Detecting Vulnerable and Compromised Certificate Use/Abuse with Splunk Enterprise Security and Stream
Recently, we have received a number of questions about compromised SSL certificates. One of the challenges this problem presents for analysts is how to gain insight into what these compromised SSL certificates are transporting and with whom are they communicating.
If you were to encounter this situation, you might find yourself being asked the following questions:
- How would you identify which assets in your organization are affected?
- How could you arrive at a strategy to prioritize what to remediate first?
- How do we start looking for these certificates being used in communication across our networks and systems?
Detecting and Remediating
For users of Splunk, many of you know that the Splunk App for Stream can capture wire data. Stream can …
Splunk Provides Analytics Driven Security for SC15
“On November 14, the Austin Convention Center became home to the fastest and most innovative computer network in the world, delivering more than 1.6 terabits per second of network bandwidth to the SC conference (SC15).” – SCnet Blog
Splunk Enterprise and Enterprise Security technologies are being used to monitor, alert and visualize activity across the network. During the course of the week, the Splunk team will be posting updates on things we learn and some dashboards and views.
Members of Splunk’s Cyber Research Lab and Security Practice teams will be at SuperComputing 2015 for the entire week. We are looking forward to learning, supporting, …
Splunk App for PCI Compliance 3.0
A few weeks ago we proudly announced the release of the Splunk App for PCI Compliance 3.0, which I will call in this post “the App”. The App, developed and supported by Splunk, helps organizations comply with PCI DSS, a global data security standard developed by a consortium of leading payment card companies to protect debit, credit and pre-paid card holder information.
We have many happy customers using this App and also many customers interested in evaluating it. This blog post addresses some of the most commonly asked questions around the App.
How does the Splunk App for PCI Compliance work and what pre-built content is in it?
For the App to work, first you need to index …
How to Secure Our Nation by Securing Our Networks
At our inaugural Splunk GovSummit last month, I told our attendees that in this fast-paced cyber climate, security touches every aspect of our lives. Looking back on 2015, it is no surprise cybersecurity was one of the most heavily discussed topics of the year due to the countless number of cyber attacks and loss of confidential data. It seems like every network is struggling to defend itself from increasingly advanced cyber adversaries. In the OPM cyber breach alone, more than 21.5 million people had their personal information stolen, making it the largest-known loss of federal personnel data. This past year has served as a serious wake-up call for both government and industry to change their cybersecurity posture and start investing …
Splunk at the Heart of a Critical SOC: Securing Operations and Winning New Business
Security professionals know that the ability to continuously monitor, analyze, and visualize data across from across the IT infrastructure is essential to combatting internal and external threats, including insider threats and advanced attacks. The ability to rapidly detect and respond to these modern day threats is essential to maintaining security for the organization. While having a high level of security is arguably critical for any business, some organizations rely on it not only to secure and maintain their customer base, in addition to maintaining the integrity of their own network.
Integra, one of the largest regional providers of networking, communications and technology solutions in the western United States, is one such company. Integra runs a security operations center (SOC) …
Security Solutions Need Data Science and Machine Learning to Protect Organizations
Every month we hear about a major breach targeting an enterprise or public sector. Based on current cyberattack growth rates, we anticipate the impact to our global economy to be around three trillion US dollars.
Within the past five years, 2.5 billion records were exposed. From January, 2015 until June 2015, 256 million records were compromised. Breaking that down, that’s…
- 1,400,000 stolen records per day (or)
- 56,000 stolen records per hour (or)
- 943 stolen records per minute.
A recent FireEye study found that on average, an organization takes 205 days to detect advanced threats. We need a security solution that uses a new paradigm to combat modern day attacks…
Splunk calls it Splunk User Behavior Analytics (Splunk UBA).
Data Integrity is back, baby!
I’m sitting in my living room near Boulder, and watching the Republican Presidential Debate happening right down the road at the University of Colorado. Each candidate is doing their best to portray themselves as a candidate with integrity that’s ready to lead our country into the future. But this far into the debate, the responses are getting pretty repetitive…
So it’s a perfect time to check out something with some real integrity – the new Data Integrity feature added to Splunk 6.3, now generally available from Splunk. This allows you to prove that your indexed data has not been tampered with after indexing. Some historical background…we used to have two features that were similar, one called Block Signing…
SplunkLive Stockholm 2015. IKEA, Statnett and Klarna
A couple of weeks ago, I was in one my favourite cities for SplunkLive Stockholm. We had a couple of hundred people in one of the most impressive rooms we’ve ever had a SplunkLive in. It felt more like the setting of Romeo and Juliet (as far as I know, there weren’t any declarations of undying love – not even for machine data).
This year we were very happy to have Statnett, Klarna and IKEA presenting on how they use Splunk.
Statnett own, build and maintain the Norwegian power grid and “make sure the lights are on in Norway”. We had Linus from Statnett talking about how they “monitor all the things” using Splunk and how this feeds into their …
Improve Your Ability to Detect, Scope and Respond to Advanced Attacks with Splunk ES 4.0
For as long as I’ve been in security, vendors have talked about the “emerging threat landscape” and warned organizations not to be passive or to settle for “good enough” security. Never in my career have those words been truer than they are today. In fact, today’s threats are so different than those of the past that security professionals are now required to approach investigations in a radically different way.
Today’s threats are dynamic in nature, often comprising a series of activities over a long period of time. This makes them difficult to investigate, requiring the analyst to be equally as dynamic in his or her activities to fully scope the infection. It’s also rare these days that a threat only …
Technology to Protect Your Technology
If it hasn’t happened to you yet, it probably will. That moment when you instinctively check your online bank account only to discover several very recent ATM withdrawals you never made. In fact, you couldn’t have physically made them. The withdrawals were too close together in time, too far apart in distance. You call the bank and learn that they do have protective security measures in place, but the system hadn’t yet flagged the transactions as fraud. You’re relieved. You’ll get your money back. But, you’re discouraged that you discovered the fraud before the bank’s technology did.
According to a 2013 Forrester Report, online fraud costs merchants $200-250 billion per year and financial institutions $12-15 billion.
At Splunk, our lifeblood …