SF Muni Hacked. Learn How to Detect Ransomware in Your Environment
Join security expert James Brodsky for our How-to Webinar: Detection of Ransomware and Prevention Strategies on December 13.
SF Muni was hit with a Ransomware attack last week, just as the prime holiday shopping season was kicking off. For many, the free fares for the weekend while Muni assessed the damage probably seemed like a holiday gift or customer service bonus.
But the lost revenues and potential $73K ransom they were asked to pay was no bonus for the IT and security teams.
News of Ransomware attacks are becoming much more common these days, with a reported $209M paid to ransomware criminals in Q1 2016 and the FBI anticipating ransomware to be a $1B source of income for cybercriminals this year.
Double whammy for Splunk at the Computing Security Excellence Awards 2016!
Yesterday we had the honour of participating in the Security Excellence Awards from Computing.co.uk.
Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinions.
Following the Enterprise Security and Risk and Management Summit held at the Hilton Tower Bridge, the award ceremony revealed the industry’s leading companies, solutions, products and personalities.
Splunk was nominated in two categories – and was successful in both.
We won the award for Best SIEM for our Splunk Enterprise Security Solution as well as taking home the prize for Security Vendor of the Year.
Introducing the Security Investigation Guided Online Experience
Are you looking to get started with Splunk for security? Or perhaps looking for how-to guides to help your Tier 1 analysts investigate security alerts?
Lots of our customers are, so we’re here to help.
Introducing the first in a series of guided online experiences that allow you to detect, validate and scope potential threats using Splunk.
Each experience in this series will include a video walk through, a step-by-step guide and an online Splunk instance, pre-loaded with data so you can jump right in and learn how to address security issues with Splunk. No download required. No login required. No need to add data. Just get in there and …
Recap: Splunk @ Blackhat Europe 2016
Hello Splunk Ninjas!
Early November the Splunk Team attended Blackhat Europe at the Business Design Centre in London. The European hacking and penetration testing community came together to meet, exchange, collaborate and share details on what the latest hacks and vulnerabilities are. It was also an opportunity to showcase potential risks and to discuss how to improve security for organizations and consumers.
Splunk’s schedule was full during the briefing days. In our booth we shared the latest technology about big data analytics in security, machine learning, threat intelligence gathering and how security team’s should prepare for the future with automation.
THREAT HUNTING PRESENTATION, BUSINESS HALL
James Hanlon, Security Markets Specialist, presented in the Business Hall about how …
Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM
New Webinar — register now:
Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM
In the Gartner 2016 Critical Capabilities for Security Information and Event Management (SIEM) report, Splunk scored the highest in all three use cases*: Basic Security Monitoring, Advanced Threat Detection and Forensics and Incident Response
In this report, each capability is then weighted in terms of its relative importance for specific product/service use cases.
SIEM technologies provide a set of common core capabilities that are needed for all basic security monitoring use cases. Other SIEM capabilities are more critical for the advanced threat detection or incident response and management use cases.
The eight critical capabilities used in the 2016 report to determine scores …
Best Practices for using Splunk Enterprise for compliance
In September at .conf2016, the Splunk worldwide users conference, I co-presented a session titled “How to Use Splunk for Automated Regulatory Compliance.” It included a discussion of regulatory compliance and standard/framework 101 and how Splunk could be used for compliance, including some case studies and product demos of the Splunk App for PCI Compliance, the CIS Critical Security Controls App for Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics.
For the technical ninjas attending the session, the most interesting part was probably the closing section covering best practices related to using Splunk Enterprise for compliance which is the focus of this blog post. I have listed these best practices below in …
101 things the mainstream media doesn’t want you to know about PowerShell logging*
At .conf2016 Steve Brant and I presented on how to detect PowerShell maliciousness using Splunk . The only problem is, if you didn’t attend the conference and only read the PowerPoint slides you might say something like “Your presentation is just big photos and SPL”. Which is true. Frankly, we like big fonts and we cannot lie. You other presenters may deny. That when a deck goes up with a big sans-serif font and a bright image in your eyes you get… distracted by where I am going with this paragraph. As such, we are going to create blog postings of our presentation for those of you who didn’t attend our talk in person. In this missive …
Creating McAfee ePO Alert and ARF Actions with Add-On Builder
One of the best things about Splunk is the passionate user community. As a group, the community writes amazing Splunk searches, crafts beautiful dashboards, answers thousands of questions, and shares apps and add-ons with the world.
Building high quality add-ons is perhaps one of the more daunting ways to contribute. Since the recently-updated Splunk Add-On Builder 2.0 was released, however, it’s never been easier to build, test, validate and package add-ons for sharing on SplunkBase.
Technical Add-Ons, aka TAs, are specialized Splunk apps that make it easy for Splunk to ingest data, extract and calculate field values, and normalize field names against the Common Information Model (CIM). Since the release of version 6.3, Splunk Enterprise also supports TAs for …
Cybersecurity Week in Germany – Splunk wins Best SIEM
This week saw lots of activity taking place at IT-SA, the biggest German security event held in Nürnberg.
IT-SA 2016 – The IT Security Expo and Congress
This year was a record year for the conference with over 10,000 visitors and over 490 companies exhibiting.
The Splunk team was there in full force to showcase how we can help organizations utilize the gold hidden in their machine data. While security use cases were top of mind – many visitors wanted to learn how they could re-use their security investment across the company. In the booth theatre Splunk technical experts demonstrated how this works. In addition, we had ForeScout presenting on how it integrates and works together with Splunk. …
Splunk & Cisco Web Security Appliance (WSA) – BFF: „Dear IT-Admin: My Internet is so slow“
I recently met with Tobias Mayer, an engineer from EMEA with Cisco. He has a particular expertise in Websecurity Technology. The Cisco Munich Data Center has a great Splunk deployment and Tobias works closely with organizations in EMEA to solve their daily problems.
One common claim from End-Users in IT is „Our internet is slow“….and then the troubleshooting begins…
There are various components within enterprise IT that could be the reason why: „the internet is slow“.
It could be:
- The Proxy Server is running on max load (CPU, Memory, Concurrent Connections)
- The network connection from the client to the proxy within the internal network is slow
- The Active Directory / Authentication Service for the proxy response is slow