|
By Coty Sugg
Organizations are constantly on the lookout for more efficient, streamlined solutions to bolster their security posture.
On July 19, 2024, CrowdStrike, a global cybersecurity company, experienced a significant outage caused by a faulty software update. This incident impacted millions of Windows machines across multiple industries, including transportation, defense, manufacturing, and finance. CrowdStrike has released an official statement and is posting updates on their blog. Microsoft has also published a blog with remediations, which we encourage you to review.
|
By Ronald Beiboer
Over the last five to ten years cybersecurity has become a boardroom subject in the majority of enterprises. This would have never happened without ransomware. Ransomware has been the best board-level awareness tool ever.
|
By Michael Haag
Today, the Splunk Threat Research Team is thrilled to introduce ShellSweepPlus, an advancement in our ongoing mission to combat the persistent threat of web shells. Building upon the solid foundation of its predecessor ShellSweep, ShellSweepPlus is an enhanced version that takes web shell detection to new heights, incorporating cutting-edge techniques and a multifaceted approach to safeguard your web environments.
OpenSSH, an application installed by default on nearly every Unix-like and Linux system, has recently come under scrutiny due to a critical vulnerability discovered by Qualys. Designated as CVE-2024-6387 and aptly named "regreSSHion," this flaw exposes Linux environments to remote unauthenticated code execution. The implications of this vulnerability are far-reaching, potentially affecting countless servers and infrastructure components across the globe.
|
By Olivia Henderson
In addition to Splunk’s recognition as a 10-time Leader in the 2024 Gartner Magic Quadrant for Security Information and Event Management (SIEM), we are extremely proud to announce that Splunk was ranked as the #1 SIEM solution in all three Use Cases in the 2024 Gartner Critical Capabilities for Security Information and Event Management report.
LNK (shortcut) files are a common starting point for many phishing campaigns. Threat actors abuse the unique properties of LNK files to deceive users and evade detection and prevention countermeasures, making them potent tools for compromising systems and networks. In this blog, we'll provide an in-depth analysis of recent LNK phishing campaigns, examining the tactics, techniques, and procedures (TTPs) employed by threat actors.
|
By Xiao Lin
Analysts rely on User and Entity Behavior Analytics (UEBA) tools to track anomalies, investigate incidents, and respond to cybersecurity threats. However, the varying nature of user and entity behaviors across different organizations means that predetermined thresholds often fail to account for unique baselines. Even within the same environment, temporal variations can cause significant differences in monitoring signals.
|
By Olivia Henderson
It’s been an exciting year for Splunk Enterprise Security! In May, we celebrated being recognized as a Leader ten times in a row in the 2024 Gartner Magic Quadrant for SIEM. We’re not stopping there. We’re excited to introduce the SIEM of the Future to keep the momentum going. Splunk Enterprise Security 8.0 is available now in a private preview.
|
By Abby Curtis
As cybersecurity threats become more sophisticated, organizations have to continually find new solutions to resist bad actors. Enter MITRE D3FEND, a framework designed to complement the MITRE ATT&CK framework by focusing on defensive cybersecurity techniques.
|
By Splunk
Unlock the secrets to success in the cloud era. Hear from Splunk's Tom Stoner and The Futurum Group's Daniel Newman as they delve into the pivotal roles of security, consideration and adaptability in shaping organizations' journey to the cloud.
|
By Splunk
Splunk UBA uses machine learning to detect evolving threats beyond rule-based approaches in SOC operations, tackling overwhelming event volumes.
|
By Splunk
The Cisco Umbrella DNS Denylisting playbook is an input playbook that accepts a domain or list of domains as an input and then allows you to block the given domain(s) in Cisco Umbrella.
|
By Splunk
SOC analysts are overwhelmed sifting through a sea of notable events. They are unable to prioritize events and act fast. With Auto Refresh in the Incident Review interface, users will not have to re-run the Incident Response search or refresh the page. Furthermore, an interactive timeline for notable events within the Incident Response interface enables the SOC to quickly prioritize critical incidents.
|
By Splunk
With the enhanced risk analysis dashboard in Splunk Enterprise Security, security analysts can now monitor user entity risk events from detections across risk-based alerting and behavioral analytics, which provides a deeper, and more holistic, layer of visibility across all detection events.
|
By Splunk
A SOC analyst's day-to-day tasks involve investigating notable events to gather information about security incidents. Recent enhancements within the Incident Review and Risk Analysis dashboards in Splunk Enterprise Security allows analysts to streamline their investigation process and reduce the number of manual tasks they perform daily. Multiple drill-down searches on correlation rules, updates to "dispositions" in the Incident Review dashboard, and hyperlinks in Correlation Search “Next Steps” allow for faster, more efficient investigations.
|
By Splunk
A traditional endpoint security solution (EDR/XDR) isn't cutting it anymore today. Learn more about how our market-leading SIEM solution can help organisations detect what endpoint solutions miss and other critical benefits to tackle the challenges of today's threat landscape.
