Adaptive Response: A Level Deeper for Continued Customer Success

Splunk at RSA Conference 2017bOver the past three or four years, we’ve been hearing more and more about analytics-driven security at RSA. Years ago, when Splunk first introduced the concept to the marketplace, we were living in a world where security practitioners were still focusing on prevention, rather than detection. Since then, advanced cyber adversaries have forced security analysts to change the way they think about posture. Security analysts no longer buy into the idea that there is a silver bullet for security, and vendors acknowledge that security is a team sport. With this shift in mindset comes a change in strategy, where end-to-end context and cross-vendor analytics are emphasized to better detect and respond to threats in real time. Detection is now king.…

» Continue reading

Adapting Your Security Strategy in the Ever-Changing Threatscape

The modern threat landscape is constantly changing. How can an organization maintain mission and business focus in the presence of an evolving adversary? If we take a business centric approach, technology leaders will tell you that the organizations security posture and capability should evolve to maintain parity with mission and business priorities.

Balancing the demands of the changing threat with demands of the changing business can sometimes appear incompatible. Of course one can’t simply overhaul the security infrastructure every time there is a new class of threats. Ransomware is getting quite a few headlines these days, but that doesn’t mean some of the traditional problems of rogue devices gaining access to your network are going away.

To combat the ever …

» Continue reading

Collaboration is the Key to Government Innovation

I recently participated in a panel while attending the Bloomberg RE/BOOT event in Washington, D.C. The focus of the panel was how to improve partnerships between government and industry. We started by discussing how industry can better partner with government agencies to strengthen cybersecurity in the United States. At Splunk, we solve problems by viewing the overall security solution from an ecosystem lens. Splunk technologies are just one part of that ecosystem. To address challenges in a government environment, we see our operational intelligence platform as the foundation that serves as the nerve center of the security operations ecosystem. No single solution or technology can solve every government problem, but together, industry technology leaders can partner with agencies to tackle …

» Continue reading

CVE-2015-7547: glibc: Detection with Splunk

This blog post will show you how to find if your systems are affected by the glibc vulnerability revealed on Feb 16th, 2016 by Google researchers. This vulnerability affects the glibc versions from 2.9 through 2.22. This is a critical bug because glibc is used across many mobile, virtual, cloud and high performance computing platforms and could lead to remote exploitation.

The Problem

According to the Google Blog post:

“The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

Google has found some mitigations that may help prevent exploitation

» Continue reading

Rapid Response and Discovery (RRD) – Stop chasing alerts and start raising the cost for the adversary

In this discussion we will learn why RRD is an absolute necessity. We will establish the core capabilities required for RRD. Then we will walk through how ES 4.0 delivers on the capabilities for RRD. Finally, we’ll show how we can extend RRD and add our own flavor using the existing capability in Splunk Enterprise and ES 4.0.

State of Affairs for Cyber Operations

Cyber operations teams receive far more alerts than they can handle. Once they receive an alert, analysts spend a lot of time manually connecting the dots. As a result, alerts drive the cyber posture for an organization. And cyber operations teams are stuck in a never-ending loop of chasing individual incidents. As a result, operations teams …

» Continue reading

Security Forecast for 2016

1215-f-predictions-cover_8805752016 is off to a cracking start with security news – tech announcements, nation state threats, new challenges and new opportunities. Lots of people have made predictions on what we can expect in the next 12 months?

haiyansong_892575Our Vice President of Security Markets, Haiyan Song, takes a different approach for these predictions in SC Magazine. She focuses on action, results, and preparedness. Haiyan notes that as we enter the new year, both government and industry will need to demonstrate how they learned from last year’s cyber mistakes. According to Haiyan, now is the time for the private and public sectors to reexamine cybersecurity strategy, invest in the right technology, bring focus back to people and put new ideas into action. Haiyan encourages the community to evolve our way out of 2015 – the year of the breach – and begin to pivot towards …

» Continue reading

Splunk Provides Analytics Driven Security for SC15

sc15-logo-250x250The Splunk team is providing analytics driven security for the “World’s Most Powerful Computer Network”.

“On November 14, the Austin Convention Center became home to the fastest and most innovative computer network in the world, delivering more than 1.6 terabits per second of network bandwidth to the SC conference (SC15).”SCnet Blog

Splunk Enterprise and Enterprise Security technologies are being used to monitor, alert and visualize activity across the network. During the course of the week, the Splunk team will be posting updates on things we learn and some dashboards and views.

Members of Splunk’s Cyber Research Lab and Security Practice teams will be at SuperComputing 2015 for the entire week. We are looking forward to learning, supporting, …

» Continue reading

Cybersecurity Sprint Results Signal Cautious Shift in Strategic Approach

SplunkGov LogoMore than two weeks after the completion of the 30-day cybersecurity sprint, Federal CIO Tony Scott published a blog post outlining the eagerly awaited outcomes of the government-mandated assessment. According to Scott the sprint’s final results showed “significant progress” government-wide. As many of us anticipated, Scott placed a lot of emphasis on the need for privileged access, strong authentication, budget predictability and the importance of looking at cybersecurity as a strategic, national focus – not just a one-time deployment.

Scott made a brief comment on offense. Scott’s comments highlight the asymmetry of offense vs defense. It is cheaper to acquire offensive capabilities than to maintain and deploy defensive tools. But the focus here isn’t the price of the tools. It …

» Continue reading

Splunk Acquires Caspida: The Future in Advanced Breach Detection is Here


Today, we welcome Caspida to the Splunk family. This acquisition enables Splunk to bring critical analytical capabilities to our customers and extends Splunk’s security analytics leadership. Caspida adds data science-driven Behavioral Analytics to the industry’s most powerful analytics-enabled SIEM solution.

In the last year, I have had several conversations with peers and customers about attack patterns and enterprise compromises. We see three big categories of attackers:

  • Advanced or nation state attackers: they compromise, persist, and run campaigns – not just one off opportunistic attacks.
  • Insiders: trusted parties that abuse their privileges.
  • Fraudsters or cyber criminals: stealing money, credit cards, estore wallets, and conduct fraudulent transactions like wire transfers, and reimbursement or benefits fraud.

All recent high-profile …

» Continue reading

Splunk Apps and Add-ons: Do You Possess the Apptitude?

At Splunk, we’re committed to helping customers across industry and government ingest, organize and visualize their data to gain intelligent insights. Our platform is designed to help users maximize the use of machine data through powerful search and analysis capabilities. What many people don’t know is that we go beyond offering platform solutions to ensure our capabilities can be integrated at the application level. Did you know we also offer more than 700 apps that extend the power of Splunk?

Over the years Splunk has partnered with companies such as Microsoft and Cisco to develop customized apps to integrate with customers’ existing platforms and supplement Splunk’s Enterprise platform. Splunk Enterprise is our platform for Operational Intelligence, but apps and add-ons …

» Continue reading