Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today's data-driven world, businesses must navigate the complexities of data management while ensuring compliance with an ever-growing array of laws and regulations. Two concepts that often arise in this context are data sovereignty vs data residency. While related, these terms refer to distinct aspects of data management. Understanding their differences is crucial for businesses to make informed decisions on where to store their data and how to remain compliant with data protection regulations.

Like many concepts at the intersection of software engineering and cybersecurity, threat detection has emerged as a recent candidate to adopt the ‘as-code’ discipline to detection. This is driven by two key factors: Detection as Code is a new paradigm that brings a structured, systematic and flexible methodology for threat detection inspired by the as-code best practice of software engineering, commonly adopted in DevOps and Agile software development frameworks.

Baselines are an essential part of effective cybersecurity. They provide a snapshot of normal activity within your network, which enables you to easily identify abnormal or suspicious behavior. Baseline hunting is a proactive approach to threat detection that involves setting up a baseline of normal activity, monitoring that baseline for deviations, and investigating any suspicious activity.

Risks are everywhere. Online, in real life. Digital transformation and the rapid integration of cloud-based technologies has been met with an unprecedented increase in cybersecurity risks. In most cases, standard cybersecurity best practices and a strong mechanism for Identity and Access Management will take care of most exploits, vulnerabilities and human errors that lead to a data leak.

Since the Domain Name System (DNS) protocol is foundational for internet functionality, DNS traffic is allowed to move through firewalls without much scrutiny unlike HTTPS, FTP and SMTP. Malicious actors have successfully been able to exploit this advantage to transfer data between networks, which is beyond the original intention of DNS protocol.

If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.

In 2019, the UK Government (NSCS) conducted The UK Telecoms Supply Chain Review, to assess and address potential risks associated with the supply chain of telecommunications infrastructure in the country. The review highlighted the risks associated with reliance on certain vendors, particularly those with high-risk profiles. It also recommended increased oversight and regulation to mitigate security risks and protect critical national infrastructure.

The pandemic highlighted the fragility of the global supply chain ecosystem. Now every company is striving to ensure they will never be crippled by unforeseen supply chain issues. Mentions of “supply chain” in US SEC-filed annual reports more than doubled from 2019 to 2021 to nearly 5,000 as chief supply chain officers were reluctantly escorted into boardroom discussions to explain the business risk to their company.

The Center for Internet Security (CIS) defines CIS Critical Security Controls as: “A prioritized set of Safeguards to mitigate the most prevalent cyberattacks against systems and networks.” Essentially, CIS Controls are a framework of actions that organizations can take to improve their overall security posture. These controls are organized into categories and updated frequently to address emerging threats and technologies. In this article, we’ll look deeper into all 18 controls.

At Splunk, you may hear us pontificating on our ponies about how awesome and easy it is to use Splunk to hunt for threats. Why, all you need to do is use X and Y with Splunk to find a Z score (no zombies were injured) and BOOM! That baddie in your network is detected. Going back to at least a decade, we’ve tried to make it easy — as you’ll see in the resources below — and yet threat hunting is about as easy as telling someone how easy it is to draw an owl.