Top 5 Reasons Why Splunk Is the Ideal Platform for Unified Security and Observability
Splunk embodies the top 5 principles of unified security and observability, and has been an expert in log management, security, and observability for years.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Logging
Devo Exchange - Proxy Bluecoat Activity Activeboard
Your best ally to monitor Proxy Bluecoat activity!
Devo Exchange - Proxy McAfee Monitoring Activeboard
Your best ally to monitor threats!
Data access in Multitenancy
Explore the Multitenancy feature, a capability to centrally provision, monitor, and manage an unlimited number or tenants. In Devo you can configure data access for the different tenants through the use of data access rules.
Defense Department's Multi-Cloud Cloud Strategy: A Role for SIEM
It’s difficult to recall a time over the last ten years when cloud requirements were not at the forefront of the Defense Department’s modernization efforts. Cloud capability reviews and requirements, in some form, extend from the Pentagon’s net-centricy efforts — to the Joint Information Environment, Digital Modernization, and up through to today.
Coffee Talk with SURGe: Twitter Whistleblower, Roasting Oktapus, Montenegro Cyberattack
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news including: Mick and Ryan competed in a 60 second charity challenge to explain why they think password managers are still your best option for password security. The team also discussed data privacy after the FTC announced it is suing a data broker for selling geolocation data. Meanwhile, the FCC is launching an investigation into mobile carriers' geolocation data practices.
Introduction to Splunk Common Information Model
Security and IT analysts need to be able to find threats and issues without having to write complex search queries. The Splunk Common Information Model (CIM) delivers a common lexicon of field names and event types across different vendor data sources making them consistent so that analysts can write clearer queries and get better results with more true positives and fewer false positives.
AppLocker Rules as Defense Evasion: Complete Analysis
Microsoft continues to develop, update and improve features to monitor and prevent the execution of malicious code on the Windows opearting system. One of these features is AppLocker. This feature advances the functionality of software restriction policies and enables administrators to create rules to allow or deny applications from running based on their unique identities (e.g., files) and to specify which users or groups can run those applications.
Announcing: Code-free API log collection and parser creation
AT&T Cybersecurity is pleased to announce a code-free way for our USM Anywhere customers to make their own API-driven log collectors and custom parsers. This big advancement in threat detection and response technology will make it possible for customers to collect information from a much larger variety of sources and SaaS services without having to request new integrations or log parsers.
Introducing the Ransomware Content Browser
Splunk SURGe recently released a whitepaper, blog and video that outline the encryption speeds of 10 different ransomware families. The outcome of this research was that it is unlikely that a defender will be able to do anything once the encryption has started. Ransomware today is also mostly “human-operated” where many systems are sought out and compromised before any encryption activities occur and, once they do, the encryption is just too fast to meaningfully affect the damage done.