Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Artificial Intelligence (AI) has the potential to transform our industry. At Splunk, we see it as a catalyst for driving digital resilience — a way to accelerate human decision making in service of incident detection, investigation and response.

Hi there, As organizations strive to enhance the cyber resilience of their operations, the scope of SOC teams is expanding beyond traditional enterprise IT.

As SOCs continue to grow and mature, it's vital that they establish effective and repeatable programs in proactive defense. This also means that threat hunting needs to become a critical function. Numerous advanced and sophisticated threats are able to get past more traditional cybersecurity defenses and SOCs need skilled Threat Hunters who are able to search, log, monitor, and remediate threats before they create a serious problem.

In today's data-driven world, businesses must navigate the complexities of data management while ensuring compliance with an ever-growing array of laws and regulations. Two concepts that often arise in this context are data sovereignty vs data residency. While related, these terms refer to distinct aspects of data management. Understanding their differences is crucial for businesses to make informed decisions on where to store their data and how to remain compliant with data protection regulations.

Like many concepts at the intersection of software engineering and cybersecurity, threat detection has emerged as a recent candidate to adopt the ‘as-code’ discipline to detection. This is driven by two key factors: Detection as Code is a new paradigm that brings a structured, systematic and flexible methodology for threat detection inspired by the as-code best practice of software engineering, commonly adopted in DevOps and Agile software development frameworks.

Baselines are an essential part of effective cybersecurity. They provide a snapshot of normal activity within your network, which enables you to easily identify abnormal or suspicious behavior. Baseline hunting is a proactive approach to threat detection that involves setting up a baseline of normal activity, monitoring that baseline for deviations, and investigating any suspicious activity.

Risks are everywhere. Online, in real life. Digital transformation and the rapid integration of cloud-based technologies has been met with an unprecedented increase in cybersecurity risks. In most cases, standard cybersecurity best practices and a strong mechanism for Identity and Access Management will take care of most exploits, vulnerabilities and human errors that lead to a data leak.

Since the Domain Name System (DNS) protocol is foundational for internet functionality, DNS traffic is allowed to move through firewalls without much scrutiny unlike HTTPS, FTP and SMTP. Malicious actors have successfully been able to exploit this advantage to transfer data between networks, which is beyond the original intention of DNS protocol.

If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.