Introducing the Splunk App for Stream 6.3 Release!

We just improved our popular and free Splunk App for Stream! In the new Splunk App for Stream 6.3 release we’ve introduced Distributed Forwarder Management (DFM), a functionality that simplifies configuration while increasing administration flexibility. The new 6.3 release is available now on Splunkbase.

As a flexible software solution, you can deploy the Splunk App for Stream anywhere in the network—on-prem or cloud environments. Your implementation can be simple—collecting data from only a handful of SPAN ports, or very complex—with hundreds of different globally distributed Stream forwarders gathering data from endpoints. If your monitoring needs are more complex, you can target and customize how and where to deploy Stream to collect wire data to meet those needs more precisely.…

» Continue reading

Achieving Improved IT Operations with Splunk

Screen Shot 2015-06-02 at 4.40.38 PM

Splunk has a strong reputation for supporting security in the public sector market. But more and more federal, state and local government organizations are realizing Splunk’s Operational Intelligence platform offers far more than security.

Last week, I led the latest “Do you know Splunk?” webcast hosted by Carasoft. This particular webcast focused on how Splunk’s capabilities can be used to simplify and improve IT Operations. Many government agencies are using their Splunk implementations to improve things like mean-time-to-investigate or to proactively monitor Key Performance Indicators (KPIs) for applications to identify and resolve problem areas. During the webcast, we explored a plethora of ways government agencies can and do use Splunk solutions to enhance IT Operations.

A few key …

» Continue reading

Everything you always wanted to know about SPAN ports, Network Taps, Packet Mirrors, and the Splunk App for Stream (but were afraid to ask)

As this is my first Splunk blog post, I’ll keep this short.

This post has to do with moving raw packets around the network and analyzing their contents. In fact, not IP packets at L3, actually Ethernet frames at Layer 2.

Occasionally, engineers have a need to capture and inspect raw packets. This is usually done in the case where you don’t necessarily trust what’s going on with a given application (say a web server, or a DNS server) and you’d actually like to see what’s going over the wire, rather than what the application is telling you from its log. The use case could be one of fault isolation, troubleshooting, or an actual malicious event sourced by a human …

» Continue reading

The M.O. of Insider Threats

B_GSiiLXIAAU1ws

Public concern for defending against cyber threats has grown exponentially over the past five years. However, perhaps the most recognizable U.S. government breach during that time was perpetrated by an insider, Edward Snowden. I recently participated in a webinar that explored how public and private sector organizations should be auditing their data for insider threats. During the conversation, I provided a high-level breakdown of insider threats to help organizations think ahead as they implement new processes and technology solutions to detect threats within their networks.

Who might be considered an insider threatening your system?
There are multiple attributes to consider when identifying potential insider threats. The individual could be a current or former employee, a contractor or business associate. The …

» Continue reading

Splunk at Surescripts: Finding the cure for fraud

surescripts-logo-600x315I had a root canal last month, and it was not fun – at all. Fortunately, the endodontist prescribed some industrial-grade pain medications to help. When I picked up my medicine at Walgreens, that prescription had already gone through some serious hoops – getting verified and validated by the provider, the benefits manager, the payer (aka, insurance) and the pharmacy. That’s where Surescripts comes in – they provide the platform that connects all of the relevant parties together so my prescription can be authorized and I can stop half my face from throbbing.

This process is ripe for abuse – to the tune of billions of dollars each year. As the largest health information network in the United States, …

» Continue reading

.conf2014 Highlight Series: Detecting Fraud and Suspicious Events Using Risk Scoring

LGO-conf2015-RGB

.conf2015 registration is open!

We’re excited to continue our series of .conf2014 #TBT highlights, especially as we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September. This week we revisit Robert Perdues’s presentation about how Splunk can be used to detect fraud and suspicious events using risk scoring.

Skill Level:
Intermediate

Solution Area:
Fraud, Security

Splunk:
Splunk Enterprise

Presentation Overview:
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk …

» Continue reading

Monitoring and alerting for activities of expired user accounts

Hello,

When it comes to insider threats and user activity monitoring, I see a very common use case that works extremely well across multiple industries. I want to share it with you in this blog post.

Monitoring and alerting for activities of expired user accounts

windows-account-expires

Your company can have a lot of different user accounts – not just the internal employed worker. There might be more focus on external contractors who move in and out more often or even B2B portals with intellectual property exchange.

If you need to monitor expired accounts, it comes down to the following:

You need to have the username, expire date and user activity data. To get the expire date information is some homework.

Here are two pieces advice:

  • Get the expiry

» Continue reading

How Government Healthcare Agencies Should Approach Their Vulnerabilities

B_GSiiLXIAAU1wsThe pressures government healthcare agencies have felt for years are surfacing aggressively. This is due, in part, to recent data hacks and the need to protect sensitive information, but the increasing pressure to operate efficiently with smaller budgets plays a significant role as well. Providing valuable care to patients and adhering to compliance and security requirements are added challenges agencies must tackle despite their limited resources.

Exposing government healthcare agencies’ data leads to vulnerabilities that affect the security of public safety, as well as the safety of the U.S. government as a whole. To combat attacks and meet the various security needs, agencies need greater visibility into their data. Accessibility is also key. It is imperative to have the capability …

» Continue reading

Splunk Enterprise Selected Best Fraud Prevention Solution in 2015 SC Awards

It has been an exciting week for all of us at Splunk who were fortunate enough to attend this year’s RSA Conference, focused on cybersecurity. From the wonderful Splunk stories by customers visiting our booth, to the engaging presentations from our partners and customers, RSA is always guaranteed to be a highlight on the Splunk Security calendar. (Our unique t-shirts never fail to build some buzz either!).

IMG_8660During the week we were also honored at the SC Magazine 2015 U.S. awards by winning the Best Fraud Prevention solution. A cross-section of SC Magazine readers selected the finalists and winners in the Reader Trust Award categories, and we are honored that this also marked the third consecutive year that …

» Continue reading

Using Splunk for Your Vulnerability Management

Hello,

The last days have been full of Microsoft ISS http.sys Vulnerability informations and notifications. So patching was at the top of the agenda for many companies and teams.

Recently Verizon also released their yearly data breach report. One of the major trends they have seen is that vulnerabilities are still not patched or isolated at systems  and are one of the highest risk factors over the last 20 years.

“We found that 99,9% of the exploited vulnerabilities had been compromised more than a year after the CVE was published.”

So why are still attackers so successfully with this attack method? I guess it cokes down to the fact that often there is not an established vulnerability incident handling process in place. Did you know …

» Continue reading