The pandemic highlighted the fragility of the global supply chain ecosystem. Now every company is striving to ensure they will never be crippled by unforeseen supply chain issues. Mentions of “supply chain” in US SEC-filed annual reports more than doubled from 2019 to 2021 to nearly 5,000 as chief supply chain officers were reluctantly escorted into boardroom discussions to explain the business risk to their company.

The Center for Internet Security (CIS) defines CIS Critical Security Controls as: “A prioritized set of Safeguards to mitigate the most prevalent cyberattacks against systems and networks.” Essentially, CIS Controls are a framework of actions that organizations can take to improve their overall security posture. These controls are organized into categories and updated frequently to address emerging threats and technologies. In this article, we’ll look deeper into all 18 controls.

Even with the best strategies in place, cyber professionals understand that it’s only a matter of when, not if, a cyberattack will happen. Hence, a risk management and incident response plan is necessary for an organization’s cybersecurity posture. While such plans won’t wipe out the financial and reputational aftermath of a cyberattack — a cyber insurance policy can help your organization recover from such attacks.

Imagine a scenario where a competitor gains access to your organization's most sensitive data, causing severe financial loss and irreparable damage to your reputation. This nightmare can become a reality through data exfiltration. Data exfiltration is a real threat to organizations, as it involves the unauthorized transfer of sensitive information, the effects of which can lead to operational disruption, financial losses and damage to reputation.

At Splunk, you may hear us pontificating on our ponies about how awesome and easy it is to use Splunk to hunt for threats. Why, all you need to do is use X and Y with Splunk to find a Z score (no zombies were injured) and BOOM! That baddie in your network is detected. Going back to at least a decade, we’ve tried to make it easy — as you’ll see in the resources below — and yet threat hunting is about as easy as telling someone how easy it is to draw an owl.

In an ideal world, organizations should have round-the-clock protection for their corner of cyberspace, and prompt response to cyber-attacks. For this to happen, you’llneed top talent, equipped with sophisticated tools and knowledge of up-to-date security practices. But this is hardly the case for most organizations, meaning most are left vulnerable and seeking security solutions from third parties offering MDR services.

From 2010 to 2020, the amount of data being generated, stored and shared grew by nearly 5000%. During the COVID-19 pandemic, data breaches also spiked in the US. Makes sense, then, that protecting this valuable asset has become a top priority for businesses. Enter data scanning — a powerful process that helps organizations identify and safeguard sensitive data. In this blog post, we will delve into the concept of data scanning, its importance and the key benefits it brings to the table.

APIs play a significant role in seamlessly integrating applications and services. However, APIs with security vulnerabilities could open doors to cyber attackers and compromise sensitive and confidential data and systems. Therefore, it is imperative to incorporate API security testing into the API development process as early as possible.

On June 13, 2023, the United States Cybersecurity and Infrastructure Security Agency (CISA) released Binding Operational Directive 23-02 titled Mitigating the Risk from Internet-Exposed Management Interfaces. This BOD is aimed at reducing the risk posed by having the ability to configure or control federal agency’s networks from the public internet. If you are curious about this threat, you should review MITRE ATT&CK’s T1133- External Remote Services.

Artificial Intelligence (AI) is a technology that is both exciting and worrisome. It reminds us of events from the past where computer systems were attacked, causing concern for their vulnerability. In 1997, a Department of Defense exercise called Eligible Receiver showed that defense systems could be hacked, which led to the creation of the Joint Task Force for Computer Network Operations.

Granting users with authorization to access sensitive business information means that you rely on them to adopt cybersecurity best practices. This trust is violated when a disgruntled employee acts maliciously and leaks sensitive information. What’s more concerning — the same violation is also possible when users unwittingly fall prey to social engineering attacks, zero-day exploits or vulnerabilities that remain unpatched in your IT networks.

When pursuing success in business or other endeavors, two key concepts play a crucial role: process and practice. While some argue that process and practice are interchangeable, in reality, they're vastly different. But how do we use process and practice to become more efficient and successful? Is one of them more crucial than the other? Can you do one without the other? To answer these questions, we’ll dive deeper into process and practice and how to apply both.

