Cyber Crime in Finance – Splunk attended the Banking Lounge Event at Bloomberg in Frankfurt

Hello,

Recently Splunk and Finanz Informatik Technology Service, a provider of IT outsourcing and a finance cloud service, attended a Banking Lounge event, and also had the honor of speaking.

This post is a copy from the review of the event at FI-TS.

FI-TS organized the Banking Lounge on Cybercrime in Frankfurt together with BANKINGCLUB and Splunk. Around 50 interested banking experts came to Bloomberg LP, to listen to talks from Splunk and FI-TS and network.

Cybercrime in banks

Welcome to Bloomberg

Before the presentation started, almost all participants took part in the guided tour through the rooms of Bloomberg LP. Werner Kolb, Sales Manager at Bloomberg for 15 years, welcomed us and showed us the offices on the 18th floor. Bloomberg is well …

» Continue reading

Raise a Glass to Splunk Apptitude Winners

With the grand prize of $100,000 being awarded to the Fraud and Insider Threat category, it was only appropriate to announce the winners at Blackhat 2015 – one of the largest security conferences in the world. And though all of the winners couldn’t make it on short notice – they were coming from all over the globe, one even sending a video from the peaks of the Swiss Alps.

We received a great mix of submissions from customers, partners, and even some Splunk newbies. This really was a great showing of the breadth and varied experience of our users and developer community, as well as the creativity that can only come from a field from such varied experience and location.…

» Continue reading

Detecting dynamic DNS domains in Splunk

Name a security breach or sample of malware in the last five years and you will come across a fairly common denominator: the malware (or the method of data exfiltration) used a “Dynamic DNS” hostname to connect to the Internet [1][2][3][4][5]. But what is dynamic DNS (DDNS)? Why do malicious actors use it? And how do network defenders detect it in their network?

On a basic level, dynamic DNS allows for sub-domains to have IP addresses that can be quickly changed, often in real-time. Legitimate users take advantage of this service by using providers such as noip.com or duckdns.org to create easy to remember subdomains (such as the example “myhouse.no-ip[.]org”) …

» Continue reading

Information Exchange Boosts Threat Intelligence

B_GSiiLXIAAU1wsThe rash of recent government breaches and continued cyberthreats have accelerated the need for the exchange of information related to these and other known incidents. For many years, DHS has been working with industry and other federal agencies to provide more standardization of content so that security practitioners (and anyone else for that matter) are speaking the same language across multiple vendor platforms as it pertains to software, configurations and vulnerabilities, to name a few. An early example that pre-dates DHS was the Common Vulnerability Enumeration (CVE) that Mitre launched in 1999. These efforts can be challenging because gathering consensus and buy-in is never easy across a diverse set of organizations and so finding entities that can shepherd these specifications …

» Continue reading

Using Data Analytics to Help Secure State and Local Government Networks

B_GSiiLXIAAU1wsWhile we eagerly await the government’s 30-day cybersecurity sprint report, it is important to remember that large federal agencies such as OPM aren’t the only ones susceptible to cyberattacks. State and local governments handle and collect confidential data just as frequently as federal agencies, which makes them attractive targets for cyberattackers. As the feds search for answers in the wake of OPM, state and local governments should likewise be reevaluating their cybersecurity approaches.

A lot of talk around cybersecurity focuses on improving data encryption, password protection and authentication practices. But one of best, and most underutilized, security resources in government is the data already being collected and the insights that information contains. State and local governments need to start embracing …

» Continue reading

Splunk Named a Leader in Gartner SIEM Magic Quadrant for the Third Straight Year

The Splunk security portfolio, including Splunk® Enterprise and the Splunk App for Enterprise Security, solves Security Information and Event Management (SIEM) requirements to dramatically improve the detection, response and recovery from advanced threats by providing broad security intelligence from data that is collected across IT, the business, and the cloud. Based on the need to protect against advanced threats, a growing number of organizations are using Splunk security analytics to augment, replace and go beyond their legacy SIEM deployments.

gartner-2015-blog-img-470x246

This week, Gartner published the 2015 version of its annual Magic Quadrant for Security Information and Event Management. In the report, Splunk was named a leader for the third straight year.

The results of the 2015 Gartner SIEM Magic …

» Continue reading

Tutorial: Let others work for you – Give them their data!

Recently I had a great discussion with some folks from the communbeach_chiar_pc_800_clr_3539ity –  they told me that in most cases the Splunkers within an organization are the ones with the best visibility and inform other departments about issues/problems/breaches. As a result their peers in the organizations want to have the same information advantage and visibility. However, often they are just interested in their own systems and services, not from others within a large organization.

What’s the easiest and fastest approach to give them the visibility they want?

The Answer: Lookups and drop down menus

Based on the Qualys App for Splunk Enterprise I’ll explain to you how you can modify an existing dashboard that shows all vulnerabilities and how to, for …

» Continue reading

Back from FiRST Berlin, discover CIRCL Passive SSL

Hello Security Ninjas,

recently Splunk took part in the FIRST 2015 conference, a conference dedicated to CERTs, Incident Responders and Security Teams. Many of the attendees shared with us that they are using Splunk regularly for security use cases and this is great to hear!

One of the notable presentations was from Alexandre Dulaunoy from the CIRCL (Computer Incident Response Center Luxembourg) and Eireann Leverett from the Cambridge Centre for Risk Studies.

Security analysts across the world are nowadays familiar with the Passive DNS technique that allows DNS information to be collected passively, just by listening to DNS requests in and out of a network. The idea Alexandre and Eireann came up with was to apply similar techniques to SSL/TLS certificates so …

» Continue reading

Masters Of Machines 2015 Part 4: Meeting the increasing security threat head-on with Operational Intelligence

Matrix FightIn the fourth and final part of this blog series to accompany the “Masters of Machines II” research from Splunk and industry analyst Quocirca, we discuss the rising security threats faced by organisations today and how Operational Intelligence has a key part to play in defending yourself.

 

 

 

 

If you want to catch up with previous posts:

Part 1 – Discusses the high level findings from the research

Part 2 – The increase in IT complexity and managing it with OI

Part 3 – How to improve customer experience by harnessing machine data

 

The fastest growing IT management concern from 2013 to 2015 was increased security threats through the compromise of IT systems.

Report-Fig-09

The …

» Continue reading

Evaluating the Government’s Approach to Investing in Cyber

B_GSiiLXIAAU1wsAs you’ve probably noticed, there has been significant media coverage lately about federal agency breaches and the importance of improving cybersecurity practices. The most recent breach of the Office of Personnel Management (OPM) has put a spotlight back on the security practices of federal agencies and has created questions for government leaders around how they can better secure their data. In fact, the incident prompted U.S. Federal CIO Tony Scott to issue a 30-day cybersecurity sprint calling on agencies to evaluate current practices and begin addressing any security gaps or vulnerabilities. But what else can agencies be doing to improve their security posture?

One of the best ways agencies can start doing a better job of securing their networks is …

» Continue reading