Splunk Stream on a Raspberry Pi? YES!

As a network geek, I’ve always wanted to leverage sniffers and deep packet inspection programs to understand user experience and to secure networks. I have a home lab with many virtual machines. But let’s be honest, I really want to know what my household is doing on the Internet! I needed something light-weight, NOT an appliance as large as a data center!

Network Sniffers aren’t anything new. In fact, they’re old school. But, who would have thought a Raspberry Pi would be powerful enough to act as a real-time 24×7 sniffer? I embarked on this journey recently with the Splunk Stream App. And I must say, I’m pretty impressed.

Splunk Stream captures real-time streaming wire data and performs packet analysis …

» Continue reading

Introducing Splunk Security Use-Cases

Screen Shot 2016-02-03 at 9.13.33 AMOne of the top challenges faced by Splunk customers and Security practitioners is to keep up with the increase in new cyber attacks while investigating and remediating existing threats. Time is of essence while investigating potential threats and determining the scope and root-cause of a potential reach. Shortage of resources and experienced personnel continues to limit the ability to conduct thorough investigations.

To mitigate this persistent problem, Splunk recently introduced new security use case descriptions. These use case descriptions are ready-to-use examples of how to use Splunk security solutions to quickly identify the scope of attacks, determine mitigation options and take remedial activity.

These use case descriptions solve ambiguous as well as known security problems using actionable examples. They …

» Continue reading

My Splunk Origin Story

A World Without Splunk

In my pre-Splunk days, I spent significant time leading the vision for standards and automation in our company’s large distributed IBM WebSphere Network Deployment environment. Even though we used standard build tools and a mature change process, significant entropy and deviations were introduced into the environment as a product of requirements for tuning, business, infrastructure, security, and compliance.

As a result, we were unable to recognize the scope of impact when it came to security vulnerabilities or violations with 3rd party compliance. Even worse for us, we spent way too many staff-hours trying to replicate issues between production and quality assurance environments because we had no easy way to recognize the contributing configuration differences.

It’s a Bird, It’s a

» Continue reading

MSaaS: A Conceptual Multi-Splunk Architecture Framework for Multitenant Splunk Deployments for MSPs, MSSPs and Enterprises

Organizations with large-scale, multitenant Splunk Enterprise deployments need to provide data segregation and access control for individual tenants to meet regulatory requirements or internal security policies. In addition, they need a scalable solution that can successfully handle the volume of data and the growing number of instances under management. These organizations strive to speed deployment and manage both deployment and upgrade risk, all while controlling administrative costs. They need a cost-efficient approach that reduces the marginal cost of each additional Splunk Enterprise instance and helps optimize their total cost of ownership of the platform.

Multiple Splunk as a Service (MSaaS) is an architectural framework that proposes a multi-instance approach to supporting multiple internal or external customers. Although multiple customers can

» Continue reading

Splunk at the Wall for DEF CON 23 – Part II

­­­­Splunk at the Wall for DEF CON 23 – Part II

Hello again. Since the initial post, we’ve released the app developed for the Wall of Sheep. I’m going to go over the functionality here.

To review, the WoS app is meant to be a proof of concept that shows the type of data that traverses the wire, in the clear. Some of the data is innocuous, but we try to highlight the data that could be used by adversaries targeting your data. In fact, you may not even know that you have software using insecure protocols, so it pays to dig in and find out.

Before we go through the various dashboards, I want to comment on …

» Continue reading

Security Forecast for 2016

1215-f-predictions-cover_8805752016 is off to a cracking start with security news – tech announcements, nation state threats, new challenges and new opportunities. Lots of people have made predictions on what we can expect in the next 12 months?

haiyansong_892575Our Vice President of Security Markets, Haiyan Song, takes a different approach for these predictions in SC Magazine. She focuses on action, results, and preparedness. Haiyan notes that as we enter the new year, both government and industry will need to demonstrate how they learned from last year’s cyber mistakes. According to Haiyan, now is the time for the private and public sectors to reexamine cybersecurity strategy, invest in the right technology, bring focus back to people and put new ideas into action. Haiyan encourages the community to evolve our way out of 2015 – the year of the breach – and begin to pivot towards …

» Continue reading

Hackers are already in your environment – spot them with THOR and Splunk!

Hello Security Ninjas,

What_Thor_doesI recently came across a new method (at least for me) to detect and discover advanced persistent threats.

You probably already know about antivirus scanners, IDS Solutions, vulnerability scanners as well as sandbox execution systems like FireEye, the WildFire service from Palo Alto or ThreatGRID from Cisco. However, one of the latest tools, “THOR“, is different.

What is THOR?

THOR is an APT Scanner, a set of binaries that can be executed on demand on either Windows or Unix systems. THOR scans the system for hacking tools, APT indicators, remote access Trojans as well as many other indicators. It also integrates a number of Indicators of Compromise (IOC’s, Yara Signatures). In addition to crawling for the basic stuff, it …

» Continue reading

Splunk App for PCI Compliance 3.0

pci-dssA few weeks ago we proudly announced the release of the Splunk App for PCI Compliance 3.0, which I will call in this post “the App”. The App, developed and supported by Splunk, helps organizations comply with PCI DSS, a global data security standard developed by a consortium of leading payment card companies to protect debit, credit and pre-paid card holder information.

We have many happy customers using this App and also many customers interested in evaluating it. This blog post addresses some of the most commonly asked questions around the App.

How does the Splunk App for PCI Compliance work and what pre-built content is in it?

For the App to work, first you need to index …

» Continue reading

Security Solutions Need Data Science and Machine Learning to Protect Organizations

Screen Shot 2015-11-03 at 3.42.46 PMEvery month we hear about a major breach targeting an enterprise or public sector. Based on current cyberattack growth rates, we anticipate the impact to our global economy to be around three trillion US dollars.

Within the past five years, 2.5 billion records were exposed. From January, 2015 until June 2015, 256 million records were compromised. Breaking that down, that’s…

  • 1,400,000 stolen records per day (or)
  • 56,000 stolen records per hour (or)
  • 943 stolen records per minute.

A recent FireEye study found that on average, an organization takes 205 days to detect advanced threats. We need a security solution that uses a new paradigm to combat modern day attacks…

Splunk calls it Splunk User Behavior Analytics (Splunk UBA).

Splunk UBA

» Continue reading

Technology to Protect Your Technology

orrstownbankdebitcardborderIf it hasn’t happened to you yet, it probably will. That moment when you instinctively check your online bank account only to discover several very recent ATM withdrawals you never made. In fact, you couldn’t have physically made them. The withdrawals were too close together in time, too far apart in distance. You call the bank and learn that they do have protective security measures in place, but the system hadn’t yet flagged the transactions as fraud. You’re relieved. You’ll get your money back. But, you’re discouraged that you discovered the fraud before the bank’s technology did.

According to a 2013 Forrester Report, online fraud costs merchants $200-250 billion per year and financial institutions $12-15 billion. 

At Splunk, our lifeblood …

» Continue reading