CrowdStrike Falcon Insight XDR™ and CrowdStrike Falcon LogScale™ were hot topics at Fal.Con 2022. We weren’t surprised — both are transformational technologies. They’re also complementary, which spurred some questions about how they work together to solve the toughest IT and security challenges. Here, we dig into the details and clear up some common questions about what these tools do, when they should be used and the value they provide.

Today’s reality is that you’ll never be 100% secure. Remote work and digital transformation add more access points, devices, and applications than ever before. At the same time, your team is constantly responding to alerts that could be an incident. Although, most often, it’s not. Basically, you need to reduce the mean time to investigate (MTTI) and the mean time to respond (MTTR).

A few weeks ago, Gartner named Splunk Enterprise Security a Leader in the 2022 Gartner® Magic Quadrant™ for SIEM. This is the ninth consecutive year that Splunk has been placed in the Leader’s quadrant. We’re honored to be recognized and we believe our placement is a testament to our commitment to delivering a data-centric security analytics solution that accelerates threat detection and investigations.

Log management maturity and cybersecurity maturity often mirror one another. In today’s highly connected world, companies need to live with risk. Organizations need to balance the risks they’re willing to accept and compare that to the amount of money they’re willing to spend. Centralized log management is often a way to get the security monitoring that you need. As you mature your log management strategy, you’ll often find that you mature your security posture as well.

Organizations today face an onslaught of attacks across devices, identity and cloud workloads. The more security telemetry an organization has to work with, the better threat hunters can contextualize events to find and remediate potential threats. Google recently announced Chrome Enterprise Connectors Framework, a collection of plug-and-play integrations with industry-leading security solution providers.

There's so much that can be accomplished with Splunk’s security tools. Today, we are going to focus on all the benefits of the InfoSec App for Splunk. The InfoSec app — which is an entitlement to Splunk customers — is powered by the Splunk platform, and relies on accelerated data models and the Common Information Model (CIM) to provide a consistent and normalized view into the event data that you’ll bring into Splunk.

The Splunk Threat Research Team (STRT) analyzed and developed Splunk analytics for this RAT to help defenders identify signs of compromise within their networks. Remote Access Trojans (RATs) are one of the most common tools used by threat actors as a malicious payload to attack targeted hosts and steal information. One example is the Dark Crystal RAT (DCRat) that is capable of remote access, post exploitation and data exfiltration.