Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2023

SIEM vs. SOAR in 2024: What's The Difference?

The threat landscape today is complex and constantly changing. Organizations require robust cybersecurity solutions to protect their networks and systems. SIEM and SOAR are two technologies that are pivotal in strengthening security operations. In this article, I’ll look at both technologies, SIEM and SOAR, to help you understand the importance of strengthening your organization’s SecOps.

Coffee Talk with SURGe: 2023-OCT-03 WS_FTP RCE, Exim Scope, ChatGPT, Cybersecurity Awareness Month

Grab a cup of coffee and join Mick Baccio, Ryan Kovar and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan competed in a 60 second charity challenge to share the pros and cons of Cybersecurity Awareness Month.

See More, Act Faster, and Simplify Investigations with Customizable Workflows from Splunk Enterprise Security 7.2

In our latest release of Splunk Enterprise Security 7.2, we are excited to introduce capabilities that deliver an improved workflow experience for simplified investigations; enhanced visibility and reduced manual workload; and customized investigation workflows for faster decision-making. The majority of these updates and new features were requested directly from Splunk Enterprise Security (ES) users and submitted through the Splunk Ideas portal.

Coffee Talk with SURGe: The Interview Series featuring Sherrod DeGrippo

Join Ryan Kovar and special guest Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft, for a discussion about crimeware, threat actor naming conventions, and Sherrod's essay in a new book by SURGe titled, "Bluenomicon: The Network Defender's Compendium.".

Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023

Based on the popularity of last year's Macro-level ATT&CK Trending, we’ve updated the dataset for another year’s worth of insights. This data summarizes the frequency of MITRE ATT&CK technique observations across thousands of cyber incidents over the past four years. In this post, we’ll look at the contents of the updated dataset, using Splunk to pull out trends based on this ultra large-scale attacker landscape!

Addition of Syslog in Splunk Edge Processor Supercharges Security Operations with Palo Alto Firewall Log Reduction

Now generally available, Splunk Edge Processor supports syslog-based ingestion protocols, making it well-equipped to wrangle complex and superfluous data. Users can deploy Edge Processor as an end-to-end solution for handling syslog feeds such as PAN logs, including the functionality to act as a syslog receiver, process and transform logs and route the data to supported destination(s).

Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT

Ave Maria RAT (remote access trojan), also known as “Warzone RAT,” is a malware that gains unauthorized access or remote control over a victim’s or targeted computer system. This RAT operates stealthily and grants attackers access to various functionalities within the compromised system. Its malicious activity includes data theft, privilege escalation, remote desktop control, email credential collections, browser credential parsing and more.

The Quantum Threat: Options for Migrating to Quantum Safe Cryptography

What are my quantum options? And what has Goldilocks’ porridge got to do with it? You’ve heard that eventually you’ll need to migrate to quantum-safe cryptography. Perhaps you’re raring to go. And yet, here I am, ready to tell you one thing: don’t do anything yet. Your options really depend on your quantum problem, but if you’re looking to migrate your cryptography today, you’re moving way too soon.

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

OMB M-21-31: Your Complete Guide

Imagine that you work in IT and security for a federal entity. How do you manage your event data across different systems and networks? When something goes wrong, how do you detect, investigate and remediate these security incidents? That’s what the Office of Management and Budget (OMB) addresses in M-21-31: a memorandum that provides guidance for federal agencies to increase their visibility and response capabilities before, during and after a cybersecurity incident.

Using metadata & tstats for Threat Hunting

So you want to hunt, eh? Well my young padwa…hold on. As a Splunk Jedi once told me, you have to first go slow to go fast. What do I mean by that? Well, if you rush into threat hunting and start slinging SPL indiscriminately, you risk creating gaps in your investigation. What gaps might those be? As a wise man once said, Know thy network. Actually — in this case — know your network and hosts.

Using stats, eventstats & streamstats for Threat Hunting...Stat!

