There's so much that can be accomplished with Splunk’s security tools. Today, we are going to focus on all the benefits of the InfoSec App for Splunk. The InfoSec app — which is an entitlement to Splunk customers — is powered by the Splunk platform, and relies on accelerated data models and the Common Information Model (CIM) to provide a consistent and normalized view into the event data that you’ll bring into Splunk.

The Splunk Threat Research Team (STRT) analyzed and developed Splunk analytics for this RAT to help defenders identify signs of compromise within their networks. Remote Access Trojans (RATs) are one of the most common tools used by threat actors as a malicious payload to attack targeted hosts and steal information. One example is the Dark Crystal RAT (DCRat) that is capable of remote access, post exploitation and data exfiltration.

One of the most important parts of a solid security program involves testing to see where your weaknesses lie. Continual improvement cannot be achieved without continual review. However, many people confuse the importance of vulnerability scanning with penetration testing. As a means of protecting an enterprise, one can never take precedence over, or replace the other. Both are equally important, and in some cases, they are suggested, if not outright directed by many standards and regulations.

When companies drive a wedge between their workforce and their security culture, not only do they reduce best practices, but they also increase stress and jeopardise secure behaviours. We need to stop blaming employees for cybersecurity breaches and look at the real reasons that data is compromised. Furthermore, as long as there are humans at work, there will be human error at work. It is natural, and never 100% avoidable!

If you’re responsible for security, then you know how useful it is to have clearly-defined security policies that are simple to implement, scale, and verify. Product and AppSec teams know that great security policies empower teams to work autonomously so that work moves forward as it should. However, validating that your security policies are actually implemented is difficult.

Not everything on your attack surface is a vulnerability. Every organization has their own internal security policies that align with the risk tolerance of their business context. While industries like SaaS are often deploying several daily releases to production from multiple geographies, other industries might not tolerate this level of risk due to internal or external factors like complex regulatory requirements.

Here at Netskope we are celebrating our 10th anniversary this month, but while our story over that decade is very cool, any blog about it will be of limited interest outside of our own employee base. I wanted to add a different lens to our internal observations and so I started to refresh my memory with research into exactly what went on over those years while we were beavering away to build the best SASE platform in the world.

Rest-client is one of the most popular RubyGems, with a simple DSL that allows sending HTTP requests. Lightweight, versatile, developed by famous Rubyists…with all these attributes, this gem is a very shiny and attractive target for malicious actors. All they need is a good method of attack. An attempt made today tried to leverage typosquatting by adding malicious code to rest_client, but it didn’t quite ace the assignment.