SIEM success patterns – How to get it right!

Hello all,

One of the things I love about machine data is that it can be used in so many ways. Interestingly enough over the years I have observed a common pattern in organizations that have been successful with SIEM. The implementation of a cyber defence center should serve to increase security maturity, strengthen cyber security skills and security intelligence, enabling organisations to successfully stop complex attacks (not just malware!) and better protect customer data and the overall business. Yet in the past I have been called in to meet with prospects regarding failed SIEM deployments and it doesn’t matter which traditional vendor it is there are always similar patterns.

 

What are the patterns of a failed SIEM deployment?

trip_hurdles_800_clr_5680The …

» Continue reading

Splunk & the National Defense University: Educating the Security Warriors

200px-National_Defense_UniversityEvery six months, or once a semester if you are academically inclined, our Splunk Public Sector office in Tysons Corner, VA hosts students from the National Defense University (NDU) in Washington, DC to discuss emerging security trends, the evolving threat landscape and adaptive threat response initiatives that make all data crucial to security warriors.

For those who are not familiar, NDU’s mission is to support warfighters by providing rigorous joint professional military education to members of the U.S. Armed Forces and select others to develop leaders who are able to operate and creatively think in an increasingly unpredictable and complex world. The University’s overarching purpose is to educate, develop and inspire national security leaders.

These semiannual meetings consist of the …

» Continue reading

Splunking a Microsoft Word document for metadata and content analysis

The Big Data ecosystem is nowadays often abbreviated with ‘V’s. The 3Vs of Big Data, or the 4Vs of Big Data, even the 5Vs of Big Data! However many ‘V’s are used, two are always dedicated to Volume and Variety.

Recent news provides particularly rich examples with one being the Panama Papers. As explained by Wikipedia:

The Panama Papers are a leaked set of 11.5 million confidential documents that provide detailed information about more than 214,000 offshore companies listed by the Panamanian corporate service provider Mossack Fonseca. The documents […] totaled 2.6 terabytes of data.

This leak illustrates the following pretty well:

  • The need to process huge volume of data (2.6 TB of data in that particular case)
  • The need to
» Continue reading

Detecting and Responding to the Accidental Breach

Hello All,

Splunk recently commissioned analyst firm IDC to conduct research in EMEA into how capable organizations are at protecting and responding to hapless user activity. The research questioned 400 organizations across the region, producing some really valuable insights.

header_english

At a time when security breaches are inevitable, one of the primary threat vectors is what IDC calls the hapless user. It isn’t a case of the user being stupid – it’s because attacks are getting far better at tricking users into unintentionally clicking on the wrong link or opening attachments which they shouldn’t.

Why organizations cant deal

In the IDC report you can find out about the threats that companies are most worried about in EMEA, what security technologies they are using and what …

» Continue reading

Spotting the Adversary… with Splunk

Howdy Ya’ll. Eventually there is a Rubicon to cross in every Security professional’s life. With a satisfied sigh he’ll take a step back from the keyboard, wipe Dorito dust covered hands on khakis, take a long slug of Mountain Dew, and gaze proudly at his Splunk instance and utter the words “I’ve added all the data sources I can. The network is being ‘monitored’”. Then the smile will falter as his cyber demons claw their way up to the surface.  He’ll hear them scream out “but WHAT am I supposed to look for??”  He (and you) are not alone. Ever since time immemorial (or at least when I first began “practicing” the dark arts of cyber security) I would hear the question of “but what …

» Continue reading

Join Splunk at Gartner Security & Risk Management Summit 2016

Gartner-SummitsThe Splunk Security markets team is excited to attend the Gartner Security and Risk Management Summit from June 13-16 in National Harbor, Maryland. This Summit is one of the premier events in the security industry and it provides an opportunity to learn from leading thought leaders but also meet the most innovative companies and understand their challenges.

Splunk will be at the event in full force! Stop by booth #821 to:

  • See live demos of Splunk Enterprise Security, Splunk User Behavior Analytics and learn how to accelerate the detection, investigation and response to threats , cyber attacks and a wide range of security use cases.
  • Understand how Splunk’s analytics-driven security solution helps you discover relationships across all security-relevant data,
» Continue reading

Get ready for Infosecurity Europe 2016!

Hello,

Infosec 2016It’s time to get ready for the 21st edition of Infosecurity Europe 2016, taking place between the 7th – 9th June at Olympia in London. Infosecurity is Europe’s number one information security event, featuring the largest and most comprehensive education program available, with over 315 exhibitors showcasing the most diverse range of products and services to over 12,000 visitors.

Splunk will be onsite in force at Infosecurity – with several speaking sessions as well as an interactive workshop focused on cloud security. Make sure you prepare early to avoid missing some of our great content at the show! Register today for free entrance (save £35).

Splunk Booth Stand C20 + Theater Presentations

Splunk_at_Infosec

First of all – visit the Splunk stand to get your …

» Continue reading

PostFinance banks on Splunk to improve fraud detection

When I’m thinking about Switzerland, I often think of the Swiss Alps, great chocolate and the famous Swiss army knife. The flexibility of the Swiss army knife reminds me how Swiss bank PostFinance is using the Splunk platform in multiple ways.

We say that Splunk is a SIEM and can fulfill all SIEM use cases but also Splunk is so much more – and PostFinance has proved it once again.

MFO20091022-004

Splunk as a Fraud Platform

PostFinance is using Splunk for compliance and regulation, but beyond those traditional SIEM use cases they also use Splunk as fraud platform, using the insights to protect their customers’ bank accounts and digital payments. In their online banking portal alone they have over 1.6 million customers they have to …

» Continue reading

Enriching threat feeds with WHOIS information

It’s almost been 2 years since I spent a summer in Seattle interning with the Splunk Security Practice (SecPrax) Team. Damn, time flies! The Splunk Security community is growing everyday, due to the unbelievable amount of flexibility, visibility, insight Splunk Enterprise offers for all data and as I have learned all data is security relevant. Back at Splunk to work with the Security Research team, this is my first blog post and I would like to hear what you people have got to say about it, so please leave a feedback/comment.

What am I missing while doing threat intelligence?

While I am doing some research looking for threat intelligence data sets to ingest into Splunk, I realized there can be …

» Continue reading

Lessons learned from the “SWIFT” Attack

Hello,

Unfortunately, somewhere in the world a big party must be going on. In February hackers successfully compromised a bank connected to the SWIFT Network in Bangladesh, stealing $81 million – as reported by Reuters earlier this week. While the computer system in Bangladesh seems to have missed a number of IT security best practices, it shows that a connected system even if it’s designed to be closed can be compromised by the weakest supplier, compromising the whole system.

Source: BAE SYSTEMS

Source: BAE SYSTEMS

 

It’s mind blowing to see how much subject matter expertise the hackers must have had about the SWIFT System.

Have we seen this attack in our network, too?

The chances that …

» Continue reading