approach provides built-in transparency for a virtualized environment. It is not easy to dive into all the data being generated by ESX / ESXi, vSphere, the guest OS and applications. This is particularly problematic for security folks with little understanding of where to begin to look in all the…
The first major HIPAA/HITECH fee levied
When you think about it, the fine levied by the HHS Office of Civil Rights isn’t all the cost of this HIPAA violation for BlueCross BlueShield of Tennessee. Turns out this was pricier than we thought. According to the law firm of Wilson Sonsini Goodrich and Rosati….
“BlueCross had self-reported the underlying incident under HIPAA’s requirements, and incurred more than $17 million in direct expenses relating to its investigation and remediation of the incident. The HHS investigators faulted BlueCross BlueShield for failing to implement appropriate administrative safeguards to protect information by storing protected health information on unencrypted computer hard drives. Under the settlement, BlueCross BlueShield also agreed to review and revise its healthcare information privacy and security policies, and…
Splunk and the Cybersecurity Act of 2012
“The United States confronts a dangerous combination of known and unknown vulnerabilities in the cyber domain, strong and rapidly expanding adversary capabilities, and limited threat and vulnerability awareness.”
I recently listened to the final set of hearings on The Cyber Security Act of 2012. The bill was developed, “…in response to the ever-increasing number of cyber attacks on both private companies and the United States government.” The bill is really about critical infrastructure protection as may be managed, owned or operated by either the government or the private sector. It’s a bi-partisan bill and combines efforts from past sessions from the Senate Committees on Commerce, Homeland Security and Governmental Affairs, and Intelligence Committees. The bill would empower the Department…
Three Splunk 4.3 features security pros should start using today
There is a lot to like in Splunk 4.3 for security use cases, but three items should be of particular interest to security professionals.
Sparklines – Adding Time to Tables for Reporting
I use tables of information in several of the security reports I create. Usually I’ll want to track a particular type of event and include the number of times it happens along with an average over a period of time. This allows me to benchmark a particular threshold and use that as the impetus for an investigation. For example:
I want to track the number of successful accesses against assets where critical data is stored over a twenty-four hour period by user. My table will contain the name…
Big-data for Security: A new strategy against hackers
The recent article, “China Hackers Hit U.S. Chamber,” in the Wednesday, December 21, 2011, online version of the Wall Street Journal highlights yet another in a growing list of cyber attacks against US companies.
According to the article, the attack apparently started with a spear phishing scheme and social engineering tactics targeting a single employee in 2009. The attack followed a typical path of spreading to other systems, hiding behind credentialed activity, creating backdoors for access, reporting back to the attacker weekly, and granting the attacker remote access to Chamber member information and business policy documentation. The bad guys even gained access to an HVAC system at a housing unit owned by the Chamber.
There are some notable takeaways…
What IT Security Pros Don’t Know — Can hurt the business
In, What Security Pros Don’t Know: Glaring Knowledge Gaps Present a Challenge, by Upasana Gupta (http://blogs.govinfosecurity.com/posts.php?postID=1110&rf=2011-12-03-eg&elq=a212d1567d31469ab06ce37d28596e45&elqCampaignId=909) she posts some very interesting survey results:
“More than half of nearly 2,000 IT security folks attending the recent Cisco Live and Black Hat USA conferences say, in response to a survey, they have no idea which internal apps and assets on their networks are accessible to outsiders. Six of 10 report they don’t know the capabilities of the tools they use, and fewer than half say they understand how network configuration changes affect the systems they support.”
This really shows a frightening lack of alignment between the business, security, network and operations teams. This lack of visibility is something sophisticated attackers count…