If you have spent any time searching in Splunk, you have likely done at least one search using the stats command. I won’t belabor the point: stats is a crucial capability in the context of threat hunting — it would be a crime to not talk about it in this series. When focusing on data sets of interest, it's very easy to use the stats command to perform calculations on any of the returned field values to derive additional information.

MITRE ATT&CK: Your Complete Guide To The ATT&CK Framework

Our cyber adversaries are always staying one step ahead. Threat actors love nothing more than trying out new tactics and techniques to attack targets, achieving their malicious objectives. Today, anyone is susceptible to cyber threats at practically any moment. MITRE ATT&CK is a framework that serves as a guiding light— it helps you assess your existing security measures and enhance device and endpoint security mechanisms against these evolving cyber threats.

Coffee Talk with SURGe: The Interview Series featuring Derrick Lawson

Join Ryan Kovar and special guest Derrick Lawson, Staff Sales Engineer at Splunk, for a discussion about M-21-31, a US memorandum establishing an event logging maturity model for federal government agencies. They’ll discuss strategies and tools that can help agencies with compliance.

Data Security Today: Threats, Techniques & Solutions

Data security is more important than ever. In 2022 alone, over 1,700 organizations worldwide have been affected by compromised data. With organizations relying heavily on technology to store and process sensitive information, the risk of data breaches is constantly rising. This puts data security at the forefront of any organization’s security plan.

Data Governance in 2023:Definition & Best Practices

The world is becoming more reliant on data through data analytics and AI, where a lack of data quality can cost 74% more time spent on non-value added tasks by employees. This makes proper data governance more crucial than ever. As organizations become data-driven and interact with more data than ever, understanding the ins and outs of data governance is essential for ensuring data quality, security, and regulatory compliance.

Deep learning in security: text-based phishing email detection with BERT model

Phishing emails are fraudulent or malicious emails that are designed to deceive recipients and trick them into revealing sensitive information, such as login credentials, financial details, or personal data. Phishing email contents usually employ various social engineering techniques that are likely to manipulate recipients, leading to significant damage to personal or corporate information security.

Data Loss Prevention (DLP): Definition, Components & Types

The importance of data security cannot be overstated. Data Loss Prevention (DLP) has emerged as a crucial component in safeguarding sensitive information and ensuring compliance with ever-evolving regulations. In this blog post, we'll share everything to know about DLP, exploring its definition, key components, types of solutions, importance, best practices, tools, and common challenges.

Coffee Talk with SURGe: The Interview Series featuring Jamie Williams

Join Ryan Kovar and special guest Jamie Williams, MITRE ATT&CK for Enterprise Lead and Principal Adversary Emulation Engineer, for a discussion about MITRE ATT&CK use cases and Jamie's essay in a new book by SURGe titled, "Bluenomicon: The Network Defender's Compendium.".

Today's Top Risk Management Frameworks

Business environments change every day. That’s why using a risk management framework is a crucial part of any organization. It helps manage different kinds of threats you face day in, day out. Organizations with robust RMFs are better prepared to thrive and adapt in this unpredictable world, ensuring their continued success and resilience. This article introduces risk management frameworks and explains the significance of using one in your organization.

Sharing is Not Caring: Hunting for Network Share Discovery

Organizations rely on interconnected systems to store, share and manage information. These ecosystems often incorporate network file shares, which act as repositories of various types of data within an organization. Unfortunately, it is not uncommon for sensitive files to find their way onto these network shares inadvertently with permissions that are too broad or not properly restricted.

What is Cloud Security? Types, Risks & Benefits Defined

With data breaches making the headlines almost daily, it can feel like you’re stuck in a never-ending discussion about how secure data is in the cloud. On one hand, cloud naysayers may be preaching cloud repatriation in response to the high profile cloud compromises of the last few years. On the other hand, being too sure of your data security is a major recipe for trouble — hubris has no place in cybersecurity.