Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2023

Coffee Talk with SURGe: 2023-SEPT-05 Mudge Joins CISA, Qakbot Takedown, Infamous Chisel Malware

Grab a cup of coffee and join Mick Baccio, Ryan Kovar and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan competed in a 60 second charity challenge to share their favorite hack of all time before a deep dive on extortionware vs. ransomware.

Unifying Security and Observability to Strengthen Digital Resilience

In today's always-on, ever-connected world, keeping digital systems secure and reliable is not just a goal, but a business imperative — it is now a boardroom-level conversation. With the increasing complexity of digital systems and ever-growing event volume, organizations face a constant battle to protect their systems, data, and reputation from a myriad of threats. Simultaneously, they need to optimize system performance, identify bottlenecks, and enhance the overall user experience.

The Cybersecurity Analytics Ultimate Guide

Security analytics is a proactive approach to cybersecurity that uses data collection, aggregation and analysis capabilities to perform vital security functions — including detecting, analyzing and mitigating cyberthreats. Security analytics tools such as threat detection and security monitoring are deployed to identify and investigate security incidents or potential threats such as external malware, targeted attacks and malicious insiders.

The Exploit Prediction Scoring System (EPSS) Explained

Cybersecurity is complex — anticipating cybersecurity events is another challenge altogether. We could argue that most events can be described by some probabilistic phenomenon, but attempting to define that phenomenon is where things get tricky. IT environment exposure presents real risks, but mathematically (or statistically), we can only aim to describe the likelihood of a cyberattack by accounting for a finite set of factors.

Splunk Security Use Cases

A top challenge faced by security practitioners is double-edged: you’re trying to keep up with new and increasing cyberattacks — all while investigating and remediating existing threats. As we know all too well, time is of the essence when you’re investigating threats and determining the scope and root-cause of a potential breach. On top of that pressure, you’re likely short on resources and experienced personnel, limiting your ability to conduct thorough investigations.

Key Threat Hunting Deliverables with PEAK

When most people think of threat hunting, they think of uncovering unknown threats. Would you believe me if I told you that is only ONE of many (better) reasons to show value with threat hunting? The PEAK Threat Hunting Framework incorporates three distinct hunt types: hypothesis-driven, baseline and model-assisted threat hunts. Each hunt type follows a three-stage process: Prepare, Execute, and Act.

Unified Strategies Across IT and Security for Cutting-Edge Detection, Investigation and Response

Digital transformation is happening. Organizations around the globe have realized that if they do not rapidly digitize their business operations and processes, they will be left behind — unable to compete, grow, and thrive. As such, organizations are developing and deploying new applications and services to fuel this evolution.

Quantum-Safe Cryptography & Standards: QSC, PQC, QKD & More!

What is “quantum”, really? The emperor's new (quantum) clothes: cutting through the quantum hype It’s hard to move in security circles today without hearing someone pontificating about “quantum”. Maybe you keep hearing how all cryptography and security of the internet will be devastated by a quantum computer.

Detecting Lateral Movement Using Splunk User Behavior Analytics

One of the most challenging aspects of running an effective Security Operations Center is how to account for the high volume of notable events that ultimately do not present a risk to the business. Some examples of non-risky notable events include a user forgetting their password and submitting it erroneously multiple times in a row, or a user accessing a system (for a completely valid reason) at an odd hour outside of their normal behavior.

Application Security Requirements: Trends and Best Practices

Ensuring application security is not just about protecting data. It’s about safeguarding your company's reputation, keeping customer trust, and adhering to increasingly stringent regulatory requirements. Read on as we delve into application security requirements: the pressing security threats impacting applications, the critical security requirements your application needs to meet, and the best practices to adopt to achieve robust application security.

Integrated Intelligence Enrichment With Threat Intelligence Management

SOC analysts are overwhelmed with alerts and manual repetitive tasks that negatively impact their ability to conduct and prioritize investigations of critical events. They don’t have the time, or bandwidth, to sift through data feeds or sources to identify and synthesize intelligence related to an incident.

Using Splunk Stream for Hunting: Finding Islands in the Stream (of Data)

Today, we are going to look at using the Splunk Stream App to hunt for threats across your network. Sing along with us! 🎼 “Islands in the stream” of our data… (Part of our Threat Hunting with Splunk series, this article was originally written by John Stoner. We’ve updated it recently to maximize your value.)

