Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2023

Computer Security Incident Response Teams: CSIRT Models, Skills & Best Practices

If you are a fan of superhero movies like me, the assembling of the Avengers or Justice League at a pivotal moment to take on the villains is one exhilarating experience. That the collective strength, rather than individual brilliance, saves the day is a common them in most films of this genre. And the same can be applied to any organization that comes face to face with a major cybersecurity incident such as an enterprise-wide ransomware attack or a massive DDOS attack: the teams save the day.

Attack Surface Management (ASM): Examples, Software & the 4-Step ASM Lifecycle

A critical part of an organization’s overall cybersecurity strategy, Attack Surface Management (ASM) helps organizations to: This article describes ASM is, including why it is needed and how it works. At the end, I’ll discuss how software solutions can automate attack surface management. (This article was written by Shanika Wickramasinghe. See more of Shanika's contributions to Splunk Learn.)

Ransomware Families Bringing Home the Biggest Security Risks

Ransomware is the type of malware that locks you out of your own computer until you pay a ransom. This digital extortion is one of the most serious security threats facing the Internet today. Ransomware not only impacts unsuspecting Internet users, but business organizations, government institutions and even critical services such as utility, healthcare and emergency facilities. Ransomware has been around for many years.

Coffee Talk with SURGe!

Grab a cup of coffee and join David Bianco, Shannon Davis, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: David Bianco and Shannon Davis also competed in a charity challenge comparing the pros and cons of the Pyramid of Pain, a conceptual model created by David to order indicators of compromise (IOCs) by the pain they cause adversaries when the IOCs are not available to them.

The Triple DES Intro: Triple Data Encryption Standard

Triple Data Encryption Standard (Triple DES) is a symmetric block cipher-based cryptography standard that uses fixed length keys with three passes of the DES algorithm. As a symmetric cryptographic scheme, DES implementations rely on the same secret keys shared between the sender and the recipient. As we’ll see later, Triple DES was developed as a way to prevent man in the middle attacks. Let’s take a look at Triple DES — and we’ll start first with DES.

Introduction To Key Management

Cryptography is used to secure data at rest, stored in servers, and in motion, transmitted over the network. Cryptography involves mathematical operations that convert the original plaintext into an unintelligible ciphertext (encryption) and the reverse process, converting ciphertext to plaintext (decryption). Cryptographic algorithms apply these algorithms in combination of keys, which serve as a secret knowledge to complete the algorithmic operations correctly.

Threat Hunting vs. Threat Detecting: Two Approaches to Finding & Mitigating Threats

Threat hunting and detection are two major prevention strategies in modern cybersecurity systems. Both strategies help identify potential threats to the organizations — though they take different approaches to threat identification. This article explains the difference between threat hunting and detection, so you know what to focus on for your organization’s cybersecurity strategy.

Elliptic Curve Cryptography: An Introduction

The mathematical properties and concepts of elliptic curves are used in asymmetric key exchange cryptography schemes. Common applications include: In this article, we’ll take a deep dive into elliptic curve cryptography. We aim to take a digestible, slightly less academic look that still thoroughly explains this technical topic. For something a little lighter, explore our introduction to cryptography.

Phishing Scams & Attacks: What To Expect in 2023

A form of social engineering, phishing is an online situation where the adversary tricks the victim into sharing sensitive information or installing a malware payload into their systems. Today, phishing is the most prevalent cybersecurity threat in the digital world, with the victim count totaling well over 323,000 unsuspecting Internet users. That’s a 34% increase year over year — and that’s why we’re taking a look at this concerning trend here.

Honeypots Explained: Hitting Hackers Where It Hurts

In the world of cybersecurity, honeypots are a unique mechanism. They exhibit no business value, no production value. In fact, any or all interactions with the honeypot are expectedly anomalous and unauthorized. Honeypots are nothing more than a trap set up to lure cybercriminals into believing that they have accessed legitimate and high value computing resources within your network.

Malware 101: What It Is, Current Trends, Signs You're Infected & Prevention

Malware refers to any modified script in a software system that aims to cause intentional harm to the victim. The term malware is a portmanteau that blends two words: malicious and software. Let’s take a good look at this bad situation. We’ll review how malware works, alarming stats and trends, signs that you’re likely infected and, most importantly, ways to prevent this malice.

Cybercrime as a Service: A Subscription-based Model in The Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, In fact, the ‘as a Service’ offering has made its way into the cybercrime landscape. And cybercrime, for its part, has evolved beyond a nefarious hobby — today it’s a means of earning for cybercriminals.

How Intrusion Detection Systems (IDS) Work: One Part of Your Security Arsenal

All cyberattacks that violate the confidentiality, integrity and availability (CIA) of the network and data demonstrate some form of anomalous behavior. The starting point of this behavior may be an unauthorized intrusion into the network and, then, unauthorized use of the resources contained within the network. If you can identify an unauthorized network intrusion attempt, you can maintain the CIA of your data assets and network resources.

Cryptography 101: Key Principles, Major Types, Use Cases & Algorithms

Cryptography is fundamental to many information security and privacy mechanisms. Today, a variety of cryptographic algorithms are used in many different applications. This article explains cryptography: how it works, key principles or operations of cryptography, types of cryptography, use cases and more! (This article was written by Shanika Wickramasinghe.

Social Engineering Attacks: The 4 Stage Lifecycle & Common Techniques

When it comes to high profile cybercrime incidents, it’s the major tech vulnerabilities and sophisticated state-sponsored threat vectors that make the headlines. In reality, however, most of the cybercrime incidents exploit the human element as the weakest link in the cyberattack kill chain.

Cybersecurity Risk Management: 5 Steps for Assessing Risk

Managing and mitigating cyber risk has never been more challenging for companies. Cyber threats are growing exponentially. Daily, hackers are becoming more sophisticated. Businesses rely more on data to function: experts expect that cybercriminals will steal more than 33 billion records this year alone. With an increasing reliance on third-party vendors and cloud services, IT teams are essentially forced to leverage complex infrastructures with significant vendor risk.

Corporate Espionage: Who Is Watching Your Business...And Why

When it comes to protecting sensitive business information and trade secrets, most business execs believe that sophisticated cybersecurity solutions and a strong mechanism for security governance are enough. The reality is that establishing multiple layers of security defense forms a strong security fortress against external threats — but that’s not where most corporate espionage originates.

Coffee Talk with SURGe: ESXi servers, Royal Mail ransomware, Gamaredon, Password Sharing, Bard AI

Grab a cup of coffee and join Ryan Kovar, Audra Streetman, and special guest David Bianco for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: David and Ryan also competed in a 60 second charity challenge to share their take on Netflix's anticipated crackdown on password sharing. The trio also discussed Google's Bard AI chatbot, which was introduced as a competitor to ChatGPT.

Denial-of-Service Attacks: History, Techniques & Prevention

As its name indicates, Denial of Service (DoS) is any cyberattack that renders the target service inaccessible to legitimate users and information systems. That is, you're trying to access a web page or web service and it's just down, not working. The most common way attackers achieve this is by flooding the host servers and network with excessive traffic, such that the host server crashes or fails to respond in an acceptable duration. The denial-of-service style of attack is a common one.