Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2023

splunk

Cybersecurity Skills for Pros To Have in 2024

Dec 21, 2023 By Mariam Odusola In Splunk
So, you’re interested in cybersecurity! That’s great, because the whole world needs more skilled security professionals. Cybersecurity is the massive practice of “protecting computer and network systems against intrusion, theft or damage. It’s the main line of defense against a vast number of digital adversaries.” The consequences of bad cybersecurity is disastrous, potentially resulting in losses in the millions of dollars.
Read Post
splunk

OT Security Is Different, Isn't IT?

Dec 20, 2023 By Ronald Beiboer In Splunk
In 2010 suddenly everyone was talking about OT security. Stuxnet had arrived. In 2021, The Colonial Pipeline hack increased the attention on the security of operational technology again. Since then, we have encountered numerous incidents, and the risk of breaches within the OT environment has increased significantly. But why is OT security a separate ‘thing’ in security. What is the difference between OT and IT in the cyber security field?
Read Post
splunk

Risk Mitigation for Organizations: The Complete Guide

Dec 20, 2023 By Laiba Siddiqui In Splunk
Running a business involves taking calculated risks — but unexpected events can have devastating consequences. Risk mitigation is a process that helps companies identify potential risks and take proactive measures to mitigate them. In this blog, we'll explore the importance of risk mitigation and how businesses can protect their assets, reputation, and financial stability.
Read Post
splunk

Executive Order (EO) 14110: Safe, Secure & Trustworthy AI

Dec 20, 2023 By Abby Curtis In Splunk
More news about Artificial Intelligence (AI)? We know. It’s hard to avoid the chatter — and that’s for good reason. The rise of AI has many people excited for things to come. But many others are, quite understandably, concerned about the ethical implications of this powerful technology. Fortunately, the Biden Administration is working to address the concerns of the American people by governing the development and use of AI.
Read Post
splunk

SSL/TLS Web Security Certificates & Protocols

Dec 15, 2023 By Leanne Mitton In Splunk
Have you ever wondered about the tiny padlock icon in your browser and why it's there? This little padlock icon, along with the "https" in the URL, signifies that your connection to the website you're on is secure and encrypted using SSL/TLS protocols. It's a symbol that represents the security of all types of information transferred to and from your website — not just for ecommerce transactions.
Read Post
splunk

Introducing Our New SOAR Integrations: Why Panorama and FortiManager Users Should Be Excited

Dec 15, 2023 By Coty Sugg In Splunk
Hello there, cybersecurity aficionados! We're thrilled to unveil our latest and greatest Splunk SOAR apps, tailored for the giants of the firewall space: Panorama and FortiManager. These sophisticated apps help us deliver the most compelling automation for our community, no matter the tools they have deployed. Much like our playbooks packs from earlier this year, these integrations are another great way for users to align their incident response approach to MITRE D3FEND.
Read Post
splunk

Software Liability Explained

Dec 11, 2023 By Shanika Wickramasinghe In Splunk
Software liability is an increasingly important area for every software development company and team. At its core, software liability is about protecting users from damages caused by software issues. As more software is in use than ever before, there’s a lot of ways that software — and its manufacturers — could be held responsible for certain actions or inactions. Indeed, even the rise of cyber insecurity globally could fall into this murky area.
Read Post
splunk

SOC Models: In-House, Out-Sourced, or Hybrid SOC?

Dec 11, 2023 By Kirsty Paine In Splunk
There’s no single perfect, one-size-fits-all SOC model. Leaders are still unsure whether to bring the SOC in-house, get it outsourced, or do a mix of these two approaches (the so-called hybrid SOC). How do you choose? Investing now in the right model (with adaptability and portability as key considerations) might not be glamorous, but it will set you up for success in the future.
Read Post
splunk

Data Privacy: The Ultimate Guide

Dec 11, 2023 By Muhammad Raza In Splunk
Today, data privacy is the new strategic priority for many companies. Prioritizing data privacy boils down to two key drivers: Indeed, the awareness piece has grown significantly, both leading to and because of stringent data privacy regulations, including GDPR and CCPA, the California Consumer Privacy Act. (First time on Splunk.com? You might see a pop-up banner specifically for you to opt in or out.) So, let’s take a look at the concept of data privacy and what’s behind it.
Read Post
splunk

