Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

splunk

Laying the Foundation for a Resilient Modern SOC

Dec 7, 2023 By John Dominguez In Splunk
SecOps teams face more challenges than ever, including an expanded attack surface, an increased number of vulnerabilities, and a non-stop barrage of cyberattacks – all of which have materially increased organizational risk. According to Splunk’s State of Security Report 2023, security operations centers (SOCs) have become so overwhelmed that 23% of SOC analysts say they struggle with a high volume of security alerts. There are so many to process that 41% of those alerts are being ignored.
Read Post

Splunk SOAR Logic Loops Demo

Dec 7, 2023 By Splunk In Splunk
Logic Loops are a feature in Splunk SOAR that allow users to reduce the operational complexity of building and maintaining playbooks that require repeatable looping functionalities without having to write their own custom code. This iterative function allows users to automatically retry playbook actions if they fail, or continue with the rest of the playbook when the action succeeds. This function can be applied to use cases like sandbox engines for malicious URL quarantine and remediation as well as forensic investigation workflows.
View Video
devo

Reflecting on 2023: Evolving our Product, Deepening Partnerships, and Staying Committed to the Security Community

Dec 6, 2023 By Devo In Devo
As the new year approaches, security professionals and analysts alike are taking a step back to review what has transpired over the past twelve months. At Devo, 2023 was an exciting year full of change and progress. As we look forward to 2024, we want to take some time to reflect on Devo’s year across product enhancements, analyst recognition, partnerships, and community engagement.
Read Post
splunk

Navigating the Intersection of Cyber Threats, AI-Powered Challenges, and Digital Resilience to Safeguard Critical National Infrastructure

Dec 6, 2023 By Craig Bates In Splunk
In today's interconnected world, where technology and data are at the forefront of modern society, the protection of critical national infrastructure has become more crucial than ever. The convergence of cyber threats and advancements in artificial intelligence (AI) has created a complex landscape, making it imperative for organisations to develop strategies that enhance their ability to withstand and recover from digital challenges.
Read Post
splunk

Unmasking the Enigma: A Historical Dive into the World of PlugX Malware

Dec 6, 2023 By Splunk Threat Research Team In Splunk
In the ever-evolving landscape of cybersecurity threats, one name that consistently surfaces as a force to be reckoned with is "PlugX." This covert and insidious malware has left a trail of digital intrigue, combining advanced features with a knack for eluding detection. Its history is interwoven with cyber espionage, targeted attacks, and a continuous cat-and-mouse game with security experts (1)(2).
Read Post
splunk

SOAR: Security Orchestration, Automation & Response

Dec 6, 2023 By Chrissy Kidd In Splunk
An important piece of cybersecurity, SOAR solutions provide a single location for you to observe, understand, and decide how to respond to security incidents. Short for security orchestration, automation and response, true SOAR solutions are operational tools that can be very flexible and powerful, useful even beyond security use cases. In this article, we’ll explore what SOAR is, why it’s important for enterprises and how you can get the most value from your SOAR solution.
Read Post
splunk

Parsing Domains with URL Toolbox (Just Like House Slytherin)

Dec 1, 2023 By Tamara Chacon In Splunk
When hunting, advanced security Splunkers use apps. Specifically, three related apps from an incredibly generous man named Cedric Le Roux! (You can guess from the name that yes, he's French.) And frankly, you probably only know one: URL Toolbox. One of the most popular Splunk security apps of all time, URL Toolbox’s URL parsing capabilities have been leveraged by thousands who want to separate subdomain, domain, and top level domain (TLD) from a URL.
Read Post
splunk

Take a SIP: A Refreshing Look at Subject Interface Packages

Dec 1, 2023 By Michael Haag In Splunk
As defenders, we need to keep pace with all kinds of different aspects of the attack surface. For Windows, the attack surface seems to just continue beyond our grasp every way we look, especially when we start to dig into trust and the registry. As previously outlined in the Splunk Threat Research Team’s blog, "From Registry With Love: Malware Registry Abuses," the vast methods used by adversaries to persist and abuse the Windows registry goes deep.
Read Post
jfrog

JFrog Log Analytics with Datadog just got better!

Nov 30, 2023 By Shailendra Dhamankar In JFrog

The software supply chain today runs differently than it did just five years ago. The number of available tools, languages, and packages used have exploded. Further, the growing mix of OSS packages puts organizations at risk of outdated software, untracked dependencies, and non-compliant licenses. To add to the chaos, teams are now increasingly distributed and greater in number. All of this dramatically increases the number of inputs within the software supply chain.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.