Splunk at Surescripts: Finding the cure for fraud

surescripts-logo-600x315I had a root canal last month, and it was not fun – at all. Fortunately, the endodontist prescribed some industrial-grade pain medications to help. When I picked up my medicine at Walgreens, that prescription had already gone through some serious hoops – getting verified and validated by the provider, the benefits manager, the payer (aka, insurance) and the pharmacy. That’s where Surescripts comes in – they provide the platform that connects all of the relevant parties together so my prescription can be authorized and I can stop half my face from throbbing.

This process is ripe for abuse – to the tune of billions of dollars each year. As the largest health information network in the United States, …

» Continue reading

.conf2014 Highlight Series: Detecting Fraud and Suspicious Events Using Risk Scoring

LGO-conf2015-RGB

.conf2015 registration is open!

We’re excited to continue our series of .conf2014 #TBT highlights, especially as we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September. This week we revisit Robert Perdues’s presentation about how Splunk can be used to detect fraud and suspicious events using risk scoring.

Skill Level:
Intermediate

Solution Area:
Fraud, Security

Splunk:
Splunk Enterprise

Presentation Overview:
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk …

» Continue reading

Monitoring and alerting for activities of expired user accounts

Hello,

When it comes to insider threats and user activity monitoring, I see a very common use case that works extremely well across multiple industries. I want to share it with you in this blog post.

Monitoring and alerting for activities of expired user accounts

windows-account-expires

Your company can have a lot of different user accounts – not just the internal employed worker. There might be more focus on external contractors who move in and out more often or even B2B portals with intellectual property exchange.

If you need to monitor expired accounts, it comes down to the following:

You need to have the username, expire date and user activity data. To get the expire date information is some homework.

Here are two pieces advice:

  • Get the expiry

» Continue reading

How Government Healthcare Agencies Should Approach Their Vulnerabilities

B_GSiiLXIAAU1wsThe pressures government healthcare agencies have felt for years are surfacing aggressively. This is due, in part, to recent data hacks and the need to protect sensitive information, but the increasing pressure to operate efficiently with smaller budgets plays a significant role as well. Providing valuable care to patients and adhering to compliance and security requirements are added challenges agencies must tackle despite their limited resources.

Exposing government healthcare agencies’ data leads to vulnerabilities that affect the security of public safety, as well as the safety of the U.S. government as a whole. To combat attacks and meet the various security needs, agencies need greater visibility into their data. Accessibility is also key. It is imperative to have the capability …

» Continue reading

Splunk Enterprise Selected Best Fraud Prevention Solution in 2015 SC Awards

It has been an exciting week for all of us at Splunk who were fortunate enough to attend this year’s RSA Conference, focused on cybersecurity. From the wonderful Splunk stories by customers visiting our booth, to the engaging presentations from our partners and customers, RSA is always guaranteed to be a highlight on the Splunk Security calendar. (Our unique t-shirts never fail to build some buzz either!).

IMG_8660During the week we were also honored at the SC Magazine 2015 U.S. awards by winning the Best Fraud Prevention solution. A cross-section of SC Magazine readers selected the finalists and winners in the Reader Trust Award categories, and we are honored that this also marked the third consecutive year that …

» Continue reading

Using Splunk for Your Vulnerability Management

Hello,

The last days have been full of Microsoft ISS http.sys Vulnerability informations and notifications. So patching was at the top of the agenda for many companies and teams.

Recently Verizon also released their yearly data breach report. One of the major trends they have seen is that vulnerabilities are still not patched or isolated at systems  and are one of the highest risk factors over the last 20 years.

“We found that 99,9% of the exploited vulnerabilities had been compromised more than a year after the CVE was published.”

So why are still attackers so successfully with this attack method? I guess it cokes down to the fact that often there is not an established vulnerability incident handling process in place. Did you know …

» Continue reading

Accelerate the Detection of Advanced Threats and Malicious Insiders

Cyber threats are becoming increasingly sophisticated, employing multiple attack vectors and utilizing legitimate ports to exfiltrate sensitive company information. These threats often sit undetected on infected systems for months while modifying, viewing, and stealing your data. And unfortunately, finding them is only part of the battle. To effectively remediate them can require days or weeks of investigation from the security team to trace back through the kill chain to determine the source of the infection, the path it employed, and the actions it took. Of course, this is of concern on multiple fronts; not only does the infection remain for a longer period of time, but the cost of remediation can become significant in its own right.

Similarly, malicious insiders …

» Continue reading

The Splunk Apptitude App Contest to give out $150,000 in prizes

Screen Shot 2015-04-20 at 3.35.48 PM

The RSA Conference 2015 is in full swing here in San Francisco, and Splunk is out in force. With so much news coming out of the conference, it’s easy for things to get lost in the shuffle so I wanted to let you all know the what, why, when and how about the new Splunk Apptitude App Contest that we announced this morning.

WHAT?
The Splunk Apptitude App Contest is an online competition designed to find the next big app using Splunk software. Whether it’s the next cutting edge visualization, or a highly technical security app – we want your big ideas. And we’ll give you more than just bragging rights, we’ll give you cash.

The Splunk Apptitude contest serves …

» Continue reading

SAIC & Splunk as a Security Intelligence Platform

splunk_LogoSplunk is one of the fastest growing companies in the hi-tech industry for a reason. We constantly push the boundaries on how we, and others, think about complex problems. One area that we’ve been successfully driving for a few years now is Security Intelligence. We learned early on, through the eyes of our customers, that the traditional approach to security had severe limitations. It was pure disruption and innovation to invert the thinking in this area and use the native Splunk platform to identify and ingest massive quantities and sources of unstructured and semi-structured data. This has enabled Splunk customers to index machine-generated data and query it with schema-on-the-fly, powering visualizations, dashboards, alerts and proactive remediation. This is what has …

» Continue reading

Security is a hot topic – where better than GISEC in Dubai to get Splunking your security?

logo_gisecNeedless to say security is a hot topic right now with the numbers, sophistication and impact of threats ever increasing. It seems like the upcoming GISEC event in Dubai is well timed. Splunk is exhibiting at the event and we’ll be showcasing how Splunk is used as a security intelligence platform by thousands of organisations worldwide. Splunk has a number of customers in the Middle East from the very large international companies to smaller ones, as well as public sector organisations.

 

A lot of our customers in the region are using Splunk as a security intelligence platform because they need more than a traditional SIEM can offer. In December last year we had the Head of IT Risk for …

» Continue reading