Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2022

Six SIEM Essentials for Successful SOCs

A few weeks ago, Gartner named Splunk Enterprise Security a Leader in the 2022 Gartner® Magic Quadrant™ for SIEM. This is the ninth consecutive year that Splunk has been placed in the Leader’s quadrant. We’re honored to be recognized and we believe our placement is a testament to our commitment to delivering a data-centric security analytics solution that accelerates threat detection and investigations.

The people have spoken and Splunk wins twice at the ITAwards

You know that us Splunkers love to go deep into use cases and figure out what helps our customers the most. However in today’s business world, industry recognition goes a long way in proving the value in the products and services we use. For example if you were Munich Airport, then it would speak volumes to others if your airport was named as a “First Five-Star Airport” or if you were Dachser Logistics and went on to win the “One Eaton Supplier Premier Award”.

Coffee Talk with SURGe: DOJ China Espionage, Drizly Complaint, Text4Shell, U.S. Midterm Elections

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan competed in a 60 second charity challenge to share their take on the issue of victim-blaming for phishing attacks. The episode ends with a deep dive on cyber threats ahead of the U.S. midterm elections on Nov. 8.

Dark Crystal RAT Agent Deep Dive

The Splunk Threat Research Team (STRT) analyzed and developed Splunk analytics for this RAT to help defenders identify signs of compromise within their networks. Remote Access Trojans (RATs) are one of the most common tools used by threat actors as a malicious payload to attack targeted hosts and steal information. One example is the Dark Crystal RAT (DCRat) that is capable of remote access, post exploitation and data exfiltration.

Splunk Security with the Infosec App

There's so much that can be accomplished with Splunk’s security tools. Today, we are going to focus on all the benefits of the InfoSec App for Splunk. The InfoSec app — which is an entitlement to Splunk customers — is powered by the Splunk platform, and relies on accelerated data models and the Common Information Model (CIM) to provide a consistent and normalized view into the event data that you’ll bring into Splunk.

Inside the SecOps Team at bet365: Moving your SIEM to the Cloud

Hello, I love to look behind the scenes of SecOps teams to learn how they operate. Recently I had the pleasure to work with John Eccleshare, Head of Compliance and Information Security, at bet365 as John took the stage at Gartner Security and Risk Summit in London.

Detect Fraud Sooner with the Splunk App for Fraud Analytics

It will not come as a surprise to you that fraud and financial crime is continuing to challenge organizational business and cyber resiliency plans. Odds are you have dealt with fraud firsthand, or know someone experiencing the pains caused by fraud. Back in 2020 we shared some thoughts about how we believe leveraging a data platform like Splunk can help you gain more anti-fraud value and insights from your data and showed how you can determine what your data is worth.

Coffee Talk with SURGe: EU Data, Vice Society Ransomware, Killnet, Cybersecurity Awareness Month

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick, Ryan, and Audra also competed in a 60 second charity challenge to name their top takeaway from Cybersecurity Awareness Month.

Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis

A new adversary simulation tool is steadily growing in the ranks of popularity among red teamers and most recently adversaries. Brute Ratel states on its website that it "is the most advanced Red Team & Adversary Simulation Software in the current C2 Market." Many of these products are marketed to assist blue teams in validating detection, prevention, and gaps of coverage.