Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

UEBA Superpowers: Simplify Incident Investigations to Increase SOC Efficiency

In an era marked by an increasing volume and sophistication of cyber threats, the efficiency of your SOC operations has become more important than ever. SOCs are flooded by a daily barrage of attacks and alerts, with a significant portion being false positives, leading to alert fatigue and the potential for genuine threats to slip through the cracks.

Splunk SOAR Playbook of the Month: Splunk Attack Analyzer Dynamic Analysis

Alert triage can be a very cumbersome and time consuming process for SOC teams. Our recent State of Security report found that 26% of respondents agree that the volume of alerts they deal with makes it difficult to keep up with addressing emergencies. While tools like virtual sandboxes can help analysts better test and understand the severity of the threats they encounter, the process of testing and documenting results can add further tedium to an already prolonged process.

Splunk Named a Leader in the Gartner Magic Quadrant for SIEM

Splunk has been named a Leader in the 2024 Gartner Magic Quadrant for Security Information and Event Management (SIEM), which is the tenth consecutive time for Splunk in the Leaders Quadrant. We are incredibly honored to receive this recognition and are grateful to our customers and partner community for making this recognition possible.

Splunk User Behavior Analytics (UBA) 5.4 Delivers FIPS Compliance and Advanced Anomaly Detection

Splunk’s latest User Behavior Analytics (UBA) product update, version 5.4.0, brings enhancements and new features designed to streamline operations and improve threat detection accuracy. Let’s see what’s new!

From Water to Wine: An Analysis of WINELOADER

In late February 2024, Mandiant identified APT29, a Russian state-sponsored threat group, deploying a new backdoor called WINELOADER to target German political parties. This campaign marks a significant shift in APT29's targeting, as they have traditionally focused on government and diplomatic entities. The expansion to political parties suggests an evolution in the group's intelligence gathering priorities, likely influenced by the current geopolitical climate.

Splunk SOAR Playbook of the Month: Cisco Umbrella DNS Denylisting

Given the recent exciting news of Splunk becoming part of Cisco, for this edition of Splunk SOAR Playbook of the Month, we thought what better way to showcase how the combination of Cisco and Splunk can help users achieve more comprehensive security than through a playbook that combines the power of Cisco Umbrella and Splunk SOAR.