Splunk SOAR Playbook of the Month: Investigations with Playbooks

It comes as no surprise that analysts spend a lot of their time investigating and responding to a continuous flood of incidents on a daily basis. While the sheer volume of alerts alone make for a time consuming endeavor, trying to manually tackle so many of these alerts results in slow incident response and can trap your team into a series of reactive security operations.

What Is Financial Crime Risk Management (FCRM)?

Financial crime risk management (FCRM) is the practice of proactively looking for financial crime, including investigating and analyzing suspicious activity, rooting out vulnerabilities and taking steps to lower an organization’s risk of becoming a victim. For organizations in every industry across the globe, an effective FCRM strategy has never been more important.

Coffee Talk with SURGe: The Interview Series featuring Jake Williams

Join Audra Streetman and special guest Jake Williams (@MalwareJake) for a discussion about hiring in cybersecurity, interview advice, the challenges associated with vulnerability prioritization, Microsoft's Storm-0558 report, and Jake's take on the future of AI and LLMs in cybersecurity.

What's ABAC? How Attribute Based Access Control Works

Multi-cloud environments are getting plenty of buzz in recent years. It’s no wonder, really, that increased flexibility, risk mitigation, performance optimization and compliance adherence associated with the practice have drawn in new muli-cloud evangelists across the industry. For all the great benefits multi-cloud offers, it does present one significant challenge: how do you ensure a single point of control while establishing consistent security policies for all users?

Cryptographically Relevant Quantum Computers (CRQCs) & The Quantum Threat in 2023

What is the quantum threat, and is it real? The boy who cried (quantum) wolf: being honest about the threat and what it means for you A cryptographically-relevant quantum computer (CRQC) is a quantum computer that can run algorithms to crack or weaken existing (so-called “classical”) cryptography. Today, I’ll explain when — or if — this CRQC is likely to exist, what the real threat is, and how it might affect your data and assets.

IoT Monitoring: Protecting & Maintaining IoT Devices in 2023

The state of cybersecurity is in constant flux — meaning we must constantly iterate and revisit our systems to protect ourselves. With security logging and monitoring failures moving up to number 9 of the OWASP Top 10, organizations everywhere are revisiting their stance on network and application monitoring. This is great for getting a pulse check on security posture and is certainly key in any good strategy, but we might be forgetting something — IoT devices.

Open Cybersecurity Schema Framework (OCSF) Takes Flight with v1.0 Schema Release

It is not very often that we see cybersecurity vendors put aside competitive differences and ambitions to work towards a common goal that benefits the entire cybersecurity community. The Open Cybersecurity Schema Framework (OCSF) has shown to be an example of a productive industry-wide collaboration to facilitate a more secure environment for businesses, governments and individuals all over the globe.

Coffee Talk with SURGe: 2023-AUG-08 Black Hat, Defcon, Tenable CEO, Zoom TOS, Acoustic Attacks

Join Ryan Kovar, Shannon Davis, and Audra Streetman for a special edition of Coffee Talk, live from Black Hat in Las Vegas! The team of Splunk security experts will recap some of the latest security news, including: Ryan and Audra also competed in a charity challenge about the risk of being hacked while at a hacking conference.

Using the Lookup Command for Threat Hunting (Lookup Before You Go-Go)

A wise person once said that you should use the lookup command before you go threat hunting. Or, as I hear it in my head, “Look it up before you go-go…hunting”, a la WHAM!:   In this must-read tutorial for hunting in Splunk, we’re looking at the lookup command, including what it does and how and where to use it for threat hunting. Let’s get started! (This article is part of our Threat Hunting with Splunk series. We’ve updated it recently to maximize your value.)

What Is Vulnerability Scanning? Types, Tools and Best Practices

Vulnerability scanning is the process of identifying security weaknesses and flaws in systems and software running on them. It's part of a vulnerability management program that protects organizations from data breaches. IT departments or third-party security service providers scan for vulnerabilities using vulnerability scanning tools. Doing so helps predict how effective countermeasures are in case of a threat or attack.