You must have been asleep not to have heard about Splunk’s new mission - ‘to build a safer and more resilient digital world’. Why have we chosen this? Well, not because it is a snappy little tagline, but because we know how important digital resilience is to all of our customers in our ever changing times.

Cybersecurity is an ever-evolving game of cat and mouse. As security experts come up with new ways to protect valuable digital assets, cybercriminals develop craftier techniques to bypass these defenses. Enter threat hunting – the proactive practice of ferreting out those sneaky cyber-rodents.

During a recent Proof of Concept (PoC) for Splunk SOAR with an existing customer of Splunk Enterprise Security (ES), I was asked if it was possible to send events/containers available in Splunk SOAR to Splunk ES as a Notable Event. While the reverse process of sending ES Notable Events to Splunk SOAR is highly documented, I was surprised to find hardly any documentation about the use case my customer brought up during the PoC. Hence, my cue to write my first ever Splunk blog!

You keep your organization’s computers, devices and servers safe, but what about your employees’ devices? The security of their mobile phones, laptops, tablets and other devices is just as critical to your overall security posture. As company endpoints grow, so does their vulnerability. In fact, 66% of organizations are experiencing a growth in endpoint threats.

The Windows kernel driver is an interesting space that falls between persistence and privilege escalation. The origins of a vulnerable driver being used to elevate privileges may have begun in the gaming community as a way to hack or cheat in games, but also has potential beginnings with Stuxnet.

Through my career, I have been “fortunate” to work on some of the greatest national security challenges, ranging from weapons of mass destruction proliferation to terrorism to cyber insecurity. AI represents our newest challenge but will most comprehensively impact society.

In our first blog in the Splunk RBA series, we introduced Risk-Based Alerting (RBA) and covered the basic principles of RBA. In the rest of this series, we explain how you can plan and then implement RBA within your organization. Are your security teams drowning in data and overwhelmed with alerts? Are you thinking that there must be a better way, some esoteric or forbidden knowledge, to produce higher-fidelity alerts and keep your team from burning out?

L et’s start with this: Global research shows over half of organisations have had a data breach, and 62% suffer from unplanned downtime on a monthly basis. The recent research figures are a stark reminder of the prevalence and current nature of security threats. It may not come as a surprise to those who follow the constant stream of media reports detailing mistakes and malicious attacks.

Imparting your data to an organization, whether you are a private individual or another organization yourself, requires an incredible amount of trust. How can you be sure that they will handle your sensitive information properly? For specific industries, stringent standards and regulations are in place to ensure cybersecurity. For example, HIPAA for healthcare and PCI DSS for payment card processing companies reassure customers and companies that data is protected.

Today, we are happy to announce that version 2.2 of the OT Security Add-On for Splunk is now available on Splunkbase. This update adds capabilities based on industry best practices and customer feedback and is designed to help companies mature in their OT security journey.