Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

Using eval to Calculate, Appraise, Classify, Estimate & Threat Hunt

I hope you're all enjoying this series on Hunting with Splunk as much as we enjoy bringing it to you. This article discusses a foundational capability within Splunk — the eval command. If I had to pick a couple of Splunk commands that I would want to be stuck on a desert island with, the eval command is up there right next to stats and sort. (Part of our Threat Hunting with Splunk series, this article was originally written by John Stoner. We’ve updated it recently to maximize your value.)

Multi-Stage Attacks & How To Detect Them

Cybercriminals and threat actors use multiple vectors to infiltrate your IT network. They employ a series of coordinated steps as they… Impactful cyberattacks today are no longer executed as a simple virus with self-mutation capabilities, especially when many organizations rely on AI-enabled threat detection capabilities. They’re a lot more sophisticated.

Risk Tolerance vs. Risk Appetite Explained

In organizational risk management, Risk Tolerance and Risk Appetite are two fundamental concepts. These concepts are applied in areas such as business investing, decision making, cybersecurity risk management, and overall finance. While these concepts complement each other, they do have different meanings. A simple distinction is this: And there’s a bit more to it.

Using RegEx for Threat Hunting (It's Not Gibberish, We Promise!)

Known as RegEx (or gibberish for the uninitiated), Regular Expressions is a compact language that allows security analysts to define a pattern in text. When working with ASCII data and trying to find something buried in a log, regex is invaluable. But writing regular expressions can be hard. There are lots of resources to assist you: “But stop,” you say, “Splunk uses fields! Why should I spend time learning Regular Expressions?”

Coffee Talk with SURGe: 2023-NOV-14 ICBC Ransomware, Sandworm Cuts Power in Ukraine, Volt Typhoon

Grab a cup of coffee and join Mick Baccio, Ryan Kovar, and Audra Streetman for another edition of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan will also compete in a charity challenge to explain what constitutes an influence operation, and why network defenders should care.

Enhance Security Resilience Through Splunk User Behavior Analytics VPN Models

The COVID-19 pandemic has spurred a significant increase in the adoption of remote access, resulting in a substantial portion of the workforce transitioning to remote work. This requires employees to heavily rely on their employer’s virtual private network (VPN) to connect to their company's IT systems. This shift to working from home (WFH) is expected to continue well into the foreseeable future.

Insider Threats in Cybersecurity

When you think about security, it's usually from external factors. We lock the doors to our homes and businesses, when we go to the gym our belongings are kept safe in locked lockers from theft, and our computers and phones have security measures in place to keep people out. Our focus is on external threats but the biggest danger can come from within — insider threats. Consider the classic thriller When a Stranger Calls.

European Security is More Than Regulation: Splunk's 2023 CISO Report

The role of today’s Chief Information Security Officers (CISOs) is complex and rapidly changing. 86% say that the role has changed so much since they became a CISO that it’s almost a different job. They are emerging as strategists and leaders who have a louder voice in the boardroom.