Today, cybersecurity is a non-negotiable for business success. Original research from our annual State of Security confirms this is no easy task – which is why we are proud that the solutions we deliver help make organizations digitally resilient. Splunk Cloud, Splunk Enterprise and Splunk Enterprise Security are our most well-known and popular solutions, which we’ll share more about below.

Over the past few years, cyberattacks have escalated to unprecedented heights: Organizations and users need help understanding and navigating these changing risks to fight against the rising tide of cybercrimes. Thankfully, that is exactly what The OWASP Foundation aims to do.

In this article, I’m looking at the key differences between endpoint detection and response (EDR) and the related extended and managed options, XDR and MDR. Here’s the short version: Now let’s dig in to get a bit more context on this cybersecurity fundamental.

In 2022, there were 1802 recorded security breaches, impacting a massive 422 million people—a 41% rise from the prior year. In response to the rapid increase in security breaches, organizations must prioritize strengthening their protection against cyber threats. With hackers becoming increasingly skilled, businesses should understand various security breach types — and real-world examples — to avoid risks.

Organizations can often struggle to bridge the gap between offensive and defensive security strategies. The lack of collaboration and communication between red and blue teams can hinder their ability to effectively identify and mitigate security risks. To solve this disconnect, organizations are opting to utilize a combined approach in cybersecurity strategy — a system colloquially known as “purple teaming”.

Vendors have long used bills of materials to detail the pieces that make up their supply chain products. Software bill of materials (SBOM) is a similar but traditionally less critical development in IT. However, that is quickly changing: companies are concerned about the security of their purchases, especially as applications become more expensive and sophisticated.

Oh no! You’ve been hacked, and you have experts onsite to identify the terrible things done to your organization. It doesn’t take long before the beardy dude or cyber lady says, “Yeah...they used DNS to control compromised hosts and then exfiltrated your data.” As you reflect on this event, you think, “Did I even have a chance against that kind of attack?” Yes, you did because Splunk can be used to detect and respond to DNS exfiltration.

Authentication and authorization are two key processes that ensure only trustworthy and verified users can gain access to authorized system resources and data. They enable your organization’s information security — your ability to protect sensitive information against unauthorized access. Although these two processes are used interchangeably, they have several fundamental differences.

At one time, the internet was seen as a place where users could remain anonymous: they could scroll from the privacy of their screen. Today, we know that’s no longer the case. In an attempt to sell more products, and create a personalized digital experience, tech firms, companies and advertisers track and analyze each user across the digital landscape. Privacy is still important to users: 90% of individuals in a recent global survey said online privacy was important to them.

Enterprise software applications are sophisticated, incorporating various technologies and featuring complex integrations with third-party software applications and systems. Any security vulnerability in software components can bring severe consequences to the organization. That’s why it is critical to effectively manage application vulnerabilities. This article explores application vulnerability management, discussing its importance and best practices.

Patch management is the centralized control and automation of the patch deployment process — deploying patches — to multiple devices, operating systems, firmware, software and hardware endpoints in the IT network. But vulnerabilities are increasing at unseen rates. Over 65,000 new vulnerabilities in existing IT systems were discovered in 2022, which is a 21% increase from 2021. And that makes patch management all the more important.

Lately I’ve been confronted more and more with the notion of holding two opposing ideas at the same time, while being able to accept that they can both be true. This cognitive dissonance surfaced again for me when I was asked to participate in a DeVry University roundtable discussion focused on innovative ways to bridge the talent gap. Spending a virtual lifetime in education, I’m of two minds when it comes to talent and skills.

Attackers use remote code execution as a way to gain unauthorized access, perform data breaches, disrupt services and deploy malware. Here’s how you can prevent your organization from RCE attacks: Let’s dive deep into remote code execution and, importantly, its prevention techniques.

PaperCut NG is a popular print management software that has 100 million users at over 70,000 organizations around the world. Recent discoveries have unveiled critical vulnerabilities in this widely-used software, specifically the CVE-2023-27350 authentication bypass vulnerability. This vulnerability, if exploited, allows an attacker to execute arbitrary code with elevated privileges on a target system.

RedLine Stealer is a malware strain designed to steal sensitive information from compromised systems. It is typically distributed through phishing emails, social engineering tactics, and malicious URL links.