Splunk App for PCI Compliance 3.0

pci-dssA few weeks ago we proudly announced the release of the Splunk App for PCI Compliance 3.0, which I will call in this post “the App”. The App, developed and supported by Splunk, helps organizations comply with PCI DSS, a global data security standard developed by a consortium of leading payment card companies to protect debit, credit and pre-paid card holder information.

We have many happy customers using this App and also many customers interested in evaluating it. This blog post addresses some of the most commonly asked questions around the App.

How does the Splunk App for PCI Compliance work and what pre-built content is in it?

For the App to work, first you need to index …

» Continue reading

Security Solutions Need Data Science and Machine Learning to Protect Organizations

Screen Shot 2015-11-03 at 3.42.46 PMEvery month we hear about a major breach targeting an enterprise or public sector. Based on current cyberattack growth rates, we anticipate the impact to our global economy to be around three trillion US dollars.

Within the past five years, 2.5 billion records were exposed. From January, 2015 until June 2015, 256 million records were compromised. Breaking that down, that’s…

  • 1,400,000 stolen records per day (or)
  • 56,000 stolen records per hour (or)
  • 943 stolen records per minute.

A recent FireEye study found that on average, an organization takes 205 days to detect advanced threats. We need a security solution that uses a new paradigm to combat modern day attacks…

Splunk calls it Splunk User Behavior Analytics (Splunk UBA).

Splunk UBA

» Continue reading

Technology to Protect Your Technology

orrstownbankdebitcardborderIf it hasn’t happened to you yet, it probably will. That moment when you instinctively check your online bank account only to discover several very recent ATM withdrawals you never made. In fact, you couldn’t have physically made them. The withdrawals were too close together in time, too far apart in distance. You call the bank and learn that they do have protective security measures in place, but the system hadn’t yet flagged the transactions as fraud. You’re relieved. You’ll get your money back. But, you’re discouraged that you discovered the fraud before the bank’s technology did.

According to a 2013 Forrester Report, online fraud costs merchants $200-250 billion per year and financial institutions $12-15 billion. 

At Splunk, our lifeblood …

» Continue reading

Drop your breaches: EMEA security sessions at .conf2015

Hi all,

Recently we had our annual user conference .conf2015 at the MGM in Las Vegas. We had many European customers join us there and some of them presented the impressive things they are doing with Splunk and their machine data. Earlier this week, Matt talked about the EMEA customers that presented their IT Operations use cases. I want to share with you how EMEA customers use Splunk for Security. Everything from traditional SIEM use cases, to security analytics with automated response, as well as protecting the business by using Splunk for fraud and forensics. Here are the highlights of this year from EMEA – you can review the slide decks and watch the recordings on our .conf2015

» Continue reading

Recap: Splunk at IT-SA in Nürnberg

Keynote Edward Snowden, Nuernberg Messe; it-sa 2015; Moderation: Soeren von Varchmin;

Keynote Edward Snowden, Nuernberg Messe; it-sa 2015; Moderation: Soeren von Varchmin;

Hi all,
This week the Central Team in EMEA has been very busy at the annual IT-SA conference in lovely Nürnberg.

It’s the largest IT security expo and congress in the German speaking region with over 9,000 visitors. This year the organizer had Edward Snowden as a keynote speaker via video conference. He spoke on the topic of “Defense against the Dark Arts: Today’s cybersecurity problem and how to fix it.”

Splunk had a huge booth and we gave out many, many t-shirts. We also had a visit from Julia Obermeier, Member of the German Parliament. She was particularly interested in how Splunk is doing in Germany and how customers …

» Continue reading

Splunk at the Wall for DEF CON 23

Every year since 1992, security geeks and nefarious hacker types have descended upon Las Vegas for DEF CON, a hacking conference that started with hackers and crackers phreaking AT&T payphones. Twenty-three years later, this pilgrimage has changed, it’s much bigger now and sadly plain old telephone systems (POTS) have taken somewhat of a back seat. Despite the fact that the rumors of cancellation flew around again this year (as it does every year) DEF CON 23 did indeed take place and Splunk was there. In this blog post and the next, I’ll describe what we (Splunk and the Security Practice) did at DEF CON, how we did it, and what is coming next!

Let me begin by describing a bit …

» Continue reading

Random Words on Entropy and DNS

During my last blog post, I mentioned that I would delve more into how to detect subdomains with relatively high entropy. But first I think it is important to discuss WHAT is entropy; WHY do I care if a domain or subdomain has high entropy; and finally, HOW you can use entropy in Splunk to find potentially bad things.


So, what does entropy mean? For the purposes of computer science, I tend to use the definition of entropy as “… a measure of uncertainty in a random variable” [1]. For most things in computer science, entropy is calculated with the Shannon Entropy formula invented by Claude Shannon:


In other words (since if you are still reading this section, …

» Continue reading

Under the Hood of Cisco Security Incident Response Team & Cisco at Splunk .conf15

As a follow-up to Under the Hood of Cisco IT, we highly recommend the recent Cisco on Cisco webinar focused on Threat Detection/IoE and the monitoring capabilities of Cisco’s Computer Security Incident and Response Team (CSIRT). This session provides a detailed overview of the scope of Cisco’s IT environment, threats, and how CSIRT uses various tools to monitor, identify and respond to threats.

Under the Hood of Cisco CSIRT - Webinar


Cisco at Splunk .conf15

And… did you register for Splunk .conf2015 ? Buttercup is packed and ready for Vegas, and will be joined by more than 30 of our favorite Cisco folks. buttercup

Robert Novak of Cisco just published a blog about Cisco & Splunk at .conf2015, so be sure to check it out.

Cisco …

» Continue reading

Splunk .conf 2015 Stream Sessions You Don’t Want to Miss!


Planning my agenda for the .conf2015 next week is really exciting this year. I am sure you feel the same – like a
kid in a candy store! If you are interested in learning about all the benefits Splunk App for Stream can bring you such as better applications visibility or improved security, then mark your calendars for the three sessions you don’t want to miss.

  1. The Splunk team will present “Splunk App for Stream Deployments in the Real World: Enhance Operational Intelligence Across Application Delivery, IT Ops, Security and More” on Wednesday, September 23, 2:15 PM. Here is a sneak peek into our session. First, we will go over how Stream can help you quickly achieve real-time applications intelligence and cloud visibility
» Continue reading

Six Security Principles to Address Digital Business Risk and Cybersecurity: An update from the Gartner Security and Risk Management Summit


Hello, I’m just back from a great Gartner security event in London right next to Big Ben. The event has brought together over 700 IT Security professionals in town for two days to get the latest on how to build an effective cyber security foundation. This year the Security and Risk Summit was the largest Gartner Summit in EMEA and is now bigger than the well-known Gartner datacenter summit. It looks like security has finally made it to the CEO and the top table. The role of security is increasing important thanks to the increasingly hybrid mix of technology in most organisations. This was reinforced by one of the opening quotes:


“Every Business is becoming digital – By 2017,

» Continue reading