Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2023

SecOps In Seconds: Prioritizing Incidents for Investigation in Splunk Mission Control

This short video takes you through the basics of using Mission Control's Incident Review feature to prioritize your incident investigations. Product Manager Matt Sayar will show you the ropes and help you navigate this feature so you can better understand how to deploy it yourself.

The Devil's in the Data

The pandemic highlighted the fragility of the global supply chain ecosystem. Now every company is striving to ensure they will never be crippled by unforeseen supply chain issues. Mentions of “supply chain” in US SEC-filed annual reports more than doubled from 2019 to 2021 to nearly 5,000 as chief supply chain officers were reluctantly escorted into boardroom discussions to explain the business risk to their company.

CIS Critical Security Controls 101: Everything to Know About the 18 Controls

The Center for Internet Security (CIS) defines CIS Critical Security Controls as: “A prioritized set of Safeguards to mitigate the most prevalent cyberattacks against systems and networks.” Essentially, CIS Controls are a framework of actions that organizations can take to improve their overall security posture. These controls are organized into categories and updated frequently to address emerging threats and technologies. In this article, we’ll look deeper into all 18 controls.

Cyber Insurance Today: What's Covered (What Isn't), Insurance Types & Benefits of Opting In

Even with the best strategies in place, cyber professionals understand that it’s only a matter of when, not if, a cyberattack will happen. Hence, a risk management and incident response plan is necessary for an organization’s cybersecurity posture. While such plans won’t wipe out the financial and reputational aftermath of a cyberattack — a cyber insurance policy can help your organization recover from such attacks.

Data Exfiltration: Prevention, Risks & Best Practices

Imagine a scenario where a competitor gains access to your organization's most sensitive data, causing severe financial loss and irreparable damage to your reputation. This nightmare can become a reality through data exfiltration. Data exfiltration is a real threat to organizations, as it involves the unauthorized transfer of sensitive information, the effects of which can lead to operational disruption, financial losses and damage to reputation.

Threat Hunting with Splunk: Hands-on Tutorials for the Active Hunter

At Splunk, you may hear us pontificating on our ponies about how awesome and easy it is to use Splunk to hunt for threats. Why, all you need to do is use X and Y with Splunk to find a Z score (no zombies were injured) and BOOM! That baddie in your network is detected. Going back to at least a decade, we’ve tried to make it easy — as you’ll see in the resources below — and yet threat hunting is about as easy as telling someone how easy it is to draw an owl.

MDR in 2023: Managed Detection & Response Solutions Today

In an ideal world, organizations should have round-the-clock protection for their corner of cyberspace, and prompt response to cyber-attacks. For this to happen, you’llneed top talent, equipped with sophisticated tools and knowledge of up-to-date security practices. But this is hardly the case for most organizations, meaning most are left vulnerable and seeking security solutions from third parties offering MDR services.

Data Scanning Explained: What Scanning Data Can Do For You

From 2010 to 2020, the amount of data being generated, stored and shared grew by nearly 5000%. During the COVID-19 pandemic, data breaches also spiked in the US. Makes sense, then, that protecting this valuable asset has become a top priority for businesses. Enter data scanning — a powerful process that helps organizations identify and safeguard sensitive data. In this blog post, we will delve into the concept of data scanning, its importance and the key benefits it brings to the table.

API Security Testing: Importance, Methods, and Top Tools for Testing APIs

APIs play a significant role in seamlessly integrating applications and services. However, APIs with security vulnerabilities could open doors to cyber attackers and compromise sensitive and confidential data and systems. Therefore, it is imperative to incorporate API security testing into the API development process as early as possible.

The Lessons Learned in Cybersecurity 25 Years Ago Are Still Applicable to AI Today

Artificial Intelligence (AI) is a technology that is both exciting and worrisome. It reminds us of events from the past where computer systems were attacked, causing concern for their vulnerability. In 1997, a Department of Defense exercise called Eligible Receiver showed that defense systems could be hacked, which led to the creation of the Joint Task Force for Computer Network Operations.

Identifying BOD 23-02 Network Management Interfaces with Splunk

On June 13, 2023, the United States Cybersecurity and Infrastructure Security Agency (CISA) released Binding Operational Directive 23-02 titled Mitigating the Risk from Internet-Exposed Management Interfaces. This BOD is aimed at reducing the risk posed by having the ability to configure or control federal agency’s networks from the public internet. If you are curious about this threat, you should review MITRE ATT&CK’s T1133- External Remote Services.

The Principle of Least Privilege Explained (with Best Practices)

Granting users with authorization to access sensitive business information means that you rely on them to adopt cybersecurity best practices. This trust is violated when a disgruntled employee acts maliciously and leaks sensitive information. What’s more concerning — the same violation is also possible when users unwittingly fall prey to social engineering attacks, zero-day exploits or vulnerabilities that remain unpatched in your IT networks.

Understanding Process and Practice: What Sets Them Apart?

When pursuing success in business or other endeavors, two key concepts play a crucial role: process and practice. While some argue that process and practice are interchangeable, in reality, they're vastly different. But how do we use process and practice to become more efficient and successful? Is one of them more crucial than the other? Can you do one without the other? To answer these questions, we’ll dive deeper into process and practice and how to apply both.

