Analysts rely on User and Entity Behavior Analytics (UEBA) tools to track anomalies, investigate incidents, and respond to cybersecurity threats. However, the varying nature of user and entity behaviors across different organizations means that predetermined thresholds often fail to account for unique baselines. Even within the same environment, temporal variations can cause significant differences in monitoring signals.

It’s been an exciting year for Splunk Enterprise Security! In May, we celebrated being recognized as a Leader ten times in a row in the 2024 Gartner Magic Quadrant for SIEM. We’re not stopping there. We’re excited to introduce the SIEM of the Future to keep the momentum going. Splunk Enterprise Security 8.0 is available now in a private preview.

As cybersecurity threats become more sophisticated, organizations have to continually find new solutions to resist bad actors. Enter MITRE D3FEND, a framework designed to complement the MITRE ATT&CK framework by focusing on defensive cybersecurity techniques.

Cybersecurity Awareness Month is an annual initiative observed every October, aimed at promoting cybersecurity awareness and encouraging adopting safe online practices among the public. Launched in 2004 by the National Cyber Security Alliance (NCSA) and the U.S.

In an era marked by an increasing volume and sophistication of cyber threats, the efficiency of your SOC operations has become more important than ever. SOCs are flooded by a daily barrage of attacks and alerts, with a significant portion being false positives, leading to alert fatigue and the potential for genuine threats to slip through the cracks.

Alert triage can be a very cumbersome and time consuming process for SOC teams. Our recent State of Security report found that 26% of respondents agree that the volume of alerts they deal with makes it difficult to keep up with addressing emergencies. While tools like virtual sandboxes can help analysts better test and understand the severity of the threats they encounter, the process of testing and documenting results can add further tedium to an already prolonged process.

Splunk has been named a Leader in the 2024 Gartner Magic Quadrant for Security Information and Event Management (SIEM), which is the tenth consecutive time for Splunk in the Leaders Quadrant. We are incredibly honored to receive this recognition and are grateful to our customers and partner community for making this recognition possible.

Splunk’s latest User Behavior Analytics (UBA) product update, version 5.4.0, brings enhancements and new features designed to streamline operations and improve threat detection accuracy. Let’s see what’s new!

Change in the cybersecurity industry is inevitable, and 2024 brings upheaval in the form of geopolitical tensions, rigorous compliance requirements, and of course, the rapid acceleration of generative AI.

In late February 2024, Mandiant identified APT29, a Russian state-sponsored threat group, deploying a new backdoor called WINELOADER to target German political parties. This campaign marks a significant shift in APT29's targeting, as they have traditionally focused on government and diplomatic entities. The expansion to political parties suggests an evolution in the group's intelligence gathering priorities, likely influenced by the current geopolitical climate.