Microsoft Patch Tuesday! Are your servers patched?
It’s my most favorite time of the month – Patch Tuesday! Ok, I might be slightly exaggerating there. Let’s face it. It’s a pain in the neck. I have to go around to every server in my development environment and ensure that all the critical patches have been taken care of. Usually, this means a trip to Windows Update, or checking the logs of the Windows Server Update Services (WSUS) server. Today, I woke up and decided Splunk was going to assist with this.
Splunk for Meaningful Use
I visited a Health Care customer recently to discuss their most important use cases for Splunk. They’ve taken a holistic approach to getting all of their application data into Splunk and it’s really paying off. A key use case for their many health care facilities helps them stay compliant to meet their meaningful use requirements.
Meaningful use of health information technology is an umbrella term for rules and regulations that hospitals and physicians must meet to qualify for federal incentive funding under the American Recovery and Reinvestment Act of 2009 (ARRA). One of the overarching goals is to use Electronic Health Record (EHR) technology to improve the quality, safety and efficiency of patient care. Bottom line, it’s important to…
The first major HIPAA/HITECH fee levied
When you think about it, the fine levied by the HHS Office of Civil Rights isn’t all the cost of this HIPAA violation for BlueCross BlueShield of Tennessee. Turns out this was pricier than we thought. According to the law firm of Wilson Sonsini Goodrich and Rosati….
“BlueCross had self-reported the underlying incident under HIPAA’s requirements, and incurred more than $17 million in direct expenses relating to its investigation and remediation of the incident. The HHS investigators faulted BlueCross BlueShield for failing to implement appropriate administrative safeguards to protect information by storing protected health information on unencrypted computer hard drives. Under the settlement, BlueCross BlueShield also agreed to review and revise its healthcare information privacy and security policies, and…
Three Splunk 4.3 features security pros should start using today
There is a lot to like in Splunk 4.3 for security use cases, but three items should be of particular interest to security professionals.
Sparklines – Adding Time to Tables for Reporting
I use tables of information in several of the security reports I create. Usually I’ll want to track a particular type of event and include the number of times it happens along with an average over a period of time. This allows me to benchmark a particular threshold and use that as the impetus for an investigation. For example:
I want to track the number of successful accesses against assets where critical data is stored over a twenty-four hour period by user. My table will contain the name…
Smart Grid Data — the ‘wild west’ of privacy rights
I had the pleasure of attending a two day seminar on Managing SCADA Network Security Risks. One of the most interesting seminars was Data Access and Privacy Issues Related to Smart Grid Technologies by Megan Hertzler, Assistant General Council with Xcel Energy. She said that when the meter reader used to come to the house and record your electrical usage, it was aggregate data. There were no privacy issues and the electric company owned the data. Now with Smart Meters the electric company can:
- Detect how many people live at your house by watching the number of cycles of your hot water heater (not accounting for bad hygiene);
- Know when you’re home by the energy
Today’s the last day to vote for VMworld sessions–make your voice heard
Please vote for Splunk’s sessions at VMworld–today’s the last day to vote. You need to create an account, but please go here and vote for Splunk’s sessions at Vmworld:
2108 Best Practices for the Data-Centric Approach to Managing Virtual Desktops
2486 Show What You Know: Enforce Compliance in vSphere Environments and Prove It
Splunking the RSA Conference
It’s that time of year again – time for one of our favorite conferences, RSA. That it happens to be in our own backyard is a double bonus. We have a full slate of activities at RSA, so let this post serve as your Splunk @ RSA guide.
Splunk fans can register for a free exhibit hall pass with the registration code EC11SPL.
Stop by the Splunk booth (#2433) and check out our theatre featuring live demos of our partner apps freely available for download from Splunkbase.com.
Monitoring the Effectiveness of a Security Awareness Program
I was at a CISO summit in Atlanta and one of the CISOs gave a presentation on creating a security awareness program. He was able to get good support throughout the organization eliciting the help of the marketing department, legal department and other groups. His team created videos about laptop theft and password sharing that featured a character called the Data Thief. Yet, they we challenged on how to measure it’s effectiveness. They ended up creating a number of surveys that they used to get some sense of the effectiveness of the program. According the the survey overall, security awareness rose throughout the organization. In a conversation with him afterwords I asked him if they’d thought about using log data…
Leading Universities Get Better Visibility Across Their Environments with Splunk (The Tale of SplunkLive! Boston)
One of my favorite parts about attending a SplunkLive! event is hearing Splunk users talking to one another about their experiences. Watching people from similar industries interact and talk about different uses of Splunk and seeing that twinkle in their eyes when a moment of discovery crosses their face…“Wow, Splunk can do that?” It makes me smile every time.
SplunkLive! Boston featured presenters from two long-term customers. First, Steven Maresca, from University of Connecticut talked about how Splunk was able to help the University meet PCI, HIPAA and other compliance mandates related to specific fields of research. Splunk helps them to meet log retention mandates, dashboards make audits easier for auditors, and SSO ensures…