There's so much that can be accomplished with Splunk’s security tools. Today, we are going to focus on all the benefits of the InfoSec App for Splunk. The InfoSec app — which is an entitlement to Splunk customers — is powered by the Splunk platform, and relies on accelerated data models and the Common Information Model (CIM) to provide a consistent and normalized view into the event data that you’ll bring into Splunk.

The Splunk Threat Research Team (STRT) analyzed and developed Splunk analytics for this RAT to help defenders identify signs of compromise within their networks. Remote Access Trojans (RATs) are one of the most common tools used by threat actors as a malicious payload to attack targeted hosts and steal information. One example is the Dark Crystal RAT (DCRat) that is capable of remote access, post exploitation and data exfiltration.

The fourth annual Devo SOC Performance ReportTM shows security professionals believe the SOC is significant to their organization’s cybersecurity strategy. As noted in our last blog, 77% of respondents say their SOC is “very important” or “essential” to their organization. But there’s pain behind the scenes as well. The report notes the majority of security professionals are feeling overwhelmed due to too much work and not enough resources.

Security hygiene is the process of reviewing your current cybersecurity posture and implementing security controls that mitigate data breach risks. As you mature your security hygiene, you create a centralized log management strategy that defines a path to a more robust posture. As part of this, you need to accommodate for the way threats evolve, including those unique to your specific industry or business.

Splunk introduced Federated Search in July 2021 to much fanfare. We won’t go into too much detail about how it works because there is already a great writeup in a previous blog along with Splunk Federated Search documentation.

The fourth annual Devo SOC Performance ReportTM shows that issues facing organizations since the start of the global pandemic in early 2020 continue to affect SOC performance, including challenges in hiring and retaining SOC talent. Based on the independent survey of more than 1,000 global cybersecurity professionals commissioned by Devo and conducted in the Summer of 2022, the report examines current SOC trends and challenges. The good news?

It will not come as a surprise to you that fraud and financial crime is continuing to challenge organizational business and cyber resiliency plans. Odds are you have dealt with fraud firsthand, or know someone experiencing the pains caused by fraud. Back in 2020 we shared some thoughts about how we believe leveraging a data platform like Splunk can help you gain more anti-fraud value and insights from your data and showed how you can determine what your data is worth.

One of the most important features Teleport has to offer is that it centralizes all of your infrastructure’s audit logging into one central place, mapping every query, every command and every session to an individual user's identity. As you hire more engineers and resources scale, it can become increasingly difficult to manage all of this log data. Luckily Teleport’s extensibility makes this log data extremely easy to format, export and monitor all in a secure, event-driven way.