Information Exchange Boosts Threat Intelligence

B_GSiiLXIAAU1wsThe rash of recent government breaches and continued cyberthreats have accelerated the need for the exchange of information related to these and other known incidents. For many years, DHS has been working with industry and other federal agencies to provide more standardization of content so that security practitioners (and anyone else for that matter) are speaking the same language across multiple vendor platforms as it pertains to software, configurations and vulnerabilities, to name a few. An early example that pre-dates DHS was the Common Vulnerability Enumeration (CVE) that Mitre launched in 1999. These efforts can be challenging because gathering consensus and buy-in is never easy across a diverse set of organizations and so finding entities that can shepherd these specifications …

» Continue reading

Using Data Analytics to Help Secure State and Local Government Networks

B_GSiiLXIAAU1wsWhile we eagerly await the government’s 30-day cybersecurity sprint report, it is important to remember that large federal agencies such as OPM aren’t the only ones susceptible to cyberattacks. State and local governments handle and collect confidential data just as frequently as federal agencies, which makes them attractive targets for cyberattackers. As the feds search for answers in the wake of OPM, state and local governments should likewise be reevaluating their cybersecurity approaches.

A lot of talk around cybersecurity focuses on improving data encryption, password protection and authentication practices. But one of best, and most underutilized, security resources in government is the data already being collected and the insights that information contains. State and local governments need to start embracing …

» Continue reading

Splunk Named a Leader in Gartner SIEM Magic Quadrant for the Third Straight Year

The Splunk security portfolio, including Splunk® Enterprise and the Splunk App for Enterprise Security, solves Security Information and Event Management (SIEM) requirements to dramatically improve the detection, response and recovery from advanced threats by providing broad security intelligence from data that is collected across IT, the business, and the cloud. Based on the need to protect against advanced threats, a growing number of organizations are using Splunk security analytics to augment, replace and go beyond their legacy SIEM deployments.

gartner-2015-blog-img-470x246

This week, Gartner published the 2015 version of its annual Magic Quadrant for Security Information and Event Management. In the report, Splunk was named a leader for the third straight year.

The results of the 2015 Gartner SIEM Magic …

» Continue reading

Tutorial: Let others work for you – Give them their data!

Recently I had a great discussion with some folks from the communbeach_chiar_pc_800_clr_3539ity –  they told me that in most cases the Splunkers within an organization are the ones with the best visibility and inform other departments about issues/problems/breaches. As a result their peers in the organizations want to have the same information advantage and visibility. However, often they are just interested in their own systems and services, not from others within a large organization.

What’s the easiest and fastest approach to give them the visibility they want?

The Answer: Lookups and drop down menus

Based on the Qualys App for Splunk Enterprise I’ll explain to you how you can modify an existing dashboard that shows all vulnerabilities and how to, for …

» Continue reading

Back from FiRST Berlin, discover CIRCL Passive SSL

Hello Security Ninjas,

recently Splunk took part in the FIRST 2015 conference, a conference dedicated to CERTs, Incident Responders and Security Teams. Many of the attendees shared with us that they are using Splunk regularly for security use cases and this is great to hear!

One of the notable presentations was from Alexandre Dulaunoy from the CIRCL (Computer Incident Response Center Luxembourg) and Eireann Leverett from the Cambridge Centre for Risk Studies.

Security analysts across the world are nowadays familiar with the Passive DNS technique that allows DNS information to be collected passively, just by listening to DNS requests in and out of a network. The idea Alexandre and Eireann came up with was to apply similar techniques to SSL/TLS certificates so …

» Continue reading

Masters Of Machines 2015 Part 4: Meeting the increasing security threat head-on with Operational Intelligence

Matrix FightIn the fourth and final part of this blog series to accompany the “Masters of Machines II” research from Splunk and industry analyst Quocirca, we discuss the rising security threats faced by organisations today and how Operational Intelligence has a key part to play in defending yourself.

 

 

 

 

If you want to catch up with previous posts:

Part 1 – Discusses the high level findings from the research

Part 2 – The increase in IT complexity and managing it with OI

Part 3 – How to improve customer experience by harnessing machine data

 

The fastest growing IT management concern from 2013 to 2015 was increased security threats through the compromise of IT systems.

Report-Fig-09

The …

» Continue reading

Evaluating the Government’s Approach to Investing in Cyber

B_GSiiLXIAAU1wsAs you’ve probably noticed, there has been significant media coverage lately about federal agency breaches and the importance of improving cybersecurity practices. The most recent breach of the Office of Personnel Management (OPM) has put a spotlight back on the security practices of federal agencies and has created questions for government leaders around how they can better secure their data. In fact, the incident prompted U.S. Federal CIO Tony Scott to issue a 30-day cybersecurity sprint calling on agencies to evaluate current practices and begin addressing any security gaps or vulnerabilities. But what else can agencies be doing to improve their security posture?

One of the best ways agencies can start doing a better job of securing their networks is …

» Continue reading

Splunk Acquires Caspida: The Future in Advanced Breach Detection is Here

logo-dark

Today, we welcome Caspida to the Splunk family. This acquisition enables Splunk to bring critical analytical capabilities to our customers and extends Splunk’s security analytics leadership. Caspida adds data science-driven Behavioral Analytics to the industry’s most powerful analytics-enabled SIEM solution.

In the last year, I have had several conversations with peers and customers about attack patterns and enterprise compromises. We see three big categories of attackers:

  • Advanced or nation state attackers: they compromise, persist, and run campaigns – not just one off opportunistic attacks.
  • Insiders: trusted parties that abuse their privileges.
  • Fraudsters or cyber criminals: stealing money, credit cards, estore wallets, and conduct fraudulent transactions like wire transfers, and reimbursement or benefits fraud.

All recent high-profile …

» Continue reading

Splunk at Infosecurity Europe 2015

Hello Folks,

Infosecurity Europe Logo_RGBA few weeks ago Splunk attended the Infosec conference in London. It was a busy event full of great security gurus on a mission to protect their environment with state of the art defences.

Enterprise Security 3.3

Security experts got to see live demos at the Splunk booth of the Splunk Enterprise platform as well as key apps including the Splunk App for Enterprise Security, PaloAlto, Fireye, Cisco Security and many more. They learned how to quickly identify, investigate, and respond to internal and external threats throughout their organization. Attendees of the conference were particularly interested in the STIX/TAXII and OpenIOC integration. If you want to learn more – here are some resources:

Bright Talk – What keeps

» Continue reading

Phishing – What does it look like in machine data?

Hello Security Ninjas,

Shark_Phishingin the last write up i shared info of a phishing mail i received and what questions do you want to ask once an attack is identified. In this one, i want to give you some technical insights how it can look like when performing an investigation. I’m sure you have analyzed some of those attacks in your own environment so you know the departments that might be most targeted e.g. your high risk users – if you haven’t I highly recommend you check your own environment by collecting data from the different sources and analyzing how infections start in your environment and where they occur most often.

In this case for tracking the process and generating the activity events …

» Continue reading