Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2021

Splunk Named Market Share Leader in ITOM and SIEM Reports

2020 was a challenging year for modern enterprises. In under a year, we experienced a decade's worth of transformation while a global pandemic raged on. And while the worst of COVID-19 will hopefully soon be behind us, the need to continuously transform our digital environment is unequivocally here to stay. We've already seen an example of this, thanks to a significant increase in data generated from across the business.

A day in the life of cybersecurity. Splunk customer stories of SOC-cess

We have a saying at Splunk. It goes something like “if you’re ever having a bad day, go and talk to a customer”. What organizations around the world are doing with their data and Splunk brings a huge smile and an eyebrow raising, positive “can’t quite believe you’ve done that” very-impressed nod of the head. That’s never more true than with our security customers.

That's A Data Problem - How Do Security Programs Drive Business Results?

The sheer number of cybersecurity attacks against companies continues to grow, and with accelerated cloud transformation, IT teams are facing new challenges. To drive innovation and stay competitive, companies need to ensure they are using cloud securely, prioritizing a security first approach and mitigating risks to drive business results.

SOARing to the Clouds with Splunk SOAR

For years, security practitioners have kicked and screamed about their reality. There are too many alerts to fully investigate and manually resolve every day. There is a massive talent shortage of qualified security professionals across the globe. Then couple that with analyst burnout and siloed security point-products. All of these factors are preventing security operation centers (SOCs) from operating at their full potential, with increased efficiency, performance and speed.

Detecting and Investigating Threats in Splunk Security Analytics for AWS

Splunk Security Analytics for AWS’s pre-built, AWS-specific detections and dashboards allow you to easily visualize your AWS environment and centralize your security analysis and investigations. We’ll walk through some of the offering’s key dashboards and detections in this video, as well as the investigation interface.

SOCtails Episode 4 - Respond Fast to Security Incidents with Automated Playbooks

Investigating and responding to phishing attacks is tedious and time-consuming. Kevin responds to phishing attacks by following a step-by-step manual process catalogued in his "Cybersecurity Playbook." Jeff shows Kevin an easier and faster way to respond using automated playbooks from Splunk SOAR (formerly known as Splunk Phantom).

Introducing the World's First Modern Cloud-Based SecOps Platform: Splunk Security Cloud

To say that the past year presented its fair share of cybersecurity challenges to the InfoSec community would be a drastic understatement. The rapid migration to remote work at scale left 80% of CIOs unprepared, and SecOps teams struggled to confront the evolving threat landscape with disparate toolkits and skill sets. Not to mention that as more organizations shifted to hybrid and multi-cloud environments at scale, cloud complexity (and cloud-based threats) skyrocketed.

Splunk SOAR Playbooks: GCP Unusual Service Account Usage

As organizations increase their cloud footprints, it becomes more and more important to implement access control monitoring for as many resources as possible. In previous playbooks, we have shown examples of AWS and Azure account monitoring, but the series would not be complete without also supporting Google Cloud Platform (GCP).

Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

Tales of a Principal Threat Intelligence Analyst

At Splunk, we’re constantly on the hunt for new and emerging threats — tirelessly developing detection techniques to zero in on bad actors, while sharing key intelligence around cybercrime activity. But because threat intelligence can relate to so many different things — ranging from spear phishing campaigns to dark web dealings — it can be a challenge to cover and define all the specifics of what (or who) to look out for.

EO, EO, It's Off to Work We Go! (Protecting Against the Threat of Ransomware with Splunk)

On June 2nd, 2021, the White House released a memo from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology. The subject? “What We Urge You To Do To Protect Against The Threat of Ransomware.” It outlines several recommendations on how to protect your organization from ransomware. The memo was a follow-up to President Biden’s May 12th Executive Order on Improving the Nation’s Cybersecurity Order (EO14028).

Understanding Splunk Phantom's Join Logic

If you’re an active Splunk Phantom user, it’s safe to assume you know what a playbook is. If not, here’s a quick summary: Phantom playbooks allow analysts to automate everyday security tasks, without the need for human interaction. Manual security tasks that used to take 30 minutes can now be executed automatically in seconds using a playbook. The result? Increased productivity and efficiency, time saved, and headaches avoided.