SplunkLive! DC: Helping Government Make Sense of Machine Data
There are a select number of U.S. cities dominated by certain industries that ultimately help to define those cities. Detroit for cars, Nashville for country music, Pittsburgh for the Steelers and Primanti Brothers – and Washington, DC for government.
Considering there isn’t a single organization or entity in the world with more data than the U.S. government, Washington, DC has been home to annual SplunkLive! events for the past five years. Yesterday, we hosted our largest yet with nearly 750 attendees.
Our Chairman and CEO Godfrey Sullivan kicked off the event with an overview of Splunk’s capabilities in private and public sectors, touching on key points like the importance of machine data for verifying accuracy and how continuous monitoring is…
Last year, I created an app template to detect whether your users went to a phishing web site where you would supply the app the sourcetype name of your proxy logs and the URL destination field where they went. You can still download this Phishing app template from Splunkbase. In the same manner, I have created an app template called SQL Injection Search that you can download from Splunkbase.
Install the app and provide either of the two form search dashboards the name of your sourcetype representing your web logs (e.g., access_combined) and the name of the field in the sourcetype that represents the URI query string (e.g., uri_query). One form search uses patterns to detect if possible…
Splunk Joins Public-Private Partnership to Improve Cybersecurity
Last week Splunk joined several other companies at U.S. NIST’s signing ceremony symbolizing our participation and partnership in the National Cybersecurity Center of Excellence (NCCoE).
There’s no doubt that there is a critical need to protect private-sector intellectual property and other valuable business data from a growing number of cyber threats. This partnership illustrates our commitment to the spirit of collaboration while providing real-world cybersecurity capabilities that address business needs.
The NCCoE has three key goals:
- Provide practical cybersecurity – Help people secure their data and digital infrastructure by equipping them with practical ways to implement cost-effective, repeatable and scalable cybersecurity solutions.
- Increase rate of adoption – Enable companies rapidly adopt commercially available cybersecurity technologies by reducing their total
More Breaches and More Accusations Against the Chinese
This past week several very prominent American news organizations publicly admitted having their computer systems hacked into, and explicitly blamed the Chinese government:
“Chinese hackers suspected in attack on The Post’s computers” – The Washington Post
“A Cyberattack From China” – The New York Times
“Chinese Hackers Hit U.S. Media” – The Wall Street Journal
There are several aspects of these events that seem to herald a change in this now familiar story of computer breaches reportedly being conducted by the Chinese. First is the public acknowledgement of the targeting of an apparent industry / sector – by that sector itself. (Obviously, the oil and financial services sectors have been explicitly targeted previously, but companies within those sectors did not…
Another Wireless Security Problem
For years now, information security professionals have worried about the security of wireless connectivity to our organizational networks. “Wireless” has typically been defined, informally at least, as Wi-Fi. We have tended to discount security concerns about Bluetooth because of its supposedly short range – officially stated as approximately 1 to 100 meters, depending upon class of the device. That is in spite of the known threat of so-called Bluesniping. (See, for example, “Rifle’ Sniffs Out Vulnerability in Bluetooth Devices”.)
Because most WI-FI WAPs (wireless access points) have very limited processing and storage capabilities, authentication to WAPs is generally handled as a shared secret by the WAP itself, or through the external interface of a firewall connecting to an internal…
Structured Threat Information eXpression (STIX)
As we enter a new year, there is acronym that you need to be familiar with: STIX. STIX is the Structured Threat Information eXpression language; it is not a program, policy, system, or application. It is XML for security.
The goal of STIX is to automate the sharing of cyber attack information. And, while the language is new, the concept is not. In fact, we’ve already been down this path at least twice before. ‘First’ (though there may have been earlier efforts) we had IODEF, Incident Object Description Exchange Format (RFC 5070) in December 2007. Then we had RID, Real-time Inter-network Defense (RFC #6046) in November 2010.
So, while there is clearly a need to automate this…
A Way of Thinking about Big Data and Security
I often get asked questions like, “I like Splunk but how much data should I be collecting for security purposes? Is there such a thing as too much data? How do I know what matters in my data?
These are good questions but unfortunately the answer really can be, “it depends.” I still believe there’s no such thing as too much data for security purposes if you are using Splunk. For me there are only two types of data, the data your are using for security and the data you’ll need later that you didn’t think you needed at the time. There will come a time when security folk will be looking at the fidelity of the data as an…
Big data, Creativity and What I Learned On My Summer Vacation…
Vacations are good for you. You get a chance to decompress, experience new things and sometimes look at things in a new way or make a connection between things that at first glance may not seem connected at all. When I go on vacation I try to let my mind wander. Usually, I get rewarded with an epiphany or two that I take back to work when the vacation is done.
This vacation I read Imagine: How Creativity Works, by Jonah Lehreh, 2011 published by Canongate London. At 253 pages, it wasn’t very long read but as a former security practitioner it got me thinking a lot about the role of imagination and creativity in a security practice.…
#SplunkGovt Twitter Chat: A Sneak Peak at What We’ll Explore at SplunkLIVE! Washington, D.C.
If the White House’s recent Big Data Research and Development Initiative is any indication, big data is a big deal for government. However, collecting, analyzing and reacting to large amounts of machine-generated data can prove to be challenging for agencies
Yesterday we teamed up with Bob Gourley from CTO Vision to host a Twitter chat on how government can make sense of it all. From data analysis for operational intelligence to log management for cyber defense, we covered a number of ways agencies can make the most of their data. Here are a few key takeaways from the discussion
- Determine how to deal with the data explosion. One of the most significant barriers to harnessing big data