CanDeal Can Do with Splunk

I love listening to our customers talk about their passion for Splunk software. The stories they share about never-ending ways they can utilize our software are truly inspiring and there is typically a common thread: it usually starts with one use case in one department. As one customer put it: “Splunk spreads throughout the organization like wildfire.” The recent CanDeal success story we recently published is yet another confirmation of the phenomenal success our customers are having with Splunk software throughout the entire enterprise.

CanDeal_Logo

It all started with security…

At CanDeal, a Canadian financial services company, they take their security seriously—especially with tighter and rising financial regulatory requirements. CanDeal wanted to proactively tackle and alleviate advanced persistent threats, and thus …

» Continue reading

Detecting dynamic DNS domains in Splunk

Name a security breach or sample of malware in the last five years and you will come across a fairly common denominator: the malware (or the method of data exfiltration) used a “Dynamic DNS” hostname to connect to the Internet [1][2][3][4][5]. But what is dynamic DNS (DDNS)? Why do malicious actors use it? And how do network defenders detect it in their network?

On a basic level, dynamic DNS allows for sub-domains to have IP addresses that can be quickly changed, often in real-time. Legitimate users take advantage of this service by using providers such as noip.com or duckdns.org to create easy to remember subdomains (such as the example “myhouse.no-ip[.]org”) …

» Continue reading

Using Data Analytics to Help Secure State and Local Government Networks

B_GSiiLXIAAU1wsWhile we eagerly await the government’s 30-day cybersecurity sprint report, it is important to remember that large federal agencies such as OPM aren’t the only ones susceptible to cyberattacks. State and local governments handle and collect confidential data just as frequently as federal agencies, which makes them attractive targets for cyberattackers. As the feds search for answers in the wake of OPM, state and local governments should likewise be reevaluating their cybersecurity approaches.

A lot of talk around cybersecurity focuses on improving data encryption, password protection and authentication practices. But one of best, and most underutilized, security resources in government is the data already being collected and the insights that information contains. State and local governments need to start embracing …

» Continue reading

Masters Of Machines 2015 Part 4: Meeting the increasing security threat head-on with Operational Intelligence

Matrix FightIn the fourth and final part of this blog series to accompany the “Masters of Machines II” research from Splunk and industry analyst Quocirca, we discuss the rising security threats faced by organisations today and how Operational Intelligence has a key part to play in defending yourself.

 

 

 

 

If you want to catch up with previous posts:

Part 1 – Discusses the high level findings from the research

Part 2 – The increase in IT complexity and managing it with OI

Part 3 – How to improve customer experience by harnessing machine data

 

The fastest growing IT management concern from 2013 to 2015 was increased security threats through the compromise of IT systems.

Report-Fig-09

The …

» Continue reading

Evaluating the Government’s Approach to Investing in Cyber

B_GSiiLXIAAU1wsAs you’ve probably noticed, there has been significant media coverage lately about federal agency breaches and the importance of improving cybersecurity practices. The most recent breach of the Office of Personnel Management (OPM) has put a spotlight back on the security practices of federal agencies and has created questions for government leaders around how they can better secure their data. In fact, the incident prompted U.S. Federal CIO Tony Scott to issue a 30-day cybersecurity sprint calling on agencies to evaluate current practices and begin addressing any security gaps or vulnerabilities. But what else can agencies be doing to improve their security posture?

One of the best ways agencies can start doing a better job of securing their networks is …

» Continue reading

Splunk at Infosecurity Europe 2015

Hello Folks,

Infosecurity Europe Logo_RGBA few weeks ago Splunk attended the Infosec conference in London. It was a busy event full of great security gurus on a mission to protect their environment with state of the art defences.

Enterprise Security 3.3

Security experts got to see live demos at the Splunk booth of the Splunk Enterprise platform as well as key apps including the Splunk App for Enterprise Security, PaloAlto, Fireye, Cisco Security and many more. They learned how to quickly identify, investigate, and respond to internal and external threats throughout their organization. Attendees of the conference were particularly interested in the STIX/TAXII and OpenIOC integration. If you want to learn more – here are some resources:

Bright Talk – What keeps

» Continue reading

State and Local Government: Unleashing Your Data

B_GSiiLXIAAU1wsThe right big data solution for state and local government agencies can help thwart cyber attacks, improve IT operations, enhance citizen services, and more. Realizing the full value of your data will unlock a trove of insight to support your agency’s mission.

Government agencies at every level face security and compliance challenges. With state and local government IT budgets shrinking, the state of security within these agencies has become top-of-mind due, in part, to the direct effects it can have on public safety. Splunk works with many state and local government agencies to help them manage their unstructured data, fulfill compliance requirements, monitor and detect security threats, and understand patterns within their data to gain new insights.

Splunk worked with

» Continue reading

Phishing – What does it look like in machine data?

Hello Security Ninjas,

Shark_Phishingin the last write up i shared info of a phishing mail i received and what questions do you want to ask once an attack is identified. In this one, i want to give you some technical insights how it can look like when performing an investigation. I’m sure you have analyzed some of those attacks in your own environment so you know the departments that might be most targeted e.g. your high risk users – if you haven’t I highly recommend you check your own environment by collecting data from the different sources and analyzing how infections start in your environment and where they occur most often.

In this case for tracking the process and generating the activity events …

» Continue reading

Introducing the Splunk App for Stream 6.3 Release!

We just improved our popular and free Splunk App for Stream! In the new Splunk App for Stream 6.3 release we’ve introduced Distributed Forwarder Management (DFM), a functionality that simplifies configuration while increasing administration flexibility. The new 6.3 release is available now on Splunkbase.

As a flexible software solution, you can deploy the Splunk App for Stream anywhere in the network—on-prem or cloud environments. Your implementation can be simple—collecting data from only a handful of SPAN ports, or very complex—with hundreds of different globally distributed Stream forwarders gathering data from endpoints. If your monitoring needs are more complex, you can target and customize how and where to deploy Stream to collect wire data to meet those needs more precisely.…

» Continue reading

Achieving Improved IT Operations with Splunk

Screen Shot 2015-06-02 at 4.40.38 PM

Splunk has a strong reputation for supporting security in the public sector market. But more and more federal, state and local government organizations are realizing Splunk’s Operational Intelligence platform offers far more than security.

Last week, I led the latest “Do you know Splunk?” webcast hosted by Carasoft. This particular webcast focused on how Splunk’s capabilities can be used to simplify and improve IT Operations. Many government agencies are using their Splunk implementations to improve things like mean-time-to-investigate or to proactively monitor Key Performance Indicators (KPIs) for applications to identify and resolve problem areas. During the webcast, we explored a plethora of ways government agencies can and do use Splunk solutions to enhance IT Operations.

A few key …

» Continue reading