Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

Snort Rules 101: Examples & Use Cases for Snort Network Defense

Imagine you're responsible for the security of a bustling network, constantly under threat from bad actors looking to exploit any vulnerability. How do you keep up? Enter Snort, a powerful open-source tool that acts as your network’s watchdog, scanning for potential threats and alerting you when something seems off. In this guide, we'll break down how Snort works, focusing on the critical rules that make this tool effective at protecting your network.

Information vs. Operational Technology: IT vs. OT Explained

Since the rise of the Internet, organizations and individuals have increasingly sought ways to keep their information secure and private. IT has witnessed a changing cyber threat landscape, and businesses have relied more and more on the Internet and data to function. However, the attack landscape widened in the 2010s. With widespread computer worms like Stuxnet in 2010, cybercriminals have gained critical access to organizations through operational technology.

Splunk Named a Leader in the 2024 IDC MarketScape for SIEM for Enterprise

The 2024 recognition momentum for Splunk continues! Splunk is ranked #1 for the fourth year in a row in the IDC Worldwide Security Information and Event Management Market Shares, 2023: The Leaders in SIEM City (doc # US52525024, September 2024) report. Splunk has also been named a Leader in the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment (doc #US49029922, September 2024).

Handala's Wiper: Threat Analysis and Detections

On July 19, 2024, CrowdStrike released configuration updates for its Windows sensor, aiming to enhance security and performance. Unfortunately, this update inadvertently led to widespread downtime, manifesting as Blue Screen of Death (BSOD) on millions of machines worldwide. The BSOD, a critical system error screen, halts all operations, rendering affected systems inoperable until resolved.

Splunk SOAR Has Attained FedRAMP Moderate Authorization

Splunk is proud to announce that Splunk SOAR has received Federal Risk and Authorization Management Program (FedRAMP) Agency Authorization at the Moderate impact level. Splunk SOAR is ready to help public sector teams work smarter by automating repetitive tasks, responding to security incidents in seconds, and increasing analyst productivity and accuracy to better protect their organizations and the missions they serve.

The Final Shell: Introducing ShellSweepX

Over the last year, we have continued to witness web shells breaching organizations worldwide, affecting both edge devices and on-premise web applications. Web shells consistently evade standard controls, posing a persistent threat. Today, the Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.

The New & Improved Splunk Guide to Risk-Based Alerting

Howdy folks, it’s your friendly neighborhood transformational detection engineering evangelist Haylee Mills here. Maybe you’ve already been introduced to risk-based alerting, or maybe you’ve seen one of my many talks on the subject: Even if you haven’t, I’m super excited to share a brand new version of my step-by-step guide to success with the risk-based alerting framework!

Strengthening Australia's Government Data and Digital Services with Splunk Digital Resilience

As the Splunk Industry Advisor to the Australian public sector, I work closely with government organisations and their leaders to understand their goals, objectives and the challenges they face in achieving digital resilience. This blog shares perspectives on how Splunk works with the Australian government to provide a unique approach to solve some of the public sector's toughest challenges.

Common Ransomware Attack Types

When it comes to cybersecurity, ransomware is probably one of the first threats you think of. It seems like it’s everywhere — and it is. Ransomware is one of the most notorious cyber threats affecting individuals, businesses, and organizations globally. The frequency and impact of these attacks have surged in recent years, making it crucial to understand their nature and how to protect against them.