SIEM success patterns – How to get it right!

Hello all,

One of the things I love about machine data is that it can be used in so many ways. Interestingly enough over the years I have observed a common pattern in organizations that have been successful with SIEM. The implementation of a cyber defence center should serve to increase security maturity, strengthen cyber security skills and security intelligence, enabling organisations to successfully stop complex attacks (not just malware!) and better protect customer data and the overall business. Yet in the past I have been called in to meet with prospects regarding failed SIEM deployments and it doesn’t matter which traditional vendor it is there are always similar patterns.

 

What are the patterns of a failed SIEM deployment?

trip_hurdles_800_clr_5680The …

» Continue reading

Splunk & the National Defense University: Educating the Security Warriors

200px-National_Defense_UniversityEvery six months, or once a semester if you are academically inclined, our Splunk Public Sector office in Tysons Corner, VA hosts students from the National Defense University (NDU) in Washington, DC to discuss emerging security trends, the evolving threat landscape and adaptive threat response initiatives that make all data crucial to security warriors.

For those who are not familiar, NDU’s mission is to support warfighters by providing rigorous joint professional military education to members of the U.S. Armed Forces and select others to develop leaders who are able to operate and creatively think in an increasingly unpredictable and complex world. The University’s overarching purpose is to educate, develop and inspire national security leaders.

These semiannual meetings consist of the …

» Continue reading

How to Pick a Threat Intelligence Provider (kind of…)

Over my last two years-ish at Spunk I’ve been asked the question “Which threat intelligence feed should I purchase?” and “whats the deal with the viking helmet?” and “whats up with the Star Wars theme at Threatconnect”  (ಠ_ಠ at you @wadebaker) on a more than regular occurrence. And like anyone who is trying to get out of a binary question I would respond with “it depends…” and then I’d mumble something about “threat data”. Finally I’d sigh and say, “All joking aside… it depends”. I just didn’t have a great answer. Don’t get me wrong, I have personal preferences based on my experiences, but I tend to know threat intelligence providers who focus on nation-state adversaries. If you work for an …

» Continue reading

Detecting and Responding to the Accidental Breach

Hello All,

Splunk recently commissioned analyst firm IDC to conduct research in EMEA into how capable organizations are at protecting and responding to hapless user activity. The research questioned 400 organizations across the region, producing some really valuable insights.

header_english

At a time when security breaches are inevitable, one of the primary threat vectors is what IDC calls the hapless user. It isn’t a case of the user being stupid – it’s because attacks are getting far better at tricking users into unintentionally clicking on the wrong link or opening attachments which they shouldn’t.

Why organizations cant deal

In the IDC report you can find out about the threats that companies are most worried about in EMEA, what security technologies they are using and what …

» Continue reading

2016 Scalar Security Study – The Cybersecurity Readiness of Canadian Organizations

This is a guest post contributed by Aoife Mc Monagle, Director, Marketing & Communications at Scalar Decisions
scalar-NoTagline_4CAs Canada’s #1 IT security company, Scalar spends a lot of time advising clients on how to manage cybersecurity risk. We also spend time researching the market to better understand the needs of Canadian clients and how they are dealing with cybersecurity today. In February 2016, we published our second annual security study: The Cyber Security Readiness of Canadian Organizations.

Our objective was to examine changes in the cyber threat landscape, and what strategies, tactics, and technologies respondents were finding most useful in combatting these threats.

2016-scalar-security-study-the-cyber-security-readiness-of-canadian-organizations-1-638

The findings showed that the landscape was generally getting worse year-over-year: more attacks, more breaches, …

» Continue reading

.conf2015 Highlight Series: City of LA and Splunk Cloud as a SIEM for Award-Winning Cybersecurity Collaboration

Updated June 23, 2016:

Screen Shot 2016-06-23 at 1.29.51 PMWe are pleased to announce the City of Los Angeles was recently presented with the City on a Cloud award at the AWS Public Sector Summit in Washington, DC. The City on a Cloud Innovation Challenge recognizes and celebrates local and regional governments in three categories: Best Practices, Partners in Innovation and Dream Big. The City of Los Angeles was selected as the Best Practices winner for its use of innovative, world-class cybersecurity to protect digital assets and deployment of a unique, cloud-based security information and event management (SIEM) solution for the Integrated Security Operations Center (ISOC), to help consolidate, maintain, and analyze security data across the city’s departments.

All of the below was first published

» Continue reading

Full-Scale Operational Intelligence Through CDM

SplunkGov LogoIn the face of high-profile breaches and increasingly sophisticated hackers, the Federal Government’s Continuous Diagnostics and Mitigation (CDM) program is one of the most important and widely discussed cybersecurity initiatives in recent history.

Did you know that Splunk Enterprise will be used at 25 of the largest civilian departments and agencies covering 97% of the federal civilian government workforce?

On Wednesday, May 11, I spoke at the Face-to-Face Cybersecurity CDM event hosted by FCW to discuss how Splunk’s solutions and government’s CDM program fit together. As Nick Murray noted in a recent blog post, the CDM program makes tools and services available to agencies via a government wide contract to help them identify cybersecurity risks on an ongoing basis, prioritize …

» Continue reading

Spotting the Adversary… with Splunk

Howdy Ya’ll. Eventually there is a Rubicon to cross in every Security professional’s life. With a satisfied sigh he’ll take a step back from the keyboard, wipe Dorito dust covered hands on khakis, take a long slug of Mountain Dew, and gaze proudly at his Splunk instance and utter the words “I’ve added all the data sources I can. The network is being ‘monitored’”. Then the smile will falter as his cyber demons claw their way up to the surface.  He’ll hear them scream out “but WHAT am I supposed to look for??”  He (and you) are not alone. Ever since time immemorial (or at least when I first began “practicing” the dark arts of cyber security) I would hear the question of “but what …

» Continue reading

The 4-minute mile challenge and securely moving to the Cloud

roger-bannister_YaXSaAs a runner, I am always fascinated by Dr. Roger Bannister’s achievement of shattering the 4-minute barrier to run a mile. Even though, I was not around to witness this landmark feat, the 4-minute barrier holds a special significance.

Splunk is excited to share with you a new interactive, sub 4-minute video, in which Splunk’s Senior Vice President of Security Markets, Haiyan Song, takes you on a journey to discover how cloud-based SIEM services can cut costs, help security teams reduce remediation cycle times, and demonstrate regulatory compliance, without the hassle of setting up and managing complex hardware.

Within this interactive video, you can access additional customer videos, peruse white papers, listen to a webinar and much more!

The …

» Continue reading

Get ready for Infosecurity Europe 2016!

Hello,

Infosec 2016It’s time to get ready for the 21st edition of Infosecurity Europe 2016, taking place between the 7th – 9th June at Olympia in London. Infosecurity is Europe’s number one information security event, featuring the largest and most comprehensive education program available, with over 315 exhibitors showcasing the most diverse range of products and services to over 12,000 visitors.

Splunk will be onsite in force at Infosecurity – with several speaking sessions as well as an interactive workshop focused on cloud security. Make sure you prepare early to avoid missing some of our great content at the show! Register today for free entrance (save £35).

Splunk Booth Stand C20 + Theater Presentations

Splunk_at_Infosec

First of all – visit the Splunk stand to get your …

» Continue reading