Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2023

Using Splunk to Enhance Enterprise Security Capabilities of Google Chrome

The way we work has drastically changed since the start of the pandemic. With more companies adopting remote and hybrid work models, there has been a 600% increase in cybercrime and 65% of organizations have seen a measurable increase in attempted cyberattacks, which is particularly problematic since, according to the 2022 Splunk State of Security report, 78% say remote workers are harder to secure.

Coffee Talk with SURGe: 2023-AUG-01 Ivanti EPMM, SEC Reporting Rules, Black Hat/Defcon

Grab a cup of coffee and join Mick Baccio, Ryan Kovar and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan also shared their top advice for people attending Defcon for the first time next week.

Turning Hunts Into Detections with PEAK

If you’ve been following our series on the PEAK threat hunting framework, you might already know that the purpose of threat hunting isn’t just to find security incidents your automated detection systems missed. Finding incidents is more like a helpful side effect. The real reason to hunt is to drive improvement to your security posture over time.

The 3 Rs of Enterprise Security: Rotate, Repave, Repair

Modern enterprises are fraught with dangers and vulnerabilities that were rare even a decade ago. Cyber threats are becoming more frequent and sophisticated, and even the most secure organizations are falling victim to their attacks. In this landscape, a proactive security stance is crucial. That is where the 3Rs of enterprise security — Rotate, Repave, and Repair — offer your organization a critical advantage.

Coffee Talk with SURGe: the Interview Series featuring Eva Galperin

Join Audra Streetman and special guest Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, for an interview about data privacy, stalkerware, artificial intelligence, and the recent rise in deepfake sextortion schemes. You can follow Eva on Twitter (aka X) @evacide and learn more about her work at EFF.org.

Bot Types 101: Bad Bots, Good Bots and Everything in Between

Bots have become integral to our lives, offering many benefits across various industries. Of all these bots, there are good bots, bots for telling dad jokes and (significantly less cool) bots focused on distributing malware. Understanding the types of bots out there should help you harness the power of good bots while helping you identify bots to avoid. This article will explore all types of bots, empowering you to make informed decisions and reap the rewards while keeping risks at bay.

HSTS Explained: How HTTP Strict Transport Security (HSTS) Works

HTTP Strict Transport Security (HSTS) plays an important role in web security — ensuring secure communication between websites and the web browsers of users. Read on to learn about the importance of HSTS, key features such as HSTS preloading, the threats that HSTS can mitigate, and some of the limitations of the protocol.

Amadey Threat Analysis and Detections

The Amadey Trojan Stealer, an active and prominent malware, first emerged on the cybersecurity landscape in 2018 and has maintained a persistent botnet infrastructure ever since. Several campaigns have used this malware, like the previous Splunk Threat Research blog related to RedLine loader, the multi-stage attack distribution article from McAfee in May 2023 and the campaign where it uses N-day vulnerabilities to deliver Amadey malware noted in March 2023 by DarkTrace.

Eliminate Manual Threat Analysis of Credential Phishing and Malware Threats With Splunk Attack Analyzer

We are extremely excited to introduce a new addition to the Splunk unified security operations experience: Splunk Attack Analyzer (formerly Twinwave), which automates threat analysis of suspected malware and credential phishing threats by identifying and extracting associated forensics to provide accurate and timely detections. SOC analysts continue to struggle to work across many security tools to help them understand and address threats targeting the organization.

Greater Detection Accuracy and Faster Time-to-Value with Splunk IT Service Intelligence 4.17

We’re all juggling more complexity than ever before. Chances are you’re being pulled in multiple directions, working across teams and dealing with more tools than you’d like to. We know you want to keep everything running smoothly and don’t want to focus your time on setting things up, especially when you’re probably dealing with other fires.

Splunk SOAR Playbook of the Month: Threat Hunting with Playbooks

As SOCs continue to grow and mature, it's vital that they establish effective and repeatable programs in proactive defense. This also means that threat hunting needs to become a critical function. Numerous advanced and sophisticated threats are able to get past more traditional cybersecurity defenses and SOCs need skilled Threat Hunters who are able to search, log, monitor, and remediate threats before they create a serious problem.

Data Sovereignty vs Data Residency: Uncovering the Differences

In today's data-driven world, businesses must navigate the complexities of data management while ensuring compliance with an ever-growing array of laws and regulations. Two concepts that often arise in this context are data sovereignty vs data residency. While related, these terms refer to distinct aspects of data management. Understanding their differences is crucial for businesses to make informed decisions on where to store their data and how to remain compliant with data protection regulations.

Detection as Code: How To Embed Threat Detection into Code

Like many concepts at the intersection of software engineering and cybersecurity, threat detection has emerged as a recent candidate to adopt the ‘as-code’ discipline to detection. This is driven by two key factors: Detection as Code is a new paradigm that brings a structured, systematic and flexible methodology for threat detection inspired by the as-code best practice of software engineering, commonly adopted in DevOps and Agile software development frameworks.

Baseline Hunting with the PEAK Framework

Baselines are an essential part of effective cybersecurity. They provide a snapshot of normal activity within your network, which enables you to easily identify abnormal or suspicious behavior. Baseline hunting is a proactive approach to threat detection that involves setting up a baseline of normal activity, monitoring that baseline for deviations, and investigating any suspicious activity.

Threat Actors in 2023: Who They Are & How To Defend Against Bad Actors

Risks are everywhere. Online, in real life. Digital transformation and the rapid integration of cloud-based technologies has been met with an unprecedented increase in cybersecurity risks. In most cases, standard cybersecurity best practices and a strong mechanism for Identity and Access Management will take care of most exploits, vulnerabilities and human errors that lead to a data leak.

Machine Learning in Security: Detect DNS Data Exfiltration Using Deep Learning

Since the Domain Name System (DNS) protocol is foundational for internet functionality, DNS traffic is allowed to move through firewalls without much scrutiny unlike HTTPS, FTP and SMTP. Malicious actors have successfully been able to exploit this advantage to transfer data between networks, which is beyond the original intention of DNS protocol.

Peeping Through Windows (Logs): Using Sysmon & Event Codes for Threat Hunting

If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.

Coffee Talk with SURGe: 2023-JULY-11 Meta's Threads, US/EU Data Sharing, MOVEit Update, iOS Patch

Grab a cup of coffee and join Mick Baccio, Ryan Kovar and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan competed in a 60 second charity challenge benefitting the Malala Fund to share their suggestions for this year's defense policy bill.

UK Telecommunications Security Act 2021: 3 Documents From The Regulators Every Telco Executive Should Read

In 2019, the UK Government (NSCS) conducted The UK Telecoms Supply Chain Review, to assess and address potential risks associated with the supply chain of telecommunications infrastructure in the country. The review highlighted the risks associated with reliance on certain vendors, particularly those with high-risk profiles. It also recommended increased oversight and regulation to mitigate security risks and protect critical national infrastructure.