Spotting the Adversary… with Splunk

Howdy Ya’ll. Eventually there is a Rubicon to cross in every Security professional’s life. With a satisfied sigh he’ll take a step back from the keyboard, wipe Dorito dust covered hands on khakis, take a long slug of Mountain Dew, and gaze proudly at his Splunk instance and utter the words “I’ve added all the data sources I can. The network is being ‘monitored’”. Then the smile will falter as his cyber demons claw their way up to the surface.  He’ll hear them scream out “but WHAT am I supposed to look for??”  He (and you) are not alone. Ever since time immemorial (or at least when I first began “practicing” the dark arts of cyber security) I would hear the question of “but what …

» Continue reading

Join Splunk at Gartner Security & Risk Management Summit 2016

Gartner-SummitsThe Splunk Security markets team is excited to attend the Gartner Security and Risk Management Summit from June 13-16 in National Harbor, Maryland. This Summit is one of the premier events in the security industry and it provides an opportunity to learn from leading thought leaders but also meet the most innovative companies and understand their challenges.

Splunk will be at the event in full force! Stop by booth #821 to:

  • See live demos of Splunk Enterprise Security, Splunk User Behavior Analytics and learn how to accelerate the detection, investigation and response to threats , cyber attacks and a wide range of security use cases.
  • Understand how Splunk’s analytics-driven security solution helps you discover relationships across all security-relevant data,
» Continue reading

Get ready for Infosecurity Europe 2016!


Infosec 2016It’s time to get ready for the 21st edition of Infosecurity Europe 2016, taking place between the 7th – 9th June at Olympia in London. Infosecurity is Europe’s number one information security event, featuring the largest and most comprehensive education program available, with over 315 exhibitors showcasing the most diverse range of products and services to over 12,000 visitors.

Splunk will be onsite in force at Infosecurity – with several speaking sessions as well as an interactive workshop focused on cloud security. Make sure you prepare early to avoid missing some of our great content at the show! Register today for free entrance (save £35).

Splunk Booth Stand C20 + Theater Presentations


First of all – visit the Splunk stand to get your …

» Continue reading

PostFinance banks on Splunk to improve fraud detection

When I’m thinking about Switzerland, I often think of the Swiss Alps, great chocolate and the famous Swiss army knife. The flexibility of the Swiss army knife reminds me how Swiss bank PostFinance is using the Splunk platform in multiple ways.

We say that Splunk is a SIEM and can fulfill all SIEM use cases but also Splunk is so much more – and PostFinance has proved it once again.


Splunk as a Fraud Platform

PostFinance is using Splunk for compliance and regulation, but beyond those traditional SIEM use cases they also use Splunk as fraud platform, using the insights to protect their customers’ bank accounts and digital payments. In their online banking portal alone they have over 1.6 million customers they have to …

» Continue reading

Enriching threat feeds with WHOIS information

It’s almost been 2 years since I spent a summer in Seattle interning with the Splunk Security Practice (SecPrax) Team. Damn, time flies! The Splunk Security community is growing everyday, due to the unbelievable amount of flexibility, visibility, insight Splunk Enterprise offers for all data and as I have learned all data is security relevant. Back at Splunk to work with the Security Research team, this is my first blog post and I would like to hear what you people have got to say about it, so please leave a feedback/comment.

What am I missing while doing threat intelligence?

While I am doing some research looking for threat intelligence data sets to ingest into Splunk, I realized there can be …

» Continue reading

Lessons learned from the “SWIFT” Attack


Unfortunately, somewhere in the world a big party must be going on. In February hackers successfully compromised a bank connected to the SWIFT Network in Bangladesh, stealing $81 million – as reported by Reuters earlier this week. While the computer system in Bangladesh seems to have missed a number of IT security best practices, it shows that a connected system even if it’s designed to be closed can be compromised by the weakest supplier, compromising the whole system.




It’s mind blowing to see how much subject matter expertise the hackers must have had about the SWIFT System.

Have we seen this attack in our network, too?

The chances that …

» Continue reading

Back from GISEC 2016 – The day the lights went out



I’m just back from GISEC2016 in Dubai – a great show that brought information security professionals together from across the region. On the Splunk stand we gave out lots of T-shirts – but more importantly – we had great conversations about how Splunk can help small and big organizations to solve their big data and security problems. Examples in the region include Dubai Smart Government, Al Rajhi Bank (Saudi Arabia) or Saudi Arabian Airlines who all are using Splunk to analyze their log data for different functions. This ranged from security to IT operations and IoT , which Splunk is a great fit for.

There were several keynotes with great messages that I wanted to share:

Nigel Gibbons, Global Advisory

» Continue reading

A storm is coming: Get ready for “Badlock” Windows/Samba vulnerability

Hello Security Ninjas,

badlockSomething exploitable this way comes. It appears that a new, high impact vulnerability is set to be unleashed upon the cyber world on April 12th. Of course no high impact vulnerability would be complete without its own logo and website at The vulnerability affects Windows and Samba and according to the researchers who discovered it, “we are pretty sure that there will be exploits soon after we publish all relevant information.”

The vulnerability was discovered by Stefan Metzmacher, a member of the international Samba Core Team, working at SerNet on Samba. He reported the bug to Microsoft and has been working closely with them to fix the problem. As mentioned on the website a patch will …

» Continue reading

GISEC 2016 in Dubai. Life’s a breach.


GISEC is here again. It doesn’t seem long since the last one and the security market seems to have gathered even more pace since this time last year. Splunk is delighted to be at GISEC again this year. It has been an exciting twelve months for Splunk in the security space, including being voted “Best SIEM Solution” at the 2016 SC Magazine Awards. Splunk Enterprise has also been named the Best Fraud Prevention Solution. Splunk is positioned as a leader in the Gartner SIEM Magic Quadrant (a complimentary copy of the report can be found here). The Splunk Middle East team will be at the event to talk about how other leading organisations in the region are using …

» Continue reading

Splunk Security Takes Double Honors at SC Magazine 2016 Awards

Screen Shot 2016-03-09 at 6.42.49 AMLast week I was fortunate enough to accept not just one award, but two awards, on behalf of Splunk at the SC Magazine 2016 Awards in San Francisco. We were honored to be nominated among the other nominees in each category and were thrilled when Splunk Enterprise won a Trust award for “Best Fraud Prevention Solution” and Splunk Enterprise Security won a Trust award for “Best SIEM Solution”.

The awards reflect the value that you, our users and customers, get from our software. When thousands of users and customers across the globe sing the praises of Splunk and how it helps them detect and defeat cyber threats and fraudsters, the awards and accolades tend to follow!

One key observation I had …

» Continue reading