In the cyber age, data has become nearly as valuable as oil. While this market shift offers many new learning and growth opportunities for professionals across industries, the immeasurable amount of data is often quite overwhelming to non-analysts, leaving them feeling more lost than when they began their inquiries. ‍ This situation often rings true for cybersecurity leaders tasked with protecting an organization's digital assets against attacks and increasingly malicious actors.

The annual doctor wellness check always interests me. It’s generally the same routine every year: The doctor and I exchange pleasantries. She asks about any noticeable health changes while looking in my ears with that cool little penlight. If I’m lucky, she uses the mini-hammer to see how high my leg kicks after a gentle knee tap (I just love that for some reason). But it’s all a bit of a show, isn’t it?

AgentTesla is a Windows malware written in.NET, designed to steal sensitive information from the victim's system. It’s considered commodity malware given its accessibility and relatively low cost. Commodity malware poses a significant threat as it enables less sophisticated cybercriminals to conduct various types of cyberattacks without requiring extensive technical knowledge. AgentTesla has been a persistent and widespread threat since its emergence in 2014.

Browser extensions are a classic shadow IT concern. Assessing the reputation and security of a browser extension is crucial before installing it on a company computer, as extensions often have wide-ranging permissions that could be abused for data theft or other malicious activities. In an open environment style company, extensions generate significant shadow IT risk that needs to be managed and addressed.

Splunk Enterprise and Splunk Cloud Platform, along with the premium products that are built upon them, are open platforms, which allow third party products to query data within Splunk for further use case development. In this blog, we will cover using Amazon SageMaker as the ISV product using the data within Splunk to further develop a fraud detection use case to predict future risk scores.

Telecommunications, Internet Service Providers, and Cloud Providers are some of the most critical sectors on the planet. They enable global connectivity, provide access to a wealth of information in real time, and transform business operations. As the foundation of modern communication, these industries have ushered in countless innovations and propelled society forward.

As businesses have evolved, so have cybercriminals and the means they use to try and penetrate their digital assets. Every day, new threats arise and unscrupulous organisations create means to attack physical networks, cloud services, and other key business functions and this is why having a robust cyber security risk management plan is critical.

As organizations increasingly rely on external vendors and enterprise buying patterns continue to decentralize, the challenge of managing risk associated with third parties becomes critical. Unfortunately, even uncovering vendor relationships within an organization can be a struggle, with over 80% of workers admitting to using non-approved SaaS applications. This ‘Shadow IT’ is not only frustrating; it introduces tremendous risk.

Communication protocols govern data transmission between computer networks. These protocols, such as File Transfer Protocol (FTP) and Simple Mail Transfer Protocol (SMTP), determine how data is transferred between devices through a port, which is a unique connection endpoint for a specific service. Because file transfer moves files over the internet, insecure file transfer ports create opportunities for hackers to send their own malicious payload or for other threat actors to intercept traffic.

As third party outsourcing and cloud services become commonplace for enterprise organizations, security leaders need to understand and assess the cybersecurity risks of businesses that they partner with for “technology infrastructure services.” Security leaders want accurate, up-to-date information about their infrastructure provider’s security policies, procedures, and program performance so they can better understand risks to their own organizations.