Trust and Resilience at the Speed of Business – How Travis Perkins built a lean SOC with Splunk in the Cloud

Hello,

IMG_6261.JPGThis week we attended the Gartner Security & Risk Management Summit in London. IT-Security Managers from across Europe came together to network, exchange information about the latest cyber security strategies and understand Gartner’s perspective on the market.
As every industry continues to focus on digital transformation and move services online, security has become an even greater organizational priority. Organizations that customers trust and are confident in using will be clear winners in the long term. For many organizations IT related risk has become a major part of their corporate risk assessment that the board of directors has to review regularly .

 

As a result, many organizations have identified the need to build up Security Operations Centers (SOC) or …

» Continue reading

Secure Splunk Web in Five Minutes Using Let’s Encrypt

Configuring SSL for your public facing Splunk instance is time-consuming, expensive and essential in today’s digital environment. Whether you choose to go with a cloud provider or self-hosting; RTFM-ing how to generate the keys correctly and configuring how Splunk should use them can be quite confusing. Last year, a new certificate authority Let’s Encrypt was born in an effort to streamline the CA process and make SSL encryption more widely available to users (The service is FREE). In this short tutorial, we will cover how to make use of this new CA to secure your Splunk instance and stop using self-signed certs.  Using SSL will help you to secure your Splunk instance against MITM attacks. Let’s Encrypt utilizes all of …

» Continue reading

SIEM success patterns – How to get it right!

Hello all,

One of the things I love about machine data is that it can be used in so many ways. Interestingly enough over the years I have observed a common pattern in organizations that have been successful with SIEM. The implementation of a cyber defence center should serve to increase security maturity, strengthen cyber security skills and security intelligence, enabling organisations to successfully stop complex attacks (not just malware!) and better protect customer data and the overall business. Yet in the past I have been called in to meet with prospects regarding failed SIEM deployments and it doesn’t matter which traditional vendor it is there are always similar patterns.

 

What are the patterns of a failed SIEM deployment?

trip_hurdles_800_clr_5680The …

» Continue reading

Splunk & the National Defense University: Educating the Security Warriors

200px-National_Defense_UniversityEvery six months, or once a semester if you are academically inclined, our Splunk Public Sector office in Tysons Corner, VA hosts students from the National Defense University (NDU) in Washington, DC to discuss emerging security trends, the evolving threat landscape and adaptive threat response initiatives that make all data crucial to security warriors.

For those who are not familiar, NDU’s mission is to support warfighters by providing rigorous joint professional military education to members of the U.S. Armed Forces and select others to develop leaders who are able to operate and creatively think in an increasingly unpredictable and complex world. The University’s overarching purpose is to educate, develop and inspire national security leaders.

These semiannual meetings consist of the …

» Continue reading

Splunking a Microsoft Word document for metadata and content analysis

The Big Data ecosystem is nowadays often abbreviated with ‘V’s. The 3Vs of Big Data, or the 4Vs of Big Data, even the 5Vs of Big Data! However many ‘V’s are used, two are always dedicated to Volume and Variety.

Recent news provides particularly rich examples with one being the Panama Papers. As explained by Wikipedia:

The Panama Papers are a leaked set of 11.5 million confidential documents that provide detailed information about more than 214,000 offshore companies listed by the Panamanian corporate service provider Mossack Fonseca. The documents […] totaled 2.6 terabytes of data.

This leak illustrates the following pretty well:

  • The need to process huge volume of data (2.6 TB of data in that particular case)
  • The need to
» Continue reading

Detecting and Responding to the Accidental Breach

Hello All,

Splunk recently commissioned analyst firm IDC to conduct research in EMEA into how capable organizations are at protecting and responding to hapless user activity. The research questioned 400 organizations across the region, producing some really valuable insights.

header_english

At a time when security breaches are inevitable, one of the primary threat vectors is what IDC calls the hapless user. It isn’t a case of the user being stupid – it’s because attacks are getting far better at tricking users into unintentionally clicking on the wrong link or opening attachments which they shouldn’t.

Why organizations cant deal

In the IDC report you can find out about the threats that companies are most worried about in EMEA, what security technologies they are using and what …

» Continue reading

Spotting the Adversary… with Splunk

Howdy Ya’ll. Eventually there is a Rubicon to cross in every Security professional’s life. With a satisfied sigh he’ll take a step back from the keyboard, wipe Dorito dust covered hands on khakis, take a long slug of Mountain Dew, and gaze proudly at his Splunk instance and utter the words “I’ve added all the data sources I can. The network is being ‘monitored’”. Then the smile will falter as his cyber demons claw their way up to the surface.  He’ll hear them scream out “but WHAT am I supposed to look for??”  He (and you) are not alone. Ever since time immemorial (or at least when I first began “practicing” the dark arts of cyber security) I would hear the question of “but what …

» Continue reading

Join Splunk at Gartner Security & Risk Management Summit 2016

Gartner-SummitsThe Splunk Security markets team is excited to attend the Gartner Security and Risk Management Summit from June 13-16 in National Harbor, Maryland. This Summit is one of the premier events in the security industry and it provides an opportunity to learn from leading thought leaders but also meet the most innovative companies and understand their challenges.

Splunk will be at the event in full force! Stop by booth #821 to:

  • See live demos of Splunk Enterprise Security, Splunk User Behavior Analytics and learn how to accelerate the detection, investigation and response to threats , cyber attacks and a wide range of security use cases.
  • Understand how Splunk’s analytics-driven security solution helps you discover relationships across all security-relevant data,
» Continue reading

Get ready for Infosecurity Europe 2016!

Hello,

Infosec 2016It’s time to get ready for the 21st edition of Infosecurity Europe 2016, taking place between the 7th – 9th June at Olympia in London. Infosecurity is Europe’s number one information security event, featuring the largest and most comprehensive education program available, with over 315 exhibitors showcasing the most diverse range of products and services to over 12,000 visitors.

Splunk will be onsite in force at Infosecurity – with several speaking sessions as well as an interactive workshop focused on cloud security. Make sure you prepare early to avoid missing some of our great content at the show! Register today for free entrance (save £35).

Splunk Booth Stand C20 + Theater Presentations

Splunk_at_Infosec

First of all – visit the Splunk stand to get your …

» Continue reading

PostFinance banks on Splunk to improve fraud detection

When I’m thinking about Switzerland, I often think of the Swiss Alps, great chocolate and the famous Swiss army knife. The flexibility of the Swiss army knife reminds me how Swiss bank PostFinance is using the Splunk platform in multiple ways.

We say that Splunk is a SIEM and can fulfill all SIEM use cases but also Splunk is so much more – and PostFinance has proved it once again.

MFO20091022-004

Splunk as a Fraud Platform

PostFinance is using Splunk for compliance and regulation, but beyond those traditional SIEM use cases they also use Splunk as fraud platform, using the insights to protect their customers’ bank accounts and digital payments. In their online banking portal alone they have over 1.6 million customers they have to …

» Continue reading