Reduce Operational Complexity with Splunk SOAR Logic Loops

Dec 8, 2023 By Senthil Nithiyananthan In Splunk
Last week, we released Splunk SOAR 6.2 (Security Orchestration Automation and Response) and in the accompanying announcement blog, we highlighted some of the new key features found in this release. Today, we want to take a more in-depth look at one of those features, logic loops, and show how they make it easier than ever for security engineers and analysts to save time and cut down on repetitive manual tasks.
Read Post
splunk

Laying the Foundation for a Resilient Modern SOC

Dec 7, 2023 By John Dominguez In Splunk
SecOps teams face more challenges than ever, including an expanded attack surface, an increased number of vulnerabilities, and a non-stop barrage of cyberattacks – all of which have materially increased organizational risk. According to Splunk’s State of Security Report 2023, security operations centers (SOCs) have become so overwhelmed that 23% of SOC analysts say they struggle with a high volume of security alerts. There are so many to process that 41% of those alerts are being ignored.
Read Post

Splunk SOAR Logic Loops Demo

Dec 7, 2023 By Splunk In Splunk
Logic Loops are a feature in Splunk SOAR that allow users to reduce the operational complexity of building and maintaining playbooks that require repeatable looping functionalities without having to write their own custom code. This iterative function allows users to automatically retry playbook actions if they fail, or continue with the rest of the playbook when the action succeeds. This function can be applied to use cases like sandbox engines for malicious URL quarantine and remediation as well as forensic investigation workflows.
View Video
splunk

Navigating the Intersection of Cyber Threats, AI-Powered Challenges, and Digital Resilience to Safeguard Critical National Infrastructure

Dec 6, 2023 By Craig Bates In Splunk
In today's interconnected world, where technology and data are at the forefront of modern society, the protection of critical national infrastructure has become more crucial than ever. The convergence of cyber threats and advancements in artificial intelligence (AI) has created a complex landscape, making it imperative for organisations to develop strategies that enhance their ability to withstand and recover from digital challenges.
Read Post
splunk

Unmasking the Enigma: A Historical Dive into the World of PlugX Malware

Dec 6, 2023 By Splunk Threat Research Team In Splunk
In the ever-evolving landscape of cybersecurity threats, one name that consistently surfaces as a force to be reckoned with is "PlugX." This covert and insidious malware has left a trail of digital intrigue, combining advanced features with a knack for eluding detection. Its history is interwoven with cyber espionage, targeted attacks, and a continuous cat-and-mouse game with security experts (1)(2).
Read Post
splunk

SOAR: Security Orchestration, Automation & Response

Dec 6, 2023 By Chrissy Kidd In Splunk
An important piece of cybersecurity, SOAR solutions provide a single location for you to observe, understand, and decide how to respond to security incidents. Short for security orchestration, automation and response, true SOAR solutions are operational tools that can be very flexible and powerful, useful even beyond security use cases. In this article, we’ll explore what SOAR is, why it’s important for enterprises and how you can get the most value from your SOAR solution.
Read Post
splunk

Parsing Domains with URL Toolbox (Just Like House Slytherin)

Dec 1, 2023 By Tamara Chacon In Splunk
When hunting, advanced security Splunkers use apps. Specifically, three related apps from an incredibly generous man named Cedric Le Roux! (You can guess from the name that yes, he's French.) And frankly, you probably only know one: URL Toolbox. One of the most popular Splunk security apps of all time, URL Toolbox’s URL parsing capabilities have been leveraged by thousands who want to separate subdomain, domain, and top level domain (TLD) from a URL.
Read Post
splunk

Take a SIP: A Refreshing Look at Subject Interface Packages

Dec 1, 2023 By Michael Haag In Splunk
As defenders, we need to keep pace with all kinds of different aspects of the attack surface. For Windows, the attack surface seems to just continue beyond our grasp every way we look, especially when we start to dig into trust and the registry. As previously outlined in the Splunk Threat Research Team’s blog, "From Registry With Love: Malware Registry Abuses," the vast methods used by adversaries to persist and abuse the Windows registry goes deep.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.