In today's rapidly evolving cybersecurity landscape and complex compliance mandates, traditional Security Operations Centres (SOCs) are being transformed by the integration of artificial intelligence (AI) and machine learning (ML). At Splunk, we are no strangers to these technologies.

In 2016, a house in Middle, Ohio, went up in flames. The owner of the home, Ross Compton, claimed he was asleep when the fire broke out, waking just in time to hastily pack a suitcase, smash his bedroom window, and make an escape. However, the very technology keeping Compton alive unraveled his alibi and led to his arrest. Compton had a pacemaker, and the police, suspicious of his account, secured a warrant to access its data.

As outlined in a previous post, OpenTelemetry and Splunk Observability Cloud can provide great visibility when security teams investigate activity in modern environments. In this post, we look at another aspect of this visibility: how you can use traces to see directly into the workings of an application to find a potential threat. Let’s imagine we’re the security analyst, and a message comes across from the Security Operations Center (SOC).

The Splunk team is excited to announce the release of the latest addition to our security product portfolio, Splunk Asset and Risk Intelligence (ARI). The modern digital landscape is a complex mix of devices, users, and a wide array of products and applications, all spread across on-prem, cloud, and hybrid environments.

On the day that Splunk officially became part of Cisco, our leadership outlined key ways we’d come together to support customers to achieve business-critical outcomes, noting: In the short time since then, we’ve already made significant strides, demonstrated by our announcements of: As we continue to build on this momentum, we’re excited to announce the availability of Cisco Talos Incident Response services to Splunk customers.

As a small kid, I remember watching flying monkeys, talking lions, and houses landing on evil witches in the film The Wizard of Oz and thinking how amazing it was. Once the curtain pulled back, exposing the wizard as a smart but ordinary person, I felt slightly let down. The recent explosion of AI, and more specifically, large language models (LLMs), feels similar. On the surface, they look like magic, but behind the curtain, LLMs are just complex systems created by humans.

Companies spend a huge amount of their budget trying to build, manage, and protect cloud environments. Since there is no industry standard for sharing data feeds between development and security, each team is on an island trying to figure out how to keep their side of the room clean. The most robust security incident response teams understand the incredible value of using observability telemetry for security workflows, but are unsure how to make it happen in practice.

Organizations are constantly on the lookout for more efficient, streamlined solutions to bolster their security posture.

On July 19, 2024, CrowdStrike, a global cybersecurity company, experienced a significant outage caused by a faulty software update. This incident impacted millions of Windows machines across multiple industries, including transportation, defense, manufacturing, and finance. CrowdStrike has released an official statement and is posting updates on their blog. Microsoft has also published a blog with remediations, which we encourage you to review.