Enriching threat feeds with WHOIS information

It’s almost been 2 years since I spent a summer in Seattle interning with the Splunk Security Practice (SecPrax) Team. Damn, time flies! The Splunk Security community is growing everyday, due to the unbelievable amount of flexibility, visibility, insight Splunk Enterprise offers for all data and as I have learned all data is security relevant. Back at Splunk to work with the Security Research team, this is my first blog post and I would like to hear what you people have got to say about it, so please leave a feedback/comment.

What am I missing while doing threat intelligence?

While I am doing some research looking for threat intelligence data sets to ingest into Splunk, I realized there can be …

» Continue reading

Lessons learned from the “SWIFT” Attack


Unfortunately, somewhere in the world a big party must be going on. In February hackers successfully compromised a bank connected to the SWIFT Network in Bangladesh, stealing $81 million – as reported by Reuters earlier this week. While the computer system in Bangladesh seems to have missed a number of IT security best practices, it shows that a connected system even if it’s designed to be closed can be compromised by the weakest supplier, compromising the whole system.




It’s mind blowing to see how much subject matter expertise the hackers must have had about the SWIFT System.

Have we seen this attack in our network, too?

The chances that …

» Continue reading

Back from GISEC 2016 – The day the lights went out



I’m just back from GISEC2016 in Dubai – a great show that brought information security professionals together from across the region. On the Splunk stand we gave out lots of T-shirts – but more importantly – we had great conversations about how Splunk can help small and big organizations to solve their big data and security problems. Examples in the region include Dubai Smart Government, Al Rajhi Bank (Saudi Arabia) or Saudi Arabian Airlines who all are using Splunk to analyze their log data for different functions. This ranged from security to IT operations and IoT , which Splunk is a great fit for.

There were several keynotes with great messages that I wanted to share:

Nigel Gibbons, Global Advisory

» Continue reading

A storm is coming: Get ready for “Badlock” Windows/Samba vulnerability

Hello Security Ninjas,

badlockSomething exploitable this way comes. It appears that a new, high impact vulnerability is set to be unleashed upon the cyber world on April 12th. Of course no high impact vulnerability would be complete without its own logo and website at BadLock.org. The vulnerability affects Windows and Samba and according to the researchers who discovered it, “we are pretty sure that there will be exploits soon after we publish all relevant information.”

The vulnerability was discovered by Stefan Metzmacher, a member of the international Samba Core Team, working at SerNet on Samba. He reported the bug to Microsoft and has been working closely with them to fix the problem. As mentioned on the website a patch will …

» Continue reading

GISEC 2016 in Dubai. Life’s a breach.


GISEC is here again. It doesn’t seem long since the last one and the security market seems to have gathered even more pace since this time last year. Splunk is delighted to be at GISEC again this year. It has been an exciting twelve months for Splunk in the security space, including being voted “Best SIEM Solution” at the 2016 SC Magazine Awards. Splunk Enterprise has also been named the Best Fraud Prevention Solution. Splunk is positioned as a leader in the Gartner SIEM Magic Quadrant (a complimentary copy of the report can be found here). The Splunk Middle East team will be at the event to talk about how other leading organisations in the region are using …

» Continue reading

Splunk Security Takes Double Honors at SC Magazine 2016 Awards

Screen Shot 2016-03-09 at 6.42.49 AMLast week I was fortunate enough to accept not just one award, but two awards, on behalf of Splunk at the SC Magazine 2016 Awards in San Francisco. We were honored to be nominated among the other nominees in each category and were thrilled when Splunk Enterprise won a Trust award for “Best Fraud Prevention Solution” and Splunk Enterprise Security won a Trust award for “Best SIEM Solution”.

The awards reflect the value that you, our users and customers, get from our software. When thousands of users and customers across the globe sing the praises of Splunk and how it helps them detect and defeat cyber threats and fraudsters, the awards and accolades tend to follow!

One key observation I had …

» Continue reading

Adaptive Response Initiative to Better Combat Advanced Attacks with a Unified Defense

As we kick off this year’s RSA conference, we are very excited to announce the Adaptive Response Initiative, which brings together the best technologies across the security industry to help organizations combat advanced attacks. Splunk is proud to be leading this initiative, with other founding participants comprised of industry leaders from several security categories: Carbon Black, CyberArk, Fortinet, Palo Alto Networks, Phantom, Tanium, ThreatConnect and Ziften. All of these companies will be demonstrating their adaptive response bi-directional integration with Splunk at RSA.

The Initiative aligns best-of-breed vendors – across different security areas – who recognize the importance of helping customers get the most out of collective security intelligence.

“Designing an Adaptive Security Architecture for Protection from Advanced Attacks” Neil MacDonald and Peter Firstbrook, Gartner. Published 12 Feb 2014. Refreshed 28 Jan 2016

“Designing an

» Continue reading

Herjavec Group and Splunk Strengthen Alliance to Provide Managed Security Services

If you think the cereal aisle at the supermarket is confusing, try making a decision about the all-important task of securing your organization against cyberattacks. The options for both challenging scenarios are many and varied in terms of quality. When it comes to computer network security, some organizations opt for in-house staff and on-premises solutions, while others entrust the task to a managed security service provider (MSSP). Herjavec Group, a leading security solutions integrator, reseller, managed service provider and longtime Splunk customer and partner, has adopted Splunk software in its MSSP business.

This strengthened alliance brings together Herjavec Group’s deep expertise in security and security services with Splunk’s industry-leading software platform for real-time Operational Intelligence. Together, they will help …

» Continue reading

Use machine learning and human insights for advanced threat detection and rapid investigation

Security practitioners – take notice! You can now use the power of data science and machine learning across the entire security operations and security intelligence workflow.

Updated 4/19/16
Today, we announced the general availability of Splunk® User Behavior Analytics 2.2 (UBA) and Splunk Enterprise Security 4.1 (ES) which brings significant innovations of Splunk UBA to Splunk ES as well as introduces significant enhancements to both solutions.

Behavioral Analytics in SIEM Workflow

The Splunk ES now uses machine learning detected anomalies data to optimize routine SIEM tasks, reduce complexity, speeding up the ability to detect, investigate and respond to real threats and attacks. Unlike other security solutions that may include analytics based on statistical anomaly detection, Splunk combines both ML anomaly …

» Continue reading

Splunk at RSA 2016

Screen Shot 2016-02-25 at 8.19.21 AM

It’s almost time for RSA 2016 and, as usual, Splunk will be there in full force! In fact, this year we will have two booths – one in the North Hall (#3321) and one in the South Hall (#2620). Yes, that’s double the Splunk for a truly superior RSA experience!

Our North Hall booth will host everything you’ve come to know and love about Splunk – Splunk experts, interactive demos of Splunk security solutions including Splunk Enterprise Security and Splunk User Behavior Analytics, as well as top notch theater presentations, and of course, awesome Splunk t-shirts.

On Wednesday, March 2nd at 2:30pm, the NIST National Cybersecurity Center of Excellence (NCCoE) will conduct a demonstration highlighting their newly-published Cybersecurity

» Continue reading