Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities

NjRAT (also known as Bladabindi) malware is a Remote Access Trojan (RAT) that was first discovered in 2012. This malware strain has persisted in the threat landscape up to the present day, most recently earning notoriety for its active campaigns against agencies and organizations located in the Middle East and North Africa. Upon successful infiltration into a target host or system, NjRAT can allow the attacker to remotely access and exercise control over the compromised system.

Coffee Talk with SURGe: 2023-10-31 SEC SolarWinds Complaint, Biden's Executive Order on AI

Grab a cup of coffee and join Mick Baccio, Ryan Kovar, and Audra Streetman for a spooky Halloween edition of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan also competed in a charity challenge benefitting World Central Kitchen to share the lessons learned from Cybersecurity Awareness Month.

SOARing High for M-21-31

As most folks who work in the US Federal Civilian space are aware, we are now past the August 2023 date to meet Enterprise Logging Level 3 (EL3) in support of the M-21-31 OMB Mandate. As part of the Advanced Requirements in EL3, Logging Orchestration, Automation, & Response enters Finalizing Implementation, meaning agencies should be completing and rolling out automated incident response playbooks.

Splunk SOAR Playbooks - Dynamic Identifier Reputation Analysis (Part 2)

The Dynamic Identifier Reputation Analysis playbook is an essential tool for any security operations center (SOC) team looking for a comprehensive view of their environment’s threat landscape. By leveraging MITRE DEFEND's approach for dynamic identifier reputation analysis, SOC teams can quickly identify potential threats and vulnerabilities and take proactive steps towards mitigating risk before it causes damage.

User and Entity Behavior Analytics (UEBA) For Enterprise Security

Ever thought about what to do to prevent deadly insider attacks? Even with the implementation of intrusion prevention systems and antivirus software, these threats persist. And their cost has risen by 44% over the past two years. In 2023, insiders have been responsible for the unauthorized leakage of almost 1 billion records. Amid this adversity, user and entity behavior analytics (UEBA) has emerged as a modern enterprise security solution.

Malware Detection & Top Techniques Today

Every day, an average of 450,000 new malware are designed to wreak havoc on businesses, governments, and average citizens. Aside from the financial implications of malware, the reputational damage for companies and the psychological impact on victims (especially with ransomware) are enough to scare anyone at the thought of dealing with a malware attack. But it’s not all bad news! There is a way of protecting your devices and cyberspace with a proactive method.

Zero Trust & Zero Trust Network Architecture (ZTNA)

Zero trust is a philosophy and practice all about securing data across your entire network. Zero trust means trust no one — authenticate everyone. Adopting this philosophy means your organization assumes that every single user, device and service that attempts to connect to its network is hostile until proven otherwise.

ISMS: Information Security Management Systems Explained

One of the best ways to mitigate security incident risk is to have a system. Devising and enforcing policies that you can address systematically is key. After all, it is inadequacies in technologies, people and processes that increase your risk. Examples of these inadequacies include: To address these shortcomings, organizations can establish a systematic framework plus policies for information security. Together, this is called the Information Security Management System (ISMS).

ISACs: Information Sharing & Analysis Centers

The digital landscape has long been a sort of Wild West: each organization contends for itself and fights alone against a growing onslaught of cybercrime. Some enterprises build impressive security infrastructures. Many more organizations struggle to maintain vital security measures as cybercriminals’ tactics evolve. Today, the cybersecurity industry wants to usher in a more advanced era, one where organizations collaborate to improve resilience and mitigate risks.

What's XDR? Extended Detection & Response, Explained

Extended detection and response (XDR) is a technology approach that aims to provide holistic protection of endpoints. XDR technology is able to: In this in-depth article, let’s look at how XDR solutions work and what they help with. We’ll also look at limitations inherent in XDR and how they compare to other security tools, like SIEM and SOAR.

DDoS Attacks in 2024: Distributed DoS Explained

Picture this: A crowd of people suddenly, without warning, enter a tiny shop, with room for only a handful of customers. All these extra people make it impossible for customers to get in or get out. Those extra people do not intend to shop — instead they want to disrupt the regular business operations. All this traffic jam-packs the shop, preventing it from carrying out normal business operations.

