Logging

You keep your organization’s computers, devices and servers safe, but what about your employees’ devices? The security of their mobile phones, laptops, tablets and other devices is just as critical to your overall security posture. As company endpoints grow, so does their vulnerability. In fact, 66% of organizations are experiencing a growth in endpoint threats.

The Windows kernel driver is an interesting space that falls between persistence and privilege escalation. The origins of a vulnerable driver being used to elevate privileges may have begun in the gaming community as a way to hack or cheat in games, but also has potential beginnings with Stuxnet.

Through my career, I have been “fortunate” to work on some of the greatest national security challenges, ranging from weapons of mass destruction proliferation to terrorism to cyber insecurity. AI represents our newest challenge but will most comprehensively impact society.

In our first blog in the Splunk RBA series, we introduced Risk-Based Alerting (RBA) and covered the basic principles of RBA. In the rest of this series, we explain how you can plan and then implement RBA within your organization. Are your security teams drowning in data and overwhelmed with alerts? Are you thinking that there must be a better way, some esoteric or forbidden knowledge, to produce higher-fidelity alerts and keep your team from burning out?

This is the first post in a series on the pillars outlined in the new US National Cybersecurity Strategy. I review each pillar in turn, and then discuss how services such as Devo can help address the challenges outlined in that pillar.

L et’s start with this: Global research shows over half of organisations have had a data breach, and 62% suffer from unplanned downtime on a monthly basis. The recent research figures are a stark reminder of the prevalence and current nature of security threats. It may not come as a surprise to those who follow the constant stream of media reports detailing mistakes and malicious attacks.

Imparting your data to an organization, whether you are a private individual or another organization yourself, requires an incredible amount of trust. How can you be sure that they will handle your sensitive information properly? For specific industries, stringent standards and regulations are in place to ensure cybersecurity. For example, HIPAA for healthcare and PCI DSS for payment card processing companies reassure customers and companies that data is protected.

In a world where attackers can move fast, security teams need to move faster. According to SANS research from 2022, adversaries can perform intrusion actions within a five-hour window. While analysts need the Millennium Falcon of security technologies that enable threat detection and response in under twelve parsecs, increasingly complex IT environments make the 1-10-60 Framework feel unachievable.

Today, we are happy to announce that version 2.2 of the OT Security Add-On for Splunk is now available on Splunkbase. This update adds capabilities based on industry best practices and customer feedback and is designed to help companies mature in their OT security journey.