Splunk & the National Defense University: Educating the Security Warriors

200px-National_Defense_UniversityEvery six months, or once a semester if you are academically inclined, our Splunk Public Sector office in Tysons Corner, VA hosts students from the National Defense University (NDU) in Washington, DC to discuss emerging security trends, the evolving threat landscape and adaptive threat response initiatives that make all data crucial to security warriors.

For those who are not familiar, NDU’s mission is to support warfighters by providing rigorous joint professional military education to members of the U.S. Armed Forces and select others to develop leaders who are able to operate and creatively think in an increasingly unpredictable and complex world. The University’s overarching purpose is to educate, develop and inspire national security leaders.

These semiannual meetings consist of the …

» Continue reading

Look for Trouble at Cisco Live 2016 with Splunk!

CiscoLiveLogoThousands of Cisco customers – including more than 20 internal Cisco teams – leverage Cisco & Splunk solutions to do everything from improve infrastructure and application availability to defend against multi–dimensional cyber-attacks and advanced threats.

It’s been an exciting year so far with Splunk and Cisco. Cisco recently named Splunk their 2016 Global ISV Partner of the Year, and now we’re packing our bags for a week of Cisco and Splunk-y goodness at Cisco Live in Vegas July 10th-14th, 2016.

At Cisco Live you will see how Splunk and Cisco have teamed to deliver unified visibility into application and network performance, dramatically reduce in troubleshooting times, enable better and faster response into security incidents, and more. You’ll discover practical ways to …

» Continue reading

How to Pick a Threat Intelligence Provider (kind of…)

Over my last two years-ish at Spunk I’ve been asked the question “Which threat intelligence feed should I purchase?” and “whats the deal with the viking helmet?” and “whats up with the Star Wars theme at Threatconnect”  (ಠ_ಠ at you @wadebaker) on a more than regular occurrence. And like anyone who is trying to get out of a binary question I would respond with “it depends…” and then I’d mumble something about “threat data”. Finally I’d sigh and say, “All joking aside… it depends”. I just didn’t have a great answer. Don’t get me wrong, I have personal preferences based on my experiences, but I tend to know threat intelligence providers who focus on nation-state adversaries. If you work for an …

» Continue reading

Best Practices in Protecting Splunk Enterprise

Splunk EnterpriseSplunk Enterprise helps companies collect, analyze, and act upon the data generated by their technology infrastructure, security systems and business applications. Customers use Splunk software to achieve operational visibility into critical information technology assets and drive operational performance and business results.

Splunk Apps enhance and extend the Splunk platform and deliver a user experience tailored to typical tasks and roles. Most customers make use of one or more of the 1000+ Apps available in Splunkbase.

While end-users are the main consumers of Apps, App installation requires full administrator access. We strongly discourage customers from granting this access to any user other than designated administrators.

Beyond restricting admin privileges, we recommend adopting the standard deployment and operation practices described briefly …

» Continue reading

Gaining clarity: adding a visual line break between events

splunktrust(Hi all–welcome to the latest installment in the series of technical blog posts from members of the SplunkTrust, our Community MVP program. We’re very proud to have such a fantastic group of community MVPs, and are excited to see what you’ll do with what you learn from them over the coming months and years.
–rachel perkins, Sr. Director, Splunk Community)


 

Hi, I’m Mark Runals, Lead Security Engineer at The Ohio State University, and member of the SplunkTrust.

If your experience is anything like mine, there have been times when you’ve put together a query that has found events of interest to you–only to have to spend extra time scanning back and forth within the results to make sure …

» Continue reading

Smart AnSwerS #69

Hey there community and welcome to the 69th installment of Smart AnSwerS.

Time has been flying by with Splunkers working incredibly hard and adapting to new changes in our office space. It’s hard to believe that we’re halfway through 2016 already, but that’s what happens when you’re constantly focused and pushing through the daily grind. Luckily, HQ and other Splunkers in the US are getting a nice 5 day Summer break starting tomorrow for the 4th of July weekend. This is our chance in the middle of the year to refresh and recharge before finishing off strong with the next couple quarters ahead. Cheers!

Check out this week’s featured Splunk Answers posts:

How to add upper and

» Continue reading

Splunking a Microsoft Word document for metadata and content analysis

The Big Data ecosystem is nowadays often abbreviated with ‘V’s. The 3Vs of Big Data, or the 4Vs of Big Data, even the 5Vs of Big Data! However many ‘V’s are used, two are always dedicated to Volume and Variety.

Recent news provides particularly rich examples with one being the Panama Papers. As explained by Wikipedia:

The Panama Papers are a leaked set of 11.5 million confidential documents that provide detailed information about more than 214,000 offshore companies listed by the Panamanian corporate service provider Mossack Fonseca. The documents […] totaled 2.6 terabytes of data.

This leak illustrates the following pretty well:

  • The need to process huge volume of data (2.6 TB of data in that particular case)
  • The need to
» Continue reading

Detecting and Responding to the Accidental Breach

Hello All,

Splunk recently commissioned analyst firm IDC to conduct research in EMEA into how capable organizations are at protecting and responding to hapless user activity. The research questioned 400 organizations across the region, producing some really valuable insights.

header_english

At a time when security breaches are inevitable, one of the primary threat vectors is what IDC calls the hapless user. It isn’t a case of the user being stupid – it’s because attacks are getting far better at tricking users into unintentionally clicking on the wrong link or opening attachments which they shouldn’t.

Why organizations cant deal

In the IDC report you can find out about the threats that companies are most worried about in EMEA, what security technologies they are using and what …

» Continue reading

Eureka! Extracting key-value pairs from JSON fields

With the rise of HEC (and with our new Splunk logging driver), we’re seeing more and more of you, our  beloved Splunk customers, pushing JSON over the wire to your Splunk instances. One common question we’re hearing you ask, how can key-value pairs be extracted from fields within the JSON? For example imagine you send an event like this:

{"event":{"name":"test", "payload":"foo=bar\r\nbar=\"bar bar\"\tboo.baz=boo.baz.baz"}}

This event has two fields, name and payload. Looking at the payload field however you can see that it has additional fields that are within as key-value pairs. Splunk will automatically extract name and payload, but it will not further look at payload to extract fields that are within. That is, not unless we tell it to.

Field

» Continue reading

2016 Scalar Security Study – The Cybersecurity Readiness of Canadian Organizations

This is a guest post contributed by Aoife Mc Monagle, Director, Marketing & Communications at Scalar Decisions
scalar-NoTagline_4CAs Canada’s #1 IT security company, Scalar spends a lot of time advising clients on how to manage cybersecurity risk. We also spend time researching the market to better understand the needs of Canadian clients and how they are dealing with cybersecurity today. In February 2016, we published our second annual security study: The Cyber Security Readiness of Canadian Organizations.

Our objective was to examine changes in the cyber threat landscape, and what strategies, tactics, and technologies respondents were finding most useful in combatting these threats.

2016-scalar-security-study-the-cyber-security-readiness-of-canadian-organizations-1-638

The findings showed that the landscape was generally getting worse year-over-year: more attacks, more breaches, …

» Continue reading