Splunk introduced Federated Search in July 2021 to much fanfare. We won’t go into too much detail about how it works because there is already a great writeup in a previous blog along with Splunk Federated Search documentation.

The fourth annual Devo SOC Performance ReportTM shows that issues facing organizations since the start of the global pandemic in early 2020 continue to affect SOC performance, including challenges in hiring and retaining SOC talent. Based on the independent survey of more than 1,000 global cybersecurity professionals commissioned by Devo and conducted in the Summer of 2022, the report examines current SOC trends and challenges. The good news?

It will not come as a surprise to you that fraud and financial crime is continuing to challenge organizational business and cyber resiliency plans. Odds are you have dealt with fraud firsthand, or know someone experiencing the pains caused by fraud. Back in 2020 we shared some thoughts about how we believe leveraging a data platform like Splunk can help you gain more anti-fraud value and insights from your data and showed how you can determine what your data is worth.

One of the most important features Teleport has to offer is that it centralizes all of your infrastructure’s audit logging into one central place, mapping every query, every command and every session to an individual user's identity. As you hire more engineers and resources scale, it can become increasingly difficult to manage all of this log data. Luckily Teleport’s extensibility makes this log data extremely easy to format, export and monitor all in a secure, event-driven way.

Protecting data is more mission-critical to businesses than ever before. Nearly every business process is tied to data, meaning that security teams need to streamline their monitoring, detection, and investigation processes. Centralized log management gives security teams the resources they need when they need them. Understanding how to use your log management solution for security monitoring can help you successfully mitigate risk and reduce cost.

A new adversary simulation tool is steadily growing in the ranks of popularity among red teamers and most recently adversaries. Brute Ratel states on its website that it "is the most advanced Red Team & Adversary Simulation Software in the current C2 Market." Many of these products are marketed to assist blue teams in validating detection, prevention, and gaps of coverage.

On Sept. 29th 2022, cybersecurity organization GTSC publicized a report outlining attacks they have seen in the wild targeting as-yet unpatched vulnerabilities in Microsoft Exchange. When successfully exploited this combination of vulnerabilities results in an authenticated Remote Code Execution (RCE) attack. Until a patch has been issued, Microsoft has posted a security bulletin detailing a workaround.