Splunk at CyberSecurity IP Expo London – Securing the digital enterprise

This year you can find Splunkers at the Cyber Security Europe event, part of IP Expo, from 5th-6th October in London. Cyber Security and cyber resilliance is on top of mind for everyone at this conference.

ip-expo

The focus in IT security is no longer to just protect your perimeter or systems against malware attacks. As cyber criminals become better organized, the impact of a successful attack can seriously impact your company’s brand, your customers and your intellectual property. Together with the fact that it is now clear that it’s not possible to prevent 100% of breaches, it;s clear that organizations need to change their approach. By moving from pure prevention to add early detection and response capabilities, organizations can gain …

» Continue reading

Adaptive Response: Beyond Analytics-Driven Security

SCL-Splunk-conf2016-Badge-7-v2_fb-1200x627

Now that .conf2016 is in full swing, I’m excited to discuss one of my favorite topics – the Splunk-led Adaptive Response Initiative, which we first announced at the RSA Conference earlier this year. We made a big splash with a strong group of 8 founding participants representing key security technologies like Network Firewall, Endpoint Detection and Response, Privileged User Management, Threat Intelligence, and Incident Response. We are thrilled by the support from Splunk customers and strategic partners as we continue to enable organizations to operate multi-vendor adaptive security architectures and bring life to our vision for a security nerve center.

So here we are in Orlando, and I’m happy to share our latest Adaptive Response milestones:

  1. We have extended Adaptive Response controls into Splunk Enterprise Security 4.5 (ES)
  2. Vendor
» Continue reading

Use Analytics-Driven Decision Making and Automation to Improve Threat Detection and Operational Efficiency

SCL-Splunk-conf2016-Badge-4_fb-1200x627Today, we announced major advancements to our security analytics portfolio with a new version of Splunk Enterprise Security 4.5 (ES), which introduces significant innovations to Splunk ES.

Enterprise Security (ES) 4.5 includes Adaptive Response, which helps extend security architecture beyond legacy preventative technologies, and events-based monitoring to use connected intelligence for security operations to gain full visibility and responsiveness across the entire security ecosystem. The new release introduces Glass Tables, which expands the visual analytics capabilities of Splunk ES.

Meeting the growing needs of CISOs adopting automation and orchestration

Many Splunk security customers already use automation to eliminate routine tasks in order to accelerate detection and streamline their response times. A recent survey conducted by 451 Research reveals that 57% …

» Continue reading

Introducing Splunk UBA 3.0

SCL-Splunk-conf2016-Badge-5-v2_fb-1200x627Splunk User Behavior Analytics 3.0 (UBA) introduces significant advancements to Splunk UBA and drives Splunk’s Security Analytics to the next level. This is evident with Gartner placing Splunk in the leader’s quadrant and positioning Splunk furthest overall for completeness of vision.

Splunk UBA 3.0 makes an architectural shift by decoupling platform from content, thereby, providing customers with an ability to update detection footprint with zero downtime and without the hassle of upgrading the entire platform. Content includes the following: machine learning models, threat models, anomaly classifications, data sources, and intelligence. The goal for this architectural shift is two-fold – improve operational efficiency and keep up with the ever-changing threat landscape by delivering regular updates.

Model, Models and Lots of Machine

» Continue reading

#splunkconf16 preview: Automation, Machine Learning, Incident Response and Hunting are dominant themes for .conf2016

SCL-Splunk-conf2016-preview-BigDataIdeas_twtr1-440x220It is that special time of the year for the Security Markets team at Splunk as we are few weeks away from .conf2016, Splunk’s annual user conference!

The security track has over 40 learning sessions and numerous hands-on activities.

It will be an incredible four days to interact with our passionate users, CISOs, CIOs, business leaders and learn about the innovative ways in which Splunk users solve their security needs.

You will hear how Splunk customers such as Accenture, Bloomberg, CAA, Aflac, Workday, CERT-EU, MITRE, Sony, Capital Group, Bechtel, Republic Services and more use Splunk to solve their security needs.

This year, we have more than twenty customer led security sessions where you can learn how our customers use …

» Continue reading

Splunk Named a Leader in Gartner SIEM Magic Quadrant for the Fourth Straight Year

Gartner has published the 2016 Magic Quadrant for Security Information and Event Management and Splunk was named a leader for the fourth straight year.

In the report, Gartner placed Splunk in the Leaders quadrant and positioned Splunk furthest overall for completeness of vision.

MQ SIEM FINAL

Our security portfolio, including Splunk® Enterprise and the Splunk Enterprise Security solves basic, advanced and emerging SIEM use cases to dramatically accelerate the detection, investigation of advanced threats and attacks and to rapidly respond and remediate them by providing security intelligence from all security relevant data that is collected across IT, the business, and the cloud.

A growing number of organizations are using Splunk Enterprise Security to augment, replace and go beyond their legacy SIEM deployments.…

» Continue reading

Detecting early signs of compromise by splunking windows sysinternal

Splunk_Power_Banner

OVERVIEW

The traditional way of detecting an advanced malware or threat compromise in a Windows environment using a signature-based anti-virus or malware product is difficult.  Most anti-malware solutions that are signature based rely on a known list of signatures:

  • Endpoint protection products don’t have a perfect list of threats to detect all signatures that exist or are known
  • Don’t apply to new types of threats that are executed as new executables at the endpoints because there is no known signature to compare against

This traditional approach is forcing organizations to constantly deal with security breaches that range from incidents that deal with data exfiltration, service interruptions and ransomwares that are all dealing with the inability to protect and detect the …

» Continue reading

Secure Splunk Web in Five Minutes Using Let’s Encrypt

Configuring SSL for your public facing Splunk instance is time-consuming, expensive and essential in today’s digital environment. Whether you choose to go with a cloud provider or self-hosting; RTFM-ing how to generate the keys correctly and configuring how Splunk should use them can be quite confusing. Last year, a new certificate authority Let’s Encrypt was born in an effort to streamline the CA process and make SSL encryption more widely available to users (The service is FREE). In this short tutorial, we will cover how to make use of this new CA to secure your Splunk instance and stop using self-signed certs.  Using SSL will help you to secure your Splunk instance against MITM attacks. Let’s Encrypt utilizes all of …

» Continue reading

Splunk for Risk Management Framework

SplunkGov LogoThe term Risk Management Framework (RMF) can mean many things to many people.  As the paper ‘Beyond Compliance —Addressing the Political, Cultural and Technical Dimensions of Applying the Risk Management Framework’ from MITRE Corporation points out it could mean a replacement of DIACAP within the DoD, it could mean a replacement to the C&A process or it could be an evolution from compliance to a more risk based approach.

In 2014, the Department of Defense (DoD) introduced the Risk Management Framework (RMF) to help federal agencies better manage the many risks associated with operating an information system. It is clear that a compliance-only oriented approach is not enough for a robust security posture, especially in the face of …

» Continue reading

Adapting Your Security Strategy in the Ever-Changing Threatscape

event-logo-us16
The modern threat landscape is constantly changing. How can an organization maintain mission and business focus in the presence of an evolving adversary? If we take a business centric approach, technology leaders will tell you that the organizations security posture and capability should evolve to maintain parity with mission and business priorities.

Balancing the demands of the changing threat with demands of the changing business can sometimes appear incompatible. Of course one can’t simply overhaul the security infrastructure every time there is a new class of threats. Ransomware is getting quite a few headlines these days, but that doesn’t mean some of the traditional problems of rogue devices gaining access to your network are going away.

To combat the ever …

» Continue reading