San Francisco, CA, USA
Aug 11, 2022   |  By Stephen Watts
People often ask me, “What’s the purpose of cybersecurity?” I tell them that it serves to protect the valuable, intangible data assets of firms or private individuals, usually by trying to shrink the attack surface. One way to achieve cybersecurity is to utilize threat intelligence research in your firm’s security plan. In this article, I will discuss the benefits of understanding and implementing a threat intelligence program.
Aug 10, 2022   |  By Stephen Watts
Cyberattacks are constantly changing. That you know. But how are they changing? And which types of threats are the most prominent today? Those are the real questions you need to answer to stay ahead of modern security risks. Keep reading for a primer on the most prevalent types of cyber security threats in 2022, along with insights on how to build a defense strategy against them. (For a comprehensive view, check out our cybersecurity threats explainer.)
Aug 10, 2022   |  By Paul Agbabian
There’s a myth from antiquity known as the Tower of Babel, where people were working together to build a tower to the heavens, only to lose the ability to communicate with one another via divine intervention. Essentially, the groups began speaking their own languages and were unable to complete the tower. So, why are we talking about myths in a cybersecurity blog?
Aug 6, 2022   |  By Chrissy Kidd
Try going one day without navigating today’s data landscape — accepting or declining cookie pop-ups, determining whether and how a company can use your information, and all the data you’re generating simply by browsing the web. Yes, we live in the Data Age. We know we generate mind-boggling amounts of data. The data we generate in a single day is an unfathomable amount (2.5 quintillion bytes if you can do that math). More formally, we say that data has been democratized.
Aug 3, 2022   |  By Tom Smit
The Summer of Security continues! Hot on the heels of security announcements at.conf22 and a brand new Splunk Security Essentials 3.6.0, we’re excited to announce the availability of User Behavior Analytics (UBA) version 5.1.
Aug 2, 2022   |  By Anna Mensing
With the advances in technology and an unpredictable macro environment, IT professionals have to deal with a deluge of data, increasing cyberthreats, distributed infrastructure and workforce, a mix of modern and monolithic apps and hybrid environments. Although there is significant momentum towards the Cloud, many organizations cannot move all of their data to the public cloud due to security, compliance or technical constraints.
Jul 26, 2022   |  By Splunk Threat Research Team
As described in Splunk Vulnerability Disclosure SVD-2022-0624, there is a list of SPL (Search Processing Language) commands that are classified as risky. This is because incorrect use of these risky commands may lead to a security breach or data loss. As a precautionary measure, the Splunk Search app pops up a dialog, alerting users before executing these commands whenever these commands are called.
Jul 22, 2022   |  By Alex Salesi
We hope that you had a blast at.conf22 whether you attended in-person or virtually! To keep the good vibes of.conf rolling, we are releasing Splunk Security Essentials 3.6.0. For those new here, Splunk Security Essentials (SSE) is a fully supported app that is available to install from Splunkbase. There is so much to be excited about in this update and we can’t wait for you to make the most of all the new benefits.
Jul 18, 2022   |  By Stephen Watts
In a-near perfect world, you would instantly fix your application every time a relevant CVE was issued. (In a truly perfect world, of course, there would be no security incidents, and hence no CVEs in the first place.) But in the real world, reacting to CVEs requires a careful calculation. You need to assess whether each CVE is serious enough to warrant the rejection of a build and a delay of a release.
Jul 15, 2022   |  By Matthias Maier
The German IT Security Act 2.0 (IT-SiG 2.0) has been in force since May 2021. Due to this new law, significantly more German companies have been classified as operators of critical infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?"
Aug 11, 2022   |  By Splunk
Join Mick and Ryan as they travel to the desert to experience Hacker Summer Camp 2022. They'll discuss what exciting new cyber thought leadership they've picked up in a day or two, the heat, how much they miss Audra, and what's happened in the world since.conf22.
Jun 9, 2022   |  By Splunk
Join the SURGe Team with a guest from the land down under, a recap of important news in the security landscape, a discussion on RSA, and a special interview with Danielle Jablanski of Nozomi Networks!
Jun 1, 2022   |  By Splunk
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk broke down the Follina/MSDT zero day vulnerability (CVE-2022-30190), rounded up the latest ransomware activity, and discussed supply chain risk related to Python and PHP libraries. Mick and Ryan competed in a 60 second charity challenge to explain LOLBins before taking a deep dive into the 2022 Verizon Data Breach Investigations Report.
May 18, 2022   |  By Splunk
Coffee Talk with SURGe! Grab a cup of coffee and join Audra Streetman, Mick Baccio, and special guest Haylee Mills for another episode of Coffee Talk with SURGe. The team from Splunk discussed a ransomware attack that prompted Costa Rica to issue a state of emergency, a cardiologist in Venezuela accused of building ransomware tools, and an alert from CISA warning about cyber threats to MSPs. This week Audra and Haylee competed in a 60 second charity challenge on "certs vs. degrees" in cybersecurity before taking a deep dive into Splunk Risk-Based Alerting.
May 11, 2022   |  By Splunk