Splunk Products Reviews in 2023: Splunk Enterprise, Splunk Cloud & Splunk Enterprise Security

Today, cybersecurity is a non-negotiable for business success. Original research from our annual State of Security confirms this is no easy task – which is why we are proud that the solutions we deliver help make organizations digitally resilient. Splunk Cloud, Splunk Enterprise and Splunk Enterprise Security are our most well-known and popular solutions, which we’ll share more about below.

EDR, XDR & MDR in 2023: Which Detection & Response System Is Best?

In this article, I’m looking at the key differences between endpoint detection and response (EDR) and the related extended and managed options, XDR and MDR. Here’s the short version: Now let’s dig in to get a bit more context on this cybersecurity fundamental.

Top 10 Security Breach Types in 2023 (with Real-World Examples)

In 2022, there were 1802 recorded security breaches, impacting a massive 422 million people—a 41% rise from the prior year. In response to the rapid increase in security breaches, organizations must prioritize strengthening their protection against cyber threats. With hackers becoming increasingly skilled, businesses should understand various security breach types — and real-world examples — to avoid risks.

The Purple Team: Combining Red & Blue Teaming for Cybersecurity

Organizations can often struggle to bridge the gap between offensive and defensive security strategies. The lack of collaboration and communication between red and blue teams can hinder their ability to effectively identify and mitigate security risks. To solve this disconnect, organizations are opting to utilize a combined approach in cybersecurity strategy — a system colloquially known as “purple teaming”.

What Are SBOMs? Software Bill of Materials for Secure Software Supply Chains

Vendors have long used bills of materials to detail the pieces that make up their supply chain products. Software bill of materials (SBOM) is a similar but traditionally less critical development in IT. However, that is quickly changing: companies are concerned about the security of their purchases, especially as applications become more expensive and sophisticated.

How Digital Fingerprinting Tracks, Identifies & Affects Us

At one time, the internet was seen as a place where users could remain anonymous: they could scroll from the privacy of their screen. Today, we know that’s no longer the case. In an attempt to sell more products, and create a personalized digital experience, tech firms, companies and advertisers track and analyze each user across the digital landscape. Privacy is still important to users: 90% of individuals in a recent global survey said online privacy was important to them.

Detecting DNS Exfiltration with Splunk: Hunting Your DNS Dragons

Oh no! You’ve been hacked, and you have experts onsite to identify the terrible things done to your organization. It doesn’t take long before the beardy dude or cyber lady says, “Yeah...they used DNS to control compromised hosts and then exfiltrated your data.” As you reflect on this event, you think, “Did I even have a chance against that kind of attack?” Yes, you did because Splunk can be used to detect and respond to DNS exfiltration.

Authentication vs. Authorization

Authentication and authorization are two key processes that ensure only trustworthy and verified users can gain access to authorized system resources and data. They enable your organization’s information security — your ability to protect sensitive information against unauthorized access. Although these two processes are used interchangeably, they have several fundamental differences.

Getting Started with SOAR in Mission Control

This video will take a new or existing user of Splunk Mission Control through the process of implementing SOAR playbooks within Mission Control. Splunk Product Manager Kavita Varadarajan will walk you through the necessary steps and configuration to deploy a SOAR playbook at a basic level. Learn how to fully leverage the full power of orchestration and automation to unify your security operations with Splunk Mission Control.

Application Vulnerability Management: The Complete Guide

Enterprise software applications are sophisticated, incorporating various technologies and featuring complex integrations with third-party software applications and systems. Any security vulnerability in software components can bring severe consequences to the organization. That’s why it is critical to effectively manage application vulnerabilities. This article explores application vulnerability management, discussing its importance and best practices.

Patch Management Explained: Challenges, Best Practices & Steps

Patch management is the centralized control and automation of the patch deployment process — deploying patches — to multiple devices, operating systems, firmware, software and hardware endpoints in the IT network. But vulnerabilities are increasing at unseen rates. Over 65,000 new vulnerabilities in existing IT systems were discovered in 2022, which is a 21% increase from 2021. And that makes patch management all the more important.

Coffee Talk with SURGe: the Interview Series featuring Scott Roberts

Join Mick Baccio and special guest Scott Roberts, head of threat research at Interpres Security for an interview about Scott's career journey, how he's seen cybersecurity evolve over time, and his essay featured in the SURGe team's new book, Bluenomicon: The Network Defender’s Compendium.

A Vision for the Future of Cyber

Lately I’ve been confronted more and more with the notion of holding two opposing ideas at the same time, while being able to accept that they can both be true. This cognitive dissonance surfaced again for me when I was asked to participate in a DeVry University roundtable discussion focused on innovative ways to bridge the talent gap. Spending a virtual lifetime in education, I’m of two minds when it comes to talent and skills.

Don't Get a PaperCut: Analyzing CVE-2023-27350

PaperCut NG is a popular print management software that has 100 million users at over 70,000 organizations around the world. Recent discoveries have unveiled critical vulnerabilities in this widely-used software, specifically the CVE-2023-27350 authentication bypass vulnerability. This vulnerability, if exploited, allows an attacker to execute arbitrary code with elevated privileges on a target system.