So you want to hunt, eh? Well my young padwa…hold on. As a Splunk Jedi once told me, you have to first go slow to go fast. What do I mean by that? Well, if you rush into threat hunting and start slinging SPL indiscriminately, you risk creating gaps in your investigation. What gaps might those be? As a wise man once said, Know thy network. Actually — in this case — know your network and hosts.

If you have spent any time searching in Splunk, you have likely done at least one search using the stats command. I won’t belabor the point: stats is a crucial capability in the context of threat hunting — it would be a crime to not talk about it in this series. When focusing on data sets of interest, it's very easy to use the stats command to perform calculations on any of the returned field values to derive additional information.

Our cyber adversaries are always staying one step ahead. Threat actors love nothing more than trying out new tactics and techniques to attack targets, achieving their malicious objectives. Today, anyone is susceptible to cyber threats at practically any moment. MITRE ATT&CK is a framework that serves as a guiding light— it helps you assess your existing security measures and enhance device and endpoint security mechanisms against these evolving cyber threats.

Data security is more important than ever. In 2022 alone, over 1,700 organizations worldwide have been affected by compromised data. With organizations relying heavily on technology to store and process sensitive information, the risk of data breaches is constantly rising. This puts data security at the forefront of any organization’s security plan.

The world is becoming more reliant on data through data analytics and AI, where a lack of data quality can cost 74% more time spent on non-value added tasks by employees. This makes proper data governance more crucial than ever. As organizations become data-driven and interact with more data than ever, understanding the ins and outs of data governance is essential for ensuring data quality, security, and regulatory compliance.

Phishing emails are fraudulent or malicious emails that are designed to deceive recipients and trick them into revealing sensitive information, such as login credentials, financial details, or personal data. Phishing email contents usually employ various social engineering techniques that are likely to manipulate recipients, leading to significant damage to personal or corporate information security.

The importance of data security cannot be overstated. Data Loss Prevention (DLP) has emerged as a crucial component in safeguarding sensitive information and ensuring compliance with ever-evolving regulations. In this blog post, we'll share everything to know about DLP, exploring its definition, key components, types of solutions, importance, best practices, tools, and common challenges.

Business environments change every day. That’s why using a risk management framework is a crucial part of any organization. It helps manage different kinds of threats you face day in, day out. Organizations with robust RMFs are better prepared to thrive and adapt in this unpredictable world, ensuring their continued success and resilience. This article introduces risk management frameworks and explains the significance of using one in your organization.

Organizations rely on interconnected systems to store, share and manage information. These ecosystems often incorporate network file shares, which act as repositories of various types of data within an organization. Unfortunately, it is not uncommon for sensitive files to find their way onto these network shares inadvertently with permissions that are too broad or not properly restricted.

With data breaches making the headlines almost daily, it can feel like you’re stuck in a never-ending discussion about how secure data is in the cloud. On one hand, cloud naysayers may be preaching cloud repatriation in response to the high profile cloud compromises of the last few years. On the other hand, being too sure of your data security is a major recipe for trouble — hubris has no place in cybersecurity.