|
By Splunk
Learn how Splunk Attack Analyzer automates threat analysis for credential phishing and malware threats.
|
By Splunk
In this program, we hear from industry leaders focused on how to transform their teams and organizations while facing these challenges and how they address the gap in technically skilled employees while trying to foster this transformation. Speakers: Ed Hubbard, Director, Site Reliability and Monitoring - Travelport Mitch Ashley, CTO, Techstrong Group Principal - Techstrong Research James Brodsky, Group Vice President, Global Security Strategists - Splunk.
|
By Splunk
Join Ryan Kovar and special guest Kirsty Paine, Field CTO and Strategic Advisor at Splunk, for a conversation about her work on technical standards and emerging technologies, including artificial intelligence, IoT, and quantum computing.
|
By Splunk
The hype around artificial intelligence (AI) and machine learning (ML) has exploded, sometimes overshadowing the real uses and innovations happening everyday at organizations across the globe. The reality is that applying AI and ML to data-dependent challenges presents opportunity for better security, faster innovation and overall improved efficiency.
|
By Splunk
Do you have a plan for cybersecurity? Digital technology is touching every aspect of our lives, which is giving bad actors unlimited runway to create new threats daily. It's this atmosphere that makes it imperative that organizations are prepared, informed and actively hunting for adversaries.
|
By Splunk
Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 45 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.
|
By Splunk
How can you utilize machine data to be prepared for the General Data Protection Regulation of the European Union?
|
By Splunk
A security information event management (SIEM) solution is like a radar system that pilots and air traffic controllers use. Without one, enterprise IT is flying blind. Although security appliances and system software are good at catching and logging isolated attacks and anomalous behavior, today's most serious threats are distributed, acting in concert across multiple systems and using advanced evasion techniques to avoid detection.
|
By Splunk
Security incidents can happen without warning and they often go undetected for long periods of time. Organizations struggle to identify incidents because they often work in silos or because the amount of alerts is overwhelming and hard to determine the signals among the noise.
|
By Splunk
All data is security relevant and defending against threats involves every department in a company. With cyberthreats and bad actors constantly evolving, it is imperative for everyone in an organization to come together to identify and protect critical data.
|
By Splunk
Recent cyberattacks have made it clear that organizations of all sizes need to focus on a holistic and cohesive security strategy. Security operations centers (SOCs) have become a focal point in this effort, consolidating the right people, processes and technology to mitigate and remediate attacks.
|
By Splunk
Current IT security tools and mindsets are no longer adequate to meet the scope and complexity of today's threats. Internet security has evolved over the last ten years but advanced persistent threats and the sophistication of the malware have fundamentally changed the way security teams must think about these new threats and the tools used for detective controls.
- July 2024 (5)
- June 2024 (5)
- May 2024 (7)
- April 2024 (7)
- March 2024 (11)
- February 2024 (13)
- January 2024 (21)
- December 2023 (21)
- November 2023 (11)
- October 2023 (27)
- September 2023 (24)
- August 2023 (25)
- July 2023 (22)
- June 2023 (37)
- May 2023 (32)
- April 2023 (32)
- March 2023 (36)
- February 2023 (20)
- January 2023 (21)
- December 2022 (9)
- November 2022 (19)
- October 2022 (12)
- September 2022 (9)
- August 2022 (14)
- July 2022 (8)
- June 2022 (7)
- May 2022 (13)
- April 2022 (11)
- March 2022 (7)
- February 2022 (2)
- January 2022 (9)
- December 2021 (14)
- November 2021 (23)
- October 2021 (12)
- September 2021 (16)
- August 2021 (14)
- July 2021 (20)
- June 2021 (17)
- May 2021 (6)
- April 2021 (10)
- March 2021 (15)
- February 2021 (10)
- January 2021 (5)
- December 2020 (4)
- November 2020 (9)
- October 2020 (6)
- September 2020 (6)
- August 2020 (7)
- July 2020 (10)
- June 2020 (3)
- May 2020 (9)
- April 2020 (13)
- March 2020 (5)
- February 2020 (6)
- January 2020 (5)
- December 2019 (1)
- October 2019 (1)
- May 2019 (1)
- October 2018 (1)
- June 2018 (2)
- May 2018 (1)
- April 2018 (2)
- March 2018 (1)
- February 2018 (1)
- January 2018 (1)
Splunk produces software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.
Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can give you the answers you need to solve your toughest IT, security and business challenges—with the option to deploy on-premises, in the cloud or via a hybrid approach.
Work the Way Your Data Works:
- Real-Time: Splunk gives you the real-time answers you need to meet customer expectations and business goals.
- Machine Data: Use Splunk to connect your machine data and gain insights into opportunities and risks for your business.
- Scale: Splunk scales to meet modern data needs — embrace the complexity, get the answers.
- AI and Machine Learning: Leverage artificial intelligence (AI) powered by machine learning for actionable and predictive insights.
Any Question. Any Data. One Splunk.