Get ready for Infosecurity Europe 2016!
It’s time to get ready for the 21st edition of Infosecurity Europe 2016, taking place between the 7th – 9th June at Olympia in London. Infosecurity is Europe’s number one information security event, featuring the largest and most comprehensive education program available, with over 315 exhibitors showcasing the most diverse range of products and services to over 12,000 visitors.
Splunk will be onsite in force at Infosecurity – with several speaking sessions as well as an interactive workshop focused on cloud security. Make sure you prepare early to avoid missing some of our great content at the show! Register today for free entrance (save £35).
Splunk Booth Stand C20 + Theater Presentations
First of all – visit the Splunk stand to get your …
What’s North of the Wall? Why cybersecurity is like Game of Thrones.
Firstly, I was late to Game of Thrones but I’m now hooked. Here in the UK it is on TV on a Monday night so I spend most of Monday avoiding spoilers after it has shown the night before in the US. Secondly, this post tries to frame the modern cyber security landscape through a Game of Thrones lens and I have to warn you it might get a bit geeky.
If you haven’t ever seen Game of Thrones (GoT) it is the story of politics, war, power, dragons and a growing threat from an army of undead (called the White Walkers) north of a massive wall (according to the GoT wiki it is 300 miles long, 700 feet …
Splunk GovSummit UK 2016: Refusing to Sleepwalk to Cyber Crisis
Last week, Splunk hosted two simultaneous events in London, England. You can learn more about SplunkLive! London in Matt Davies’ blog post: SplunkLive! London – A Full House. Analytics, IT Operations And Security. Below, Ashok Sankar shares his report from our first annual Splunk GovSummit UK.
Security is all the talk nowadays and the first annual Splunk GovSummit UK 2016 was no exception. After introductions from host Nick Butler and Splunk’s VP of EMEA region Richard Cahill set the tone for the day. He pointed out how data around us is helping improve our lives while at the same time continues to be the target of adversaries. He reaffirmed the company’s commitment to Europe and extending solutions to …
Humanizing Security Data Visualization
Visualizing and displaying complex data is hard. Understanding complex data is harder. Rapidly making operational decisions based upon complex data is extremely hard.
Historically, operational security analysts rely on alerts, tables, and charts on dashboards or in email to pull potentially useful information out of the vast sea of data dumping into their analytic systems. This has always been problematic due to the combination of false positives and understanding the context of data filtered through the human brain. Most of the standard methodologies for displaying complex information make it harder, not easier, for humans to understand the information they seek in a timely and operationally useful manner.
Everyone has seen dashboards with a wall of text in tables interspersed with …
Overcoming Cybersecurity Resource Challenges in Government
At a hearing on cybersecurity and protecting taxpayer information held by the Senate Finance Committee last month, the IRS Commissioner, John Koskinen, testified that the agency faces the loss of key IT and data security personnel over the next year. He attributed this to pay discrepancies between the private and public sector as part of his appeal to renew a lapsed law that boosted the pay of top-notch personnel temporarily recruited from the private sector1.
While it is important to ensure that talent is rewarded appropriately, the cybersecurity issue goes deeper than retention of highly trained personnel. For one, agencies are strewn with dozens of disparate security products procured over the years that are managed and operated in silos. …
Enriching threat feeds with WHOIS information
It’s almost been 2 years since I spent a summer in Seattle interning with the Splunk Security Practice (SecPrax) Team. Damn, time flies! The Splunk Security community is growing everyday, due to the unbelievable amount of flexibility, visibility, insight Splunk Enterprise offers for all data and as I have learned all data is security relevant. Back at Splunk to work with the Security Research team, this is my first blog post and I would like to hear what you people have got to say about it, so please leave a feedback/comment.
What am I missing while doing threat intelligence?
While I am doing some research looking for threat intelligence data sets to ingest into Splunk, I realized there can be …
Lessons learned from the “SWIFT” Attack
Unfortunately, somewhere in the world a big party must be going on. In February hackers successfully compromised a bank connected to the SWIFT Network in Bangladesh, stealing $81 million – as reported by Reuters earlier this week. While the computer system in Bangladesh seems to have missed a number of IT security best practices, it shows that a connected system even if it’s designed to be closed can be compromised by the weakest supplier, compromising the whole system.
It’s mind blowing to see how much subject matter expertise the hackers must have had about the SWIFT System.
Have we seen this attack in our network, too?
The chances that …
.conf2015 Highlight Series: City of LA and Splunk Cloud as a SIEM for Award-Winning Cybersecurity Collaboration
Registration and call for papers is now open for Splunk .conf2016. We can’t wait to host you all at the Walt Disney World Swan and Dolphin Resorts in Orlando, Florida; September 26-29, 2016.
During last year’s Splunk .conf2015 we were lucky to have Timothy Lee, the CISO of the City of Los Angeles, share his case study for why his department chose Splunk Cloud as a SIEM for one of their cybersecurity initiatives and how it is used. Though we’re summarizing his key points in this post, you can get the complete picture by checking out a recording of Tim’s presentation, and access to his slides, at the bottom of this post.
Tim began …
Announcing Splunk Add-on for Microsoft Cloud Services
I am pleased to announce the availability of Splunk Add-On for Microsoft Cloud Services. Released on April 1st 2016, this add-on which is available on Splunkbase, provides Splunk admins the ability to collect events from various Microsoft Cloud Services APIs. In this first release, this includes:
- Admin, user, system, and policy action events from a variety of Office 365 services such as Sharepoint Online and Exchange Online and other services supported by the Office 365 Management API.
- Audit logs for Azure Active Directory, supported by the Office 365 Management API.
- Current and historical service status, as well as planned maintenance updates for a variety of services supported by the Office 365 Service Communications API.
If you are wondering …
Developing Correlation Searches Using Guided Search
Guided Search was released in Splunk Enterprise Security 3.1, nearly two years ago, but is often an overlooked feature. In reality, it is an excellent tool for streamlining the development of correlation searches. The goal of this blog is to provide a better understanding of how this capability can be used to create correlation searches above and beyond what Enterprise Security has to meet your unique security requirements.
So what is Guided Search?
It’s a “wizard”-like process to gather the key attributes that make up a correlation search. Essentially, there are five elements to Guided Search:
- Identify the data set to search
- Apply a time boundary
- Filter the data set (optional)
- Apply statistics (optional)
- Establish thresholds (optional)
Along the way, …