Get ready for Infosecurity Europe 2016!


Infosec 2016It’s time to get ready for the 21st edition of Infosecurity Europe 2016, taking place between the 7th – 9th June at Olympia in London. Infosecurity is Europe’s number one information security event, featuring the largest and most comprehensive education program available, with over 315 exhibitors showcasing the most diverse range of products and services to over 12,000 visitors.

Splunk will be onsite in force at Infosecurity – with several speaking sessions as well as an interactive workshop focused on cloud security. Make sure you prepare early to avoid missing some of our great content at the show! Register today for free entrance (save £35).

Splunk Booth Stand C20 + Theater Presentations


First of all – visit the Splunk stand to get your …

» Continue reading

PostFinance banks on Splunk to improve fraud detection

When I’m thinking about Switzerland, I often think of the Swiss Alps, great chocolate and the famous Swiss army knife. The flexibility of the Swiss army knife reminds me how Swiss bank PostFinance is using the Splunk platform in multiple ways.

We say that Splunk is a SIEM and can fulfill all SIEM use cases but also Splunk is so much more – and PostFinance has proved it once again.


Splunk as a Fraud Platform

PostFinance is using Splunk for compliance and regulation, but beyond those traditional SIEM use cases they also use Splunk as fraud platform, using the insights to protect their customers’ bank accounts and digital payments. In their online banking portal alone they have over 1.6 million customers they have to …

» Continue reading

Enriching threat feeds with WHOIS information

It’s almost been 2 years since I spent a summer in Seattle interning with the Splunk Security Practice (SecPrax) Team. Damn, time flies! The Splunk Security community is growing everyday, due to the unbelievable amount of flexibility, visibility, insight Splunk Enterprise offers for all data and as I have learned all data is security relevant. Back at Splunk to work with the Security Research team, this is my first blog post and I would like to hear what you people have got to say about it, so please leave a feedback/comment.

What am I missing while doing threat intelligence?

While I am doing some research looking for threat intelligence data sets to ingest into Splunk, I realized there can be …

» Continue reading

Lessons learned from the “SWIFT” Attack


Unfortunately, somewhere in the world a big party must be going on. In February hackers successfully compromised a bank connected to the SWIFT Network in Bangladesh, stealing $81 million – as reported by Reuters earlier this week. While the computer system in Bangladesh seems to have missed a number of IT security best practices, it shows that a connected system even if it’s designed to be closed can be compromised by the weakest supplier, compromising the whole system.




It’s mind blowing to see how much subject matter expertise the hackers must have had about the SWIFT System.

Have we seen this attack in our network, too?

The chances that …

» Continue reading

Back from GISEC 2016 – The day the lights went out



I’m just back from GISEC2016 in Dubai – a great show that brought information security professionals together from across the region. On the Splunk stand we gave out lots of T-shirts – but more importantly – we had great conversations about how Splunk can help small and big organizations to solve their big data and security problems. Examples in the region include Dubai Smart Government, Al Rajhi Bank (Saudi Arabia) or Saudi Arabian Airlines who all are using Splunk to analyze their log data for different functions. This ranged from security to IT operations and IoT , which Splunk is a great fit for.

There were several keynotes with great messages that I wanted to share:

Nigel Gibbons, Global Advisory

» Continue reading

A storm is coming: Get ready for “Badlock” Windows/Samba vulnerability

Hello Security Ninjas,

badlockSomething exploitable this way comes. It appears that a new, high impact vulnerability is set to be unleashed upon the cyber world on April 12th. Of course no high impact vulnerability would be complete without its own logo and website at The vulnerability affects Windows and Samba and according to the researchers who discovered it, “we are pretty sure that there will be exploits soon after we publish all relevant information.”

The vulnerability was discovered by Stefan Metzmacher, a member of the international Samba Core Team, working at SerNet on Samba. He reported the bug to Microsoft and has been working closely with them to fix the problem. As mentioned on the website a patch will …

» Continue reading

GISEC 2016 in Dubai. Life’s a breach.


GISEC is here again. It doesn’t seem long since the last one and the security market seems to have gathered even more pace since this time last year. Splunk is delighted to be at GISEC again this year. It has been an exciting twelve months for Splunk in the security space, including being voted “Best SIEM Solution” at the 2016 SC Magazine Awards. Splunk Enterprise has also been named the Best Fraud Prevention Solution. Splunk is positioned as a leader in the Gartner SIEM Magic Quadrant (a complimentary copy of the report can be found here). The Splunk Middle East team will be at the event to talk about how other leading organisations in the region are using …

» Continue reading

Splunk Security Takes Double Honors at SC Magazine 2016 Awards

Screen Shot 2016-03-09 at 6.42.49 AMLast week I was fortunate enough to accept not just one award, but two awards, on behalf of Splunk at the SC Magazine 2016 Awards in San Francisco. We were honored to be nominated among the other nominees in each category and were thrilled when Splunk Enterprise won a Trust award for “Best Fraud Prevention Solution” and Splunk Enterprise Security won a Trust award for “Best SIEM Solution”.

The awards reflect the value that you, our users and customers, get from our software. When thousands of users and customers across the globe sing the praises of Splunk and how it helps them detect and defeat cyber threats and fraudsters, the awards and accolades tend to follow!

One key observation I had …

» Continue reading

Adaptive Response Initiative to Better Combat Advanced Attacks with a Unified Defense

As we kick off this year’s RSA conference, we are very excited to announce the Adaptive Response Initiative, which brings together the best technologies across the security industry to help organizations combat advanced attacks. Splunk is proud to be leading this initiative, with other founding participants comprised of industry leaders from several security categories: Carbon Black, CyberArk, Fortinet, Palo Alto Networks, Phantom, Tanium, ThreatConnect and Ziften. All of these companies will be demonstrating their adaptive response bi-directional integration with Splunk at RSA.

The Initiative aligns best-of-breed vendors – across different security areas – who recognize the importance of helping customers get the most out of collective security intelligence.

“Designing an Adaptive Security Architecture for Protection from Advanced Attacks” Neil MacDonald and Peter Firstbrook, Gartner. Published 12 Feb 2014. Refreshed 28 Jan 2016

“Designing an

» Continue reading

Herjavec Group and Splunk Strengthen Alliance to Provide Managed Security Services

If you think the cereal aisle at the supermarket is confusing, try making a decision about the all-important task of securing your organization against cyberattacks. The options for both challenging scenarios are many and varied in terms of quality. When it comes to computer network security, some organizations opt for in-house staff and on-premises solutions, while others entrust the task to a managed security service provider (MSSP). Herjavec Group, a leading security solutions integrator, reseller, managed service provider and longtime Splunk customer and partner, has adopted Splunk software in its MSSP business.

This strengthened alliance brings together Herjavec Group’s deep expertise in security and security services with Splunk’s industry-leading software platform for real-time Operational Intelligence. Together, they will help …

» Continue reading