Find Malicious Insiders Before You Become a Headline

Screen Shot 2017-02-14 at 10.13.21 AMThe media is filled with reports of Russia’s possible influence over the U.S. presidential elections. While American security agencies are investigating the Kremlin’s possible involvement in a hack of the Democratic National Committee, a U.S. Intelligence Service unclassified report suggests the Russians motive, at least in part, may have been retaliation for the U.S. working with a malicious insider to leak news of a Soviet Olympic athlete doping scandal.

Regardless of whether the report is true, it reveals a growing concern over insider threats for foreign governments everywhere. Countries such as Canada are heavily investing to protect its citizens against insider and foreign attacks, while the U.S. Department of Defense Inspector General found in a recent audit that the U.S. …

» Continue reading

Gaze into Splunk’s Crystal Ball for What’s to Come in 2017

social-splunk-2017predictionsLast year, a team of Splunkers came up with several predictions for what 2016 would bring in the fields of IT, security, and big data. This year we’ve done it again, looking into our crystal ball (or industry experience) to share our prophecies for 2017.

But first, let’s look back at some of the hits and misses of what we predicted for 2016.

Behavioral analysis will shift from an emphasis on user credentials to machine-to-machine credentials.

Haiyan Song, our SVP of security markets, predicted that “anomaly detection will become less about analyzing users or entities and more about leveraging machine learning and data science.” While there’s still a way to go, this has begun to come true: As

» Continue reading

Stop Security Threats With Real-Time Data Monitoring

Imagine having a vast library of books but not being able to see what words live on the page that you are reading or want to read. That would be like being able to ingest security relevant data from a diverse array of data sources but not being able to use that information to monitor your security posture in near real time.

Library of Congress

Library of Congress

Real-time data monitoring is essential to secure an enterprise because it gives security practitioners the ability to monitor and manage the consumption and use of machine data across complex IT and security systems with visual insights into that data. The data can come from sources such as web logs, application usage to digital transactions. Why …

» Continue reading

Make Security Incidents Less Scary By Organizing Your Response

The Federal Emergency Management Agency (FEMA) created the National Response Framework in 2008 to organize how the national government responds to natural disasters, terrorist attacks and other catastrophic events. Unfortunately, government resources alone can’t properly respond to disasters. That’s why the framework exists. It helps organize FEMA’s limited resources to respond to threats in the most efficient manner possible.

The six-step planning process from FEMA’s National Response Framework

The six-step planning process from FEMA’s National Response Framework

Similarly, incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. The goal is to best organize alerts and resources within a security information and event management (SIEM) system to handle the situation in a way that limits damage and reduces recovery time and …

» Continue reading

ING Bank at Gartner Symposium. Delivering business value from operational insights.

ING_logo-1024x768Last week was EMEA’s Gartner Symposium and it was a pretty busy week. Thousands of CIOs, senior IT leaders and IT companies converged on a very windy Barcelona. We were lucky enough to have ING Bank speaking about how it uses Splunk to deliver business value from IT and ensure its customers are happy. ING Bank Slaski in Poland has over four million customers monitored by Splunk. ING’s IT goal is to make sure they are listening to the voice of the customer “to stay a step ahead in life and business” by:

  • Making it clear and easy to use ING’s banking services
  • Allowing customers access to those services anytime and anywhere
  • Empowering users to self serve and make use
» Continue reading

Trust and Resilience at the Speed of Business – How Travis Perkins built a lean SOC with Splunk in the Cloud


IMG_6261.JPGThis week we attended the Gartner Security & Risk Management Summit in London. IT-Security Managers from across Europe came together to network, exchange information about the latest cyber security strategies and understand Gartner’s perspective on the market.
As every industry continues to focus on digital transformation and move services online, security has become an even greater organizational priority. Organizations that customers trust and are confident in using will be clear winners in the long term. For many organizations IT related risk has become a major part of their corporate risk assessment that the board of directors has to review regularly .


As a result, many organizations have identified the need to build up Security Operations Centers (SOC) or …

» Continue reading

Gartner Catalyst recap: City of San Diego Leading Innovation

San_Diego_City_SealA few perfectly pleasant and sunny days earlier this month formed an inviting setting for the Gartner Catalyst conference in San Diego.  I had the distinct honor of introducing and kicking off a session led by Mr. Gary Hayslip, the CISO for the City of San Diego, on how they use data analytics to fight cyber threats, manage application delivery, coordinate city-wide IT services and help San Diego continue to innovate as a smart city. Consider the following:

  • The City of San Diego, long considered one of the most innovative cities in the world and the 8th largest city in the US, employs 11,000 people to serve its 1.5 Million citizens and conducts $4 Billion in business
» Continue reading

Splunk Named a Leader in Gartner SIEM Magic Quadrant for the Fourth Straight Year

Gartner has published the 2016 Magic Quadrant for Security Information and Event Management and Splunk was named a leader for the fourth straight year.

In the report, Gartner placed Splunk in the Leaders quadrant and positioned Splunk furthest overall for completeness of vision.


Our security portfolio, including Splunk® Enterprise and the Splunk Enterprise Security solves basic, advanced and emerging SIEM use cases to dramatically accelerate the detection, investigation of advanced threats and attacks and to rapidly respond and remediate them by providing security intelligence from all security relevant data that is collected across IT, the business, and the cloud.

A growing number of organizations are using Splunk Enterprise Security to augment, replace and go beyond their legacy SIEM deployments.…

» Continue reading

Join Splunk at Gartner Security & Risk Management Summit 2016

Gartner-SummitsThe Splunk Security markets team is excited to attend the Gartner Security and Risk Management Summit from June 13-16 in National Harbor, Maryland. This Summit is one of the premier events in the security industry and it provides an opportunity to learn from leading thought leaders but also meet the most innovative companies and understand their challenges.

Splunk will be at the event in full force! Stop by booth #821 to:

  • See live demos of Splunk Enterprise Security, Splunk User Behavior Analytics and learn how to accelerate the detection, investigation and response to threats , cyber attacks and a wide range of security use cases.
  • Understand how Splunk’s analytics-driven security solution helps you discover relationships across all security-relevant data,
» Continue reading

VenueNext and Splunk at Gartner Business Intelligence & Analytics Summit 2016

VenueNext_logoThe following is a guest blog post from Ronak Bhatt, VP of Data Products and Customer Enablement at VenueNext.

There has never been a more exciting time to be a part of the BI and Analytics industry. With constant innovation and new entrants, it is in a constant state of re-imagining. I look forward to being a part of the Gartner BI Event to be held in Grapevine, Texas from March 14 – 16. I am delighted to be presenting and talking about how VenueNext is leveraging Splunk technology to help venue operators gain real-time visibility into venue operations and understand event-goer behavior to transform the in-stadium fan experience.

Levis_MobileVenueNext is a technology company on a mission to transform the …

» Continue reading