What's SIEM? Security Information & Event Management Explained

Effectively detecting, investigating and responding to security threats is not easy. SIEM can help — a lot. SIEM is cybersecurity technology that provides a single, streamlined view of your data, insight into security activities, and operational capabilities so you can stay ahead of cyber threats.

Introducing Splunk Add-On for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer

Following our announcement of Splunk Attack Analyzer in July 2023, we are excited to announce the launch of the Splunk Add-on for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer. These offerings help us bolster our unified security operations experience by bringing threat analysis results from Splunk Attack Analyzer into the Splunk platform. The challenges with hiring top talent to staff a modern Security Operations Center (SOC) are ubiquitous.

Cybersecurity: An Introduction & Beginner's Guide

Cybersecurity means protecting computer and network systems against intrusion, theft or damage, and is the main line of defense against a vast number of digital adversaries. Most organizations rely on different cybersecurity frameworks to defend themselves from attacks. These frameworks define best practices — including security auditing, security policy development, key cybersecurity tools and methods for monitoring security conditions over time.

Splunk Named #1 SIEM Provider in the 2022 IDC Market Share for SIEM for 3rd Time in a Row

Splunk has been named #1 SIEM Provider in the Worldwide Security Information and Event Management Market Shares, 2022: The Multitude of SIEMs (doc #US51012523, July 2023). The continued recognition from IDC as a SIEM market Leader is a testament to our commitment to delivering a data-centric, modern solution that delivers data-driven insights for full-breadth visibility for our users.

Driving the vSOC with Splunk

In 2022, a German security researcher disclosed that he had gained remote control of over 25 electric vehicles. In doing so, he was able to access numerous onboard features of these vehicles such as querying the vehicle location, disabling security features, unlocking doors, and starting the engine. The security flaw that allowed this break was not with the vehicle’s system itself, but presented by an open source companion application.

Detection Engineering Explained

Safeguarding an organization’s virtual realms has never been more important. Today, connectivity and data are the new currency. Yet, as technology advances, so do the malicious actors and their methods, constantly devising more unique and covert ways to breach defenses. Herein lies the role of detection engineering. Acting as the digital watchtower for organizations, detection engineering responds to known threats and continuously scans the horizon for the slightest hint of a potential breach.

What's IAM? Identity & Access Management Explained

Identity and Access Management (IAM) is the name for any framework of technology, policies and processes that authenticate and authorize a user in order for that user to access and consume an organization’s resources. Managing user identities and granting appropriate user access helps protect your assets. These assets can include digital access to sensitive information, intellectual property, data and application workloads, network access or perimeter access to the physical data center location.

How to Install and Configure Infosec Multicloud

The Infosec App for Splunk is your starter security pack. It's designed to address the most common security use cases, including continuous monitoring and security investigations. The new Infosec Multicloud App for Splunk is designed by our field team to help customers that have a cloud environment. In addition to views of security posture across cloud providers, the app includes a billing dashboard for a high level overview of costs spread across your various cloud providers.

Intrusion Prevention Systems (IPS) Explained

An Intrusion Prevention System (IPS) is a technology that can automatically detect and control security attacks, both known and unknown. The focus of this system is threat prevention — though a related technology, IDS, works to better detect threats. Let’s take look at how IPS prevents intrusions and the most common ways IPS can work.

Splunk Wins Awards for SIEM, SOAR and More

Splunk is proud to announce we’ve been granted four 2023 PeerSpot Tech Leader Awards! This honor is extended to just the top three solutions in four categories on the PeerSpot Buying Intelligence Platform. We’re particularly thrilled to be recognized by real users of Splunk Enterprise Security and Splunk SOAR that can speak to their features, functionality, and the business value they drive for their organizations.

Regulatory Compliance 101: What You Need To Know

To operate legally and ethically, every company, no matter the size or type of organization, must be aware of the laws, regulations, and industry standards that govern them. Though many businesses may view regulatory compliance as a burden, it does not have to be this way. The benefits of following these rules greatly outweigh the consequences. Organizations can ensure the safety and well-being of their employees, customers, and the general public by following these regulations.

Today's Top Cybersecurity Threats & the Impacts to Your Business

With the escalating frequency and complexity of cyberattacks, businesses are constantly under threat. Security operations have become an indispensable aspect of organizational survival and success. Cyberattacks and data breaches regularly make headlines as malicious actors continue to adapt and develop new tactics.