Using Data Analytics to Help Secure State and Local Government Networks
While we eagerly await the government’s 30-day cybersecurity sprint report, it is important to remember that large federal agencies such as OPM aren’t the only ones susceptible to cyberattacks. State and local governments handle and collect confidential data just as frequently as federal agencies, which makes them attractive targets for cyberattackers. As the feds search for answers in the wake of OPM, state and local governments should likewise be reevaluating their cybersecurity approaches.
A lot of talk around cybersecurity focuses on improving data encryption, password protection and authentication practices. But one of best, and most underutilized, security resources in government is the data already being collected and the insights that information contains. State and local governments need to start embracing …
Masters Of Machines 2015 Part 4: Meeting the increasing security threat head-on with Operational Intelligence
In the fourth and final part of this blog series to accompany the “Masters of Machines II” research from Splunk and industry analyst Quocirca, we discuss the rising security threats faced by organisations today and how Operational Intelligence has a key part to play in defending yourself.
If you want to catch up with previous posts:
The fastest growing IT management concern from 2013 to 2015 was increased security threats through the compromise of IT systems.
Evaluating the Government’s Approach to Investing in Cyber
As you’ve probably noticed, there has been significant media coverage lately about federal agency breaches and the importance of improving cybersecurity practices. The most recent breach of the Office of Personnel Management (OPM) has put a spotlight back on the security practices of federal agencies and has created questions for government leaders around how they can better secure their data. In fact, the incident prompted U.S. Federal CIO Tony Scott to issue a 30-day cybersecurity sprint calling on agencies to evaluate current practices and begin addressing any security gaps or vulnerabilities. But what else can agencies be doing to improve their security posture?
One of the best ways agencies can start doing a better job of securing their networks is …
Splunk at Infosecurity Europe 2015
A few weeks ago Splunk attended the Infosec conference in London. It was a busy event full of great security gurus on a mission to protect their environment with state of the art defences.
Enterprise Security 3.3
Security experts got to see live demos at the Splunk booth of the Splunk Enterprise platform as well as key apps including the Splunk App for Enterprise Security, PaloAlto, Fireye, Cisco Security and many more. They learned how to quickly identify, investigate, and respond to internal and external threats throughout their organization. Attendees of the conference were particularly interested in the STIX/TAXII and OpenIOC integration. If you want to learn more – here are some resources:
Bright Talk – What keeps …
State and Local Government: Unleashing Your Data
The right big data solution for state and local government agencies can help thwart cyber attacks, improve IT operations, enhance citizen services, and more. Realizing the full value of your data will unlock a trove of insight to support your agency’s mission.
Government agencies at every level face security and compliance challenges. With state and local government IT budgets shrinking, the state of security within these agencies has become top-of-mind due, in part, to the direct effects it can have on public safety. Splunk works with many state and local government agencies to help them manage their unstructured data, fulfill compliance requirements, monitor and detect security threats, and understand patterns within their data to gain new insights.
Phishing – What does it look like in machine data?
Hello Security Ninjas,
in the last write up i shared info of a phishing mail i received and what questions do you want to ask once an attack is identified. In this one, i want to give you some technical insights how it can look like when performing an investigation. I’m sure you have analyzed some of those attacks in your own environment so you know the departments that might be most targeted e.g. your high risk users – if you haven’t I highly recommend you check your own environment by collecting data from the different sources and analyzing how infections start in your environment and where they occur most often.
In this case for tracking the process and generating the activity events …
Introducing the Splunk App for Stream 6.3 Release!
We just improved our popular and free Splunk App for Stream! In the new Splunk App for Stream 6.3 release we’ve introduced Distributed Forwarder Management (DFM), a functionality that simplifies configuration while increasing administration flexibility. The new 6.3 release is available now on Splunkbase.
As a flexible software solution, you can deploy the Splunk App for Stream anywhere in the network—on-prem or cloud environments. Your implementation can be simple—collecting data from only a handful of SPAN ports, or very complex—with hundreds of different globally distributed Stream forwarders gathering data from endpoints. If your monitoring needs are more complex, you can target and customize how and where to deploy Stream to collect wire data to meet those needs more precisely.…
Achieving Improved IT Operations with Splunk
Splunk has a strong reputation for supporting security in the public sector market. But more and more federal, state and local government organizations are realizing Splunk’s Operational Intelligence platform offers far more than security.
Last week, I led the latest “Do you know Splunk?” webcast hosted by Carasoft. This particular webcast focused on how Splunk’s capabilities can be used to simplify and improve IT Operations. Many government agencies are using their Splunk implementations to improve things like mean-time-to-investigate or to proactively monitor Key Performance Indicators (KPIs) for applications to identify and resolve problem areas. During the webcast, we explored a plethora of ways government agencies can and do use Splunk solutions to enhance IT Operations.
A few key …
Everything you always wanted to know about SPAN ports, Network Taps, Packet Mirrors, and the Splunk App for Stream (but were afraid to ask)
As this is my first Splunk blog post, I’ll keep this short.
This post has to do with moving raw packets around the network and analyzing their contents. In fact, not IP packets at L3, actually Ethernet frames at Layer 2.
Occasionally, engineers have a need to capture and inspect raw packets. This is usually done in the case where you don’t necessarily trust what’s going on with a given application (say a web server, or a DNS server) and you’d actually like to see what’s going over the wire, rather than what the application is telling you from its log. The use case could be one of fault isolation, troubleshooting, or an actual malicious event sourced by a human …
The M.O. of Insider Threats
Public concern for defending against cyber threats has grown exponentially over the past five years. However, perhaps the most recognizable U.S. government breach during that time was perpetrated by an insider, Edward Snowden. I recently participated in a webinar that explored how public and private sector organizations should be auditing their data for insider threats. During the conversation, I provided a high-level breakdown of insider threats to help organizations think ahead as they implement new processes and technology solutions to detect threats within their networks.
Who might be considered an insider threatening your system?
There are multiple attributes to consider when identifying potential insider threats. The individual could be a current or former employee, a contractor or business associate. The …