Find Malicious Insiders Before You Become a Headline

Screen Shot 2017-02-14 at 10.13.21 AMThe media is filled with reports of Russia’s possible influence over the U.S. presidential elections. While American security agencies are investigating the Kremlin’s possible involvement in a hack of the Democratic National Committee, a U.S. Intelligence Service unclassified report suggests the Russians motive, at least in part, may have been retaliation for the U.S. working with a malicious insider to leak news of a Soviet Olympic athlete doping scandal.

Regardless of whether the report is true, it reveals a growing concern over insider threats for foreign governments everywhere. Countries such as Canada are heavily investing to protect its citizens against insider and foreign attacks, while the U.S. Department of Defense Inspector General found in a recent audit that the U.S. …

» Continue reading

Splunk and Cisco Umbrella: See what you’ve been missing…

The following is a guest post by Rachel Ackerly, product marketing manager, Cisco Umbrella.

Screen Shot 2017-02-13 at 9.40.19 AM

Do you have eyes in the back of your head? (Unless you’re my mother, there is a good chance you don’t.) Many security products claim to provide visibility into what’s happening on your network, but how many actually deliver on that promise?

So how do you see what’s happening on the internet, beyond your perimeter? Isn’t that the question security professionals have been struggling with as the world becomes more mobile? Your employees connect to the internet from many different locations and devices. VPN is no longer necessary to get work done, they use Software-as-a-Service (SaaS) apps. But that leaves users more vulnerable to threats, …

» Continue reading

Day in the Life of a Security Analyst (Part 1)

data-privacy-dayOver the next three months, the Splunk Security team will be looking at the emerging role and hero of the Security Operations Center (SOC): the security analyst. This role has drastically changed over the past 10 years, and we will observe how a changing threat landscape and advancing technology have redefined what it means to be a security analyst.

We’re publishing our first post to coincide with Data Privacy Day, an annual, international effort aimed at creating awareness about the importance of privacy and protecting personal information. In this post, I speak with Splunk Security Analyst and Researcher, Kathy Wang, to discuss life as a security analyst in the early 2000’s.

Take me back 10 years. How did you

» Continue reading

Gaze into Splunk’s Crystal Ball for What’s to Come in 2017

social-splunk-2017predictionsLast year, a team of Splunkers came up with several predictions for what 2016 would bring in the fields of IT, security, and big data. This year we’ve done it again, looking into our crystal ball (or industry experience) to share our prophecies for 2017.

But first, let’s look back at some of the hits and misses of what we predicted for 2016.

Behavioral analysis will shift from an emphasis on user credentials to machine-to-machine credentials.

Haiyan Song, our SVP of security markets, predicted that “anomaly detection will become less about analyzing users or entities and more about leveraging machine learning and data science.” While there’s still a way to go, this has begun to come true: As

» Continue reading

Stop Security Threats With Real-Time Data Monitoring

Imagine having a vast library of books but not being able to see what words live on the page that you are reading or want to read. That would be like being able to ingest security relevant data from a diverse array of data sources but not being able to use that information to monitor your security posture in near real time.

Library of Congress

Library of Congress

Real-time data monitoring is essential to secure an enterprise because it gives security practitioners the ability to monitor and manage the consumption and use of machine data across complex IT and security systems with visual insights into that data. The data can come from sources such as web logs, application usage to digital transactions. Why …

» Continue reading

Nick Bleech from Travis Perkins wins 2016 Ventana Research Leadership Award for his work with Splunk!

Hello Splunkers!

VentanaResearch_LeadershipAwards_Winner2016_lgIt’s always awesome to see our customers succeeding with Splunk. It’s even more pleasing when our customers are recognized for that success as Nick Bleech, CISO at UK builders’ merchant Travis Perkins has been. Nick has received the Ventana Research Technology Leadership Award for CyberSecurity as a result of the organization’s work with Splunk. Congratulations Nick!

These awards, organized by leading analyst firm Ventana Research: “identify business and IT leaders who are using technologies and applying best practices to create the best possible outcomes in productivity, performance and support of an organization’s goals and objectives.”

IMG_6261.JPG

Nick Bleech presented the organization’s journey with Splunk at .conf2016, detailing how Travis Perkins has moved to a lean cloud based SOC model …

» Continue reading

Double whammy for Splunk at the Computing Security Excellence Awards 2016!

Hello all,

 

Yesterday we had the honour of participating in the Security Excellence Awards from Computing.co.uk.

Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinions.

Following the Enterprise Security and Risk and Management Summit held at the Hilton Tower Bridge, the award ceremony  revealed the industry’s leading companies, solutions, products and personalities.

Splunk was nominated in two categories – and was successful in both.

We won the award for Best SIEM for our Splunk Enterprise Security Solution as well as taking home the prize for Security Vendor of the Year.

computing2016

What a great testament to the success customers achieve with our Enterprise Machine Data Fabric. We are always …

» Continue reading

Introducing the Security Investigation Guided Online Experience

Are you looking to get started with Splunk for security? Or perhaps looking for how-to guides to help your Tier 1 analysts investigate security alerts?

Lots of our customers are, so we’re here to help.

Introducing the first in a series of guided online experiences that allow you to detect, validate and scope potential threats using Splunk.

Screen Shot 2016-11-21 at 11.50.43 AM

Step-by-step guide accompanying the Security Investigation online experience.

Each experience in this series will include a video walk through, a step-by-step guide and an online Splunk instance, pre-loaded with data so you can jump right in and learn how to address security issues with Splunk. No download required. No login required. No need to add data. Just get in there and …

» Continue reading

Recap: Splunk @ Blackhat Europe 2016

Hello Splunk Ninjas!
blackhat-euEarly November the Splunk Team attended Blackhat Europe at the Business Design Centre in London. The European hacking and penetration testing community came together to meet, exchange, collaborate and share details on what the latest hacks and vulnerabilities are. It was also an opportunity to showcase potential risks and to discuss how to improve security for organizations and consumers.

Splunk’s schedule was full during the briefing days. In our booth we shared the latest technology about big data analytics in security, machine learning, threat intelligence gathering and how security team’s should prepare for the future with automation.

THREAT HUNTING PRESENTATION, BUSINESS HALL

James Hanlon, Security Markets Specialist, presented in the Business Hall about how …

» Continue reading

Best Practices for using Splunk Enterprise for compliance

Screen Shot 2016-11-09 at 2.06.28 PMIn September at .conf2016, the Splunk worldwide users conference, I co-presented a session titled “How to Use Splunk for Automated Regulatory Compliance.” It included a discussion of regulatory compliance and standard/framework 101 and how Splunk could be used for compliance, including some case studies and product demos of the Splunk App for PCI Compliance, the CIS Critical Security Controls App for Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics.

For the technical ninjas attending the session, the most interesting part was probably the closing section covering best practices related to using Splunk Enterprise for compliance which is the focus of this blog post. I have listed these best practices below in …

» Continue reading