Splunk Named a Leader in Gartner SIEM Magic Quadrant for the Third Straight Year

The Splunk security portfolio, including Splunk® Enterprise and the Splunk App for Enterprise Security, solves Security Information and Event Management (SIEM) requirements to dramatically improve the detection, response and recovery from advanced threats by providing broad security intelligence from data that is collected across IT, the business, and the cloud. Based on the need to protect against advanced threats, a growing number of organizations are using Splunk security analytics to augment, replace and go beyond their legacy SIEM deployments.


This week, Gartner published the 2015 version of its annual Magic Quadrant for Security Information and Event Management. In the report, Splunk was named a leader for the third straight year.

The results of the 2015 Gartner SIEM Magic …

» Continue reading

Accelerate the Detection of Advanced Threats and Malicious Insiders

Cyber threats are becoming increasingly sophisticated, employing multiple attack vectors and utilizing legitimate ports to exfiltrate sensitive company information. These threats often sit undetected on infected systems for months while modifying, viewing, and stealing your data. And unfortunately, finding them is only part of the battle. To effectively remediate them can require days or weeks of investigation from the security team to trace back through the kill chain to determine the source of the infection, the path it employed, and the actions it took. Of course, this is of concern on multiple fronts; not only does the infection remain for a longer period of time, but the cost of remediation can become significant in its own right.

Similarly, malicious insiders …

» Continue reading

Splunk and The Top 10 CIO Priorities for State and Local Goverment

On November 5, 2013, National Association of State Chief Information Officers (NASCIO) released a member service document representing the top 10 state CIO priorities for 2014. The list presents no surprises as state CIOs try to do more with less extracting the most value out of every dollar, providing constituent services, protecting customer data and preventing data breaches.  The list is almost a mirror image of the benefits our customers are seeing with Splunk. I won’t go through the whole list but lets look at the top three.

Security is the number one priority for state CIOs in 2014:

“Security: risk assessment, governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats, third party security

» Continue reading

SplunkLive! DC: Helping Government Make Sense of Machine Data

There are a select number of U.S. cities dominated by certain industries that ultimately help to define those cities. Detroit for cars, Nashville for country music, Pittsburgh for the Steelers and Primanti Brothers – and Washington, DC for government.

Considering there isn’t a single organization or entity in the world with more data than the U.S. government, Washington, DC has been home to annual SplunkLive! events for the past five years. Yesterday, we hosted our largest yet with nearly 750 attendees.

Our Chairman and CEO Godfrey Sullivan kicked off the event with an overview of Splunk’s capabilities in private and public sectors, touching on key points like the importance of machine data for verifying accuracy and how continuous monitoring is imperative …

» Continue reading

A Way of Thinking about Big Data and Security

I often get asked questions like, “I like Splunk but how much data should I be collecting for security purposes? Is there such a thing as too much data? How do I know what matters in my data?

These are good questions but unfortunately the answer really can be, “it depends.” I still believe there’s no such thing as too much data for security purposes if you are using Splunk. For me there are only two types of data, the data your are using for security and the data you’ll need later that you didn’t think you needed at the time. There will come a time when security folk will be looking at the fidelity of the data as an …

» Continue reading

Cognitive Splunking

Hi! Like Rob Reed I get a little excited when things go meta, and I’ve been spending a lot of time being excited at Splunk. One of the things that makes Splunk such a powerful tool is the fact that you can change your meta-cognition filters around on the fly via the magic of late-binding schemas. Index now, understand later is a pretty awesome trick, because it enables Splunk users to continue learning and leverage new understanding instead of getting stuck in whatever was sensible at the time of indexing. Since I spend my days on security and compliance problems this is an obviously useful mechanism, but I’d like to take a little time to write about why it’s interesting …
» Continue reading

Big data, Creativity and What I Learned On My Summer Vacation…

Vacations are good for you. You get a chance to decompress, experience new things and sometimes look at things in a new way or make a connection between things that at first glance may not seem connected at all. When I go on vacation I try to let my mind wander. Usually, I get rewarded with an epiphany or two that I take back to work when the vacation is done.

This vacation I read Imagine: How Creativity Works, by Jonah Lehreh, 2011 published by Canongate London. At 253 pages, it wasn’t very long read but as a former security practitioner it got me thinking a lot about the role of imagination and creativity in a security practice. Science …

» Continue reading

APAC Partners “Splunk Apps of the Year” Competition

Use Cases, Use Cases and more Use Cases. During the APAC Partner Kick Off, we had recently crowned a few apps and named them as the “Splunk Apps of the Year”. Before that, we had a Call for Submissions back in December 2011, and had invited all our APAC partners to participate in this competition. The response was overwhelming, and we had received 15 best-of-the-breed apps that showcase just how Splunk can be used across the industries.

Bounded by a set of Judging Criteria, we began the arduous task of scoring the apps. There weren’t any firm conclusions as each and every one of the apps were stellar and we had to go thru 23 rounds of debates and discussions …

» Continue reading

Splunk and the Cybersecurity Act of 2012

“The United States confronts a dangerous combination of known and unknown vulnerabilities in the cyber domain, strong and rapidly expanding adversary capabilities, and limited threat and vulnerability awareness.”[1]

I recently listened to the final set of hearings on The Cyber Security Act of 2012. The bill was developed, “…in response to the ever-increasing number of cyber attacks on both private companies and the United States government.” The bill is really about critical infrastructure protection as may be managed, owned or operated by either the government or the private sector.  It’s a bi-partisan bill and combines efforts from past sessions from the Senate Committees on Commerce, Homeland Security and Governmental Affairs, and Intelligence Committees. The bill would empower the Department …

» Continue reading

Three Splunk 4.3 features security pros should start using today

There is a lot to like in Splunk 4.3 for security use cases, but three items should be of particular interest to security professionals.

Sparklines – Adding Time to Tables for Reporting

I use tables of information in several of the security reports I create. Usually I’ll want to track a particular type of event and include the number of times it happens along with an average over a period of time. This allows me to benchmark a particular threshold and use that as the impetus for an investigation. For example:

I want to track the number of successful accesses against assets where critical data is stored over a twenty-four hour period by user. My table will contain the name …

» Continue reading