Splunk's State of Security report for 2022 found that security organizations face more — and more serious — challenges than ever before. Exacerbated by the pressures of the pandemic, the rise of dangerous avenues of attack and a crisis of staff burnout, security teams are dealing with a lot: 78% of security and IT leaders say that remote workers are harder to secure 65% of organizations have reported an uptick in attacks during the pandemic 73% within the industry have reported colleagues quitting due to burnout
May 4, 2022   |  By Splunk
Grab a cup of coffee and join Ryan Kovar, Audra Streetman, and Mick Baccio for another episode of Coffee Talk with SURGe. This week the team from Splunk discussed CISA's list of the top exploited vulnerabilities for 2021, Mandiant's analysis of 80 zero-days exploited in the wild last year, and signs the ransomware group REvil may be back in operation. Mick and Ryan competed in a 60 second charity countdown on how to solve the talent crisis in cybersecurity before taking a deep dive into the topic of zero-days and vulnerability mining.
Apr 27, 2022   |  By Splunk
In this special edition of Koffee Talk, Ryan Kovar discusses the whitepaper titled, “An Empirically Comparative Analysis of Ransomware Binaries” authored by SURGe member Shannon Davis. The research reveals that the average ransomware encryption speed is likely beyond the capabilities of most blue teams to detect and mitigate. Shannon will also explain what this means for network defense. Join Ryan and Shannon for this in-depth discussion with snark, deadpan humor, and a look at SURGe’s next phase of ransomware research.
Apr 20, 2022   |  By Splunk
This week Audra Streetman, Ryan Kovar, and Mick Baccio from Splunk discussed the latest security news, including the MS-RPC vulnerability CVE 2022 26809, a CISA alert about the North Korean state-sponsored Lazarus Group, and Sunday's 60 Minutes episode on the threat of Russian cyberattacks targeting U.S. critical infrastructure. Mick and Ryan also competed in a 60 second charity challenge to explain why Americans should be concerned about the potential for a Russian cyberattack targeting U.S. critical infrastructure.
Apr 6, 2022   |  By Splunk
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news and compete in a 60 second charity challenge. You don't want to miss it!
Mar 29, 2022   |  By Splunk
Did you know the median time for ransomware to encrypt nearly 100,000 files is 42 minutes and 52 seconds? This speed is likely beyond the capabilities of most organizations to respond effectively before encryption is complete. These findings are the result of research published by SURGe, Splunk’s strategic cybersecurity research team.
Oct 21, 2018   |  By Splunk
The hype around artificial intelligence (AI) and machine learning (ML) has exploded, sometimes overshadowing the real uses and innovations happening everyday at organizations across the globe. The reality is that applying AI and ML to data-dependent challenges presents opportunity for better security, faster innovation and overall improved efficiency.
Jun 1, 2018   |  By Splunk
Do you have a plan for cybersecurity? Digital technology is touching every aspect of our lives, which is giving bad actors unlimited runway to create new threats daily. It's this atmosphere that makes it imperative that organizations are prepared, informed and actively hunting for adversaries.
Jun 1, 2018   |  By Splunk
Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 45 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.
May 25, 2018   |  By Splunk
How can you utilize machine data to be prepared for the General Data Protection Regulation of the European Union?
Apr 1, 2018   |  By Splunk
A security information event management (SIEM) solution is like a radar system that pilots and air traffic controllers use. Without one, enterprise IT is flying blind. Although security appliances and system software are good at catching and logging isolated attacks and anomalous behavior, today's most serious threats are distributed, acting in concert across multiple systems and using advanced evasion techniques to avoid detection.
Apr 1, 2018   |  By Splunk
Security incidents can happen without warning and they often go undetected for long periods of time. Organizations struggle to identify incidents because they often work in silos or because the amount of alerts is overwhelming and hard to determine the signals among the noise.
Mar 1, 2018   |  By Splunk
All data is security relevant and defending against threats involves every department in a company. With cyberthreats and bad actors constantly evolving, it is imperative for everyone in an organization to come together to identify and protect critical data.
Feb 1, 2018   |  By Splunk
Recent cyberattacks have made it clear that organizations of all sizes need to focus on a holistic and cohesive security strategy. Security operations centers (SOCs) have become a focal point in this effort, consolidating the right people, processes and technology to mitigate and remediate attacks.
Jan 1, 2018   |  By Splunk
Current IT security tools and mindsets are no longer adequate to meet the scope and complexity of today's threats. Internet security has evolved over the last ten years but advanced persistent threats and the sophistication of the malware have fundamentally changed the way security teams must think about these new threats and the tools used for detective controls.

Splunk produces software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.

Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can giveyou the answers you need to solve your toughest IT, security and business challenges—with the option todeploy on-premises, in the cloud or via a hybrid approach.

Work the Way Your Data Works:

  • Real-Time: Splunk gives you the real-time answers you need to meet customer expectations and business goals.
  • Machine Data: Use Splunk to connect your machine data and gain insights into opportunities and risks for your business.
  • Scale: Splunk scales to meet modern data needs — embrace the complexity, get the answers.
  • AI and Machine Learning: Leverage artificial intelligence (AI) powered by machine learning for actionable and predictive insights.

Any Question. Any Data. One Splunk.