Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Analysts rely on User and Entity Behavior Analytics (UEBA) tools to track anomalies, investigate incidents, and respond to cybersecurity threats. However, the varying nature of user and entity behaviors across different organizations means that predetermined thresholds often fail to account for unique baselines. Even within the same environment, temporal variations can cause significant differences in monitoring signals.

Credential stuffing is shaping up to be one of the most predominant hacking methods of 2024. In early June, Ticketmaster fell victim to a data breach via credential stuffing, exposing information from 560 million customers. Credential stuffing attacks involve using stolen usernames and passwords to access accounts. In these attacks, threat actors also often use automation to try different combinations of credentials until they find a successful match.

Logging was once just a best practice to help you understand what's happening inside your applications. Now, any security expert worth their salt will tell you that you can’t build a security plan without it. As a result, organizations have turned to specialized logging tools like Log4J to strengthen their application security. This move has proven highly effective, with cyberattack risks on businesses dropping from 44% in 2022 to 34% in 2023.

Security incidents and data breaches are the cybersecurity version of the definition of squares and rectangles in geometry. While all data breaches are security incidents, not all security incidents are data breaches. Before investigating an incident, many security teams know whether the alert will relate to a minor incident or a large-scale breach.

As cybersecurity attack vectors evolve, security logging and monitoring are becoming even more important. Effective logging and monitoring enables organizations to detect and investigate security incidents quickly. Cloud-based attackers are getting more sophisticated, and often rely on stolen credentials to escalate privileges and move laterally within corporate IT networks.

It’s been an exciting year for Splunk Enterprise Security! In May, we celebrated being recognized as a Leader ten times in a row in the 2024 Gartner Magic Quadrant for SIEM. We’re not stopping there. We’re excited to introduce the SIEM of the Future to keep the momentum going. Splunk Enterprise Security 8.0 is available now in a private preview.

As cybersecurity threats become more sophisticated, organizations have to continually find new solutions to resist bad actors. Enter MITRE D3FEND, a framework designed to complement the MITRE ATT&CK framework by focusing on defensive cybersecurity techniques.

CISOs face more cybersecurity challenges today than ever. As technology gets more advanced, so do the bad guys. Cyberattacks are becoming more clever and dangerous. On top of that, there’s no shortage of rules, regulations, and personal risk that CISOs must navigate. We surveyed 200 CISOs to better understand the biggest challenges they face today. Here’s some of what we learned.

The 2020 EU Cybersecurity Strategy, published by the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy, aimed to establish safeguards against security risks arising from increased digital connectivity. As part of the strategy, the strategy included updates to Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2).