Splunk Phantom is a security orchestration, automation and response (SOAR) technology that lets customers automate repetitive security tasks, accelerate alert triage, and improve SOC efficiency. Case management features are also built into Phantom, including “workbooks,” that allow you to codify your security standard operating procedures into reusable templates.
Surprisingly, many organizations have yet to move beyond the traditional compliance-driven approach to cybersecurity. However, to address today’s risk of a cyber breach — which can lead to an organization’s data being compromised or a disruption to business operations — cybersecurity organizations need to focus on delivering the level of security required to protect corporate assets and align with the strategic goals and objectives of the business.
Okay... and we’re back! Yes, there’s been a bit of a hiatus since you’ve heard from us in Core Security, but that’s not because we haven’t been busy. In fact, we’ve released a number of enhancements for both the security and user administration experiences of Splunk Enterprise. Going forward, we’ll be a bit more visible bringing you details on these enhancements.
Security teams can’t defend what they can’t see. As organizations move more workloads to the cloud, security teams need added visibility into these new workloads or risk having blind spots that lead to compromise. In the first installment of our "Getting Data In" webinar series, "Modernizing your SOC for the Cloud Age Starts with Security Foundations," we demonstrate how to quickly and easily onboard data into Splunk Cloud.
The lines Between IT and OT are blurring. With IT and Operational Technology (OT) systems converging, ensuring the security of devices, applications, physical locations and networks has never been more difficult or more important. There is a growing recognition by security professionals that they have a readiness and visibility problem in plain sight.
One question I get asked frequently is “how can I get deeper insight and audit correlation searches running inside my environment?” The first step in understanding our correlation searches, is creating a baseline of what is expected and identify what is currently enabled and running today. Content Management inside Splunk Enterprise Security is a quick way to filter on what is enabled (and it’s built into the UI and works out of the box).
At Splunk, we’re proud to employ some of the top security analysts in the industry. On any given day, they’re investigating security incidents, triaging alerts and identifying threats so our systems and data — as well as those of our customers — remain secure. But what, exactly, do Splunk security analysts do? And what are some of their biggest challenges?
Amazon Web Services provides its users with the ability to create temporary credentials via the use of AWS Security Token Service (AWS STS). These temporary credentials work pretty much in the same manner like permanent credentials created from AWS IAM Service. There are however two differences.
