State and Local Government: Unleashing Your Data

B_GSiiLXIAAU1wsThe right big data solution for state and local government agencies can help thwart cyber attacks, improve IT operations, enhance citizen services, and more. Realizing the full value of your data will unlock a trove of insight to support your agency’s mission.

Government agencies at every level face security and compliance challenges. With state and local government IT budgets shrinking, the state of security within these agencies has become top-of-mind due, in part, to the direct effects it can have on public safety. Splunk works with many state and local government agencies to help them manage their unstructured data, fulfill compliance requirements, monitor and detect security threats, and understand patterns within their data to gain new insights.

Splunk worked with

» Continue reading

Phishing – What does it look like in machine data?

Hello Security Ninjas,

Shark_Phishingin the last write up i shared info of a phishing mail i received and what questions do you want to ask once an attack is identified. In this one, i want to give you some technical insights how it can look like when performing an investigation. I’m sure you have analyzed some of those attacks in your own environment so you know the departments that might be most targeted e.g. your high risk users – if you haven’t I highly recommend you check your own environment by collecting data from the different sources and analyzing how infections start in your environment and where they occur most often.

In this case for tracking the process and generating the activity events …

» Continue reading

Introducing the Splunk App for Stream 6.3 Release!

We just improved our popular and free Splunk App for Stream! In the new Splunk App for Stream 6.3 release we’ve introduced Distributed Forwarder Management (DFM), a functionality that simplifies configuration while increasing administration flexibility. The new 6.3 release is available now on Splunkbase.

As a flexible software solution, you can deploy the Splunk App for Stream anywhere in the network—on-prem or cloud environments. Your implementation can be simple—collecting data from only a handful of SPAN ports, or very complex—with hundreds of different globally distributed Stream forwarders gathering data from endpoints. If your monitoring needs are more complex, you can target and customize how and where to deploy Stream to collect wire data to meet those needs more precisely.…

» Continue reading

Achieving Improved IT Operations with Splunk

Screen Shot 2015-06-02 at 4.40.38 PM

Splunk has a strong reputation for supporting security in the public sector market. But more and more federal, state and local government organizations are realizing Splunk’s Operational Intelligence platform offers far more than security.

Last week, I led the latest “Do you know Splunk?” webcast hosted by Carasoft. This particular webcast focused on how Splunk’s capabilities can be used to simplify and improve IT Operations. Many government agencies are using their Splunk implementations to improve things like mean-time-to-investigate or to proactively monitor Key Performance Indicators (KPIs) for applications to identify and resolve problem areas. During the webcast, we explored a plethora of ways government agencies can and do use Splunk solutions to enhance IT Operations.

A few key …

» Continue reading

Everything you always wanted to know about SPAN ports, Network Taps, Packet Mirrors, and the Splunk App for Stream (but were afraid to ask)

As this is my first Splunk blog post, I’ll keep this short.

This post has to do with moving raw packets around the network and analyzing their contents. In fact, not IP packets at L3, actually Ethernet frames at Layer 2.

Occasionally, engineers have a need to capture and inspect raw packets. This is usually done in the case where you don’t necessarily trust what’s going on with a given application (say a web server, or a DNS server) and you’d actually like to see what’s going over the wire, rather than what the application is telling you from its log. The use case could be one of fault isolation, troubleshooting, or an actual malicious event sourced by a human …

» Continue reading

The M.O. of Insider Threats

B_GSiiLXIAAU1ws

Public concern for defending against cyber threats has grown exponentially over the past five years. However, perhaps the most recognizable U.S. government breach during that time was perpetrated by an insider, Edward Snowden. I recently participated in a webinar that explored how public and private sector organizations should be auditing their data for insider threats. During the conversation, I provided a high-level breakdown of insider threats to help organizations think ahead as they implement new processes and technology solutions to detect threats within their networks.

Who might be considered an insider threatening your system?
There are multiple attributes to consider when identifying potential insider threats. The individual could be a current or former employee, a contractor or business associate. The …

» Continue reading

Splunk at Surescripts: Finding the cure for fraud

surescripts-logo-600x315I had a root canal last month, and it was not fun – at all. Fortunately, the endodontist prescribed some industrial-grade pain medications to help. When I picked up my medicine at Walgreens, that prescription had already gone through some serious hoops – getting verified and validated by the provider, the benefits manager, the payer (aka, insurance) and the pharmacy. That’s where Surescripts comes in – they provide the platform that connects all of the relevant parties together so my prescription can be authorized and I can stop half my face from throbbing.

This process is ripe for abuse – to the tune of billions of dollars each year. As the largest health information network in the United States, …

» Continue reading

.conf2014 Highlight Series: Detecting Fraud and Suspicious Events Using Risk Scoring

LGO-conf2015-RGB

.conf2015 registration is open!

We’re excited to continue our series of .conf2014 #TBT highlights, especially as we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September. This week we revisit Robert Perdues’s presentation about how Splunk can be used to detect fraud and suspicious events using risk scoring.

Skill Level:
Intermediate

Solution Area:
Fraud, Security

Splunk:
Splunk Enterprise

Presentation Overview:
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk …

» Continue reading

Monitoring and alerting for activities of expired user accounts

Hello,

When it comes to insider threats and user activity monitoring, I see a very common use case that works extremely well across multiple industries. I want to share it with you in this blog post.

Monitoring and alerting for activities of expired user accounts

windows-account-expires

Your company can have a lot of different user accounts – not just the internal employed worker. There might be more focus on external contractors who move in and out more often or even B2B portals with intellectual property exchange.

If you need to monitor expired accounts, it comes down to the following:

You need to have the username, expire date and user activity data. To get the expire date information is some homework.

Here are two pieces advice:

  • Get the expiry

» Continue reading

How Government Healthcare Agencies Should Approach Their Vulnerabilities

B_GSiiLXIAAU1wsThe pressures government healthcare agencies have felt for years are surfacing aggressively. This is due, in part, to recent data hacks and the need to protect sensitive information, but the increasing pressure to operate efficiently with smaller budgets plays a significant role as well. Providing valuable care to patients and adhering to compliance and security requirements are added challenges agencies must tackle despite their limited resources.

Exposing government healthcare agencies’ data leads to vulnerabilities that affect the security of public safety, as well as the safety of the U.S. government as a whole. To combat attacks and meet the various security needs, agencies need greater visibility into their data. Accessibility is also key. It is imperative to have the capability …

» Continue reading