Surprisingly, many organizations have yet to move beyond the traditional compliance-driven approach to cybersecurity. However, to address today’s risk of a cyber breach — which can lead to an organization’s data being compromised or a disruption to business operations — cybersecurity organizations need to focus on delivering the level of security required to protect corporate assets and align with the strategic goals and objectives of the business.

Okay... and we’re back! Yes, there’s been a bit of a hiatus since you’ve heard from us in Core Security, but that’s not because we haven’t been busy. In fact, we’ve released a number of enhancements for both the security and user administration experiences of Splunk Enterprise. Going forward, we’ll be a bit more visible bringing you details on these enhancements.

Security teams can’t defend what they can’t see. As organizations move more workloads to the cloud, security teams need added visibility into these new workloads or risk having blind spots that lead to compromise. In the first installment of our "Getting Data In" webinar series, "Modernizing your SOC for the Cloud Age Starts with Security Foundations," we demonstrate how to quickly and easily onboard data into Splunk Cloud.

The lines Between IT and OT are blurring. With IT and Operational Technology (OT) systems converging, ensuring the security of devices, applications, physical locations and networks has never been more difficult or more important. There is a growing recognition by security professionals that they have a readiness and visibility problem in plain sight.

One question I get asked frequently is “how can I get deeper insight and audit correlation searches running inside my environment?” The first step in understanding our correlation searches, is creating a baseline of what is expected and identify what is currently enabled and running today. Content Management inside Splunk Enterprise Security is a quick way to filter on what is enabled (and it’s built into the UI and works out of the box).

At Splunk, we’re proud to employ some of the top security analysts in the industry. On any given day, they’re investigating security incidents, triaging alerts and identifying threats so our systems and data — as well as those of our customers — remain secure. But what, exactly, do Splunk security analysts do? And what are some of their biggest challenges?

Amazon Web Services provides its users with the ability to create temporary credentials via the use of AWS Security Token Service (AWS STS). These temporary credentials work pretty much in the same manner like permanent credentials created from AWS IAM Service. There are however two differences.

Security is easy, right? Get yourself a patchwork of security point products meant to solve one or two specific problems, and your organization is safe from threats! Ah, if only it were that simple… In reality, security operations are disjointed and complex. Security visibility and functionality (i.e. threat detection, investigation, containment and response capabilities) are often divided among a multitude of different security products (e.g.

The world is changing at a pace not seen in modern history. Security leaders, including chief information security officers (CISOs), face new security challenges as well as opportunities. As COVID-19 drives workers to look for new ways to live and work, organizations must be proactive. The ‘new normal’ may seem scary at first, but savvy CISOs who see beyond tactical changes to the threat landscape can capitalize on opportunities.

The Slack Audit Logs API is for monitoring the audit events happening in a Slack Enterprise Grid organization to ensure continued compliance, to safeguard against any inappropriate system access, and to allow the user to audit suspicious behavior within the enterprise. This essentially means it is an API to know who did what and when in the Slack Enterprise Grid account. We are excited to announce the Slack Add-on for Splunk, that targets this API as a brand new data source for Splunk.