Financial services institutions (FSIs) have become an increasingly common target for malicious actors. According to Boston Consulting Group, FSIs are 300 times more likely to face cyber attacks than other sectors, and the 2022 VansonBourne report noted that 94% of the FSIs it surveyed experienced a cyber attack in the last 12 months.

Netskope has recently released two exciting enhancements to our Advanced UEBA product. The enhancements are: Together, these two new features streamline operationalization of Advanced UEBA by providing operators alerts when it identifies users exhibiting risky behavior and an at-a-glance summary of the risky activity observed for each user.

Endpoint Detection and Response (EDR) alerts are what happens when an EDR system decides that event data from an agent installed on an endpoint, or several endpoints, shows a potential threat. This doesn’t mean that every EDR alert is a malicious event in progress. Many are “false positives” or malicious behaviour that is actually not a threat.

In our last RBA blog post, we introduced the Splunk RBA journey and how to plan for a successful implementation. In this post, we dive deeper into the four levels of this journey. One of the things I've discovered in working with Splunk customers is that there is a big difference between an initial trial of RBA and using it effectively in a production environment.

In life, you get a lot of different alerts. Your bank may send emails or texts about normal account activities, like privacy notices, product updates, or account statements. It also sends alerts when someone fraudulently makes a purchase with your credit card. You can ignore most of the normal messages, but you need to pay attention to the fraud alerts. Security is the same way.

In our last RBA blog post, we talked about some of the problems RBA can help solve. In this post, we explain the methodology we use with Splunk customers as their security teams start working with RBA. In working with our customers, the Splunk Superstar RBA Braintrust has developed a powerful methodology to kickstart your RBA implementation. From first moves to production, these four levels take you step-by-step through the process of successfully getting RBA up and running.

In our first blog in the Splunk RBA series, we introduced Risk-Based Alerting (RBA) and covered the basic principles of RBA. In the rest of this series, we explain how you can plan and then implement RBA within your organization. Are your security teams drowning in data and overwhelmed with alerts? Are you thinking that there must be a better way, some esoteric or forbidden knowledge, to produce higher-fidelity alerts and keep your team from burning out?

Proactive event notification is one of the most valuable components of centralized log management and SIEM. It allows us to identify problems, misconfigurations, and potential security risks at an early stage. One of the ways we can improve event notification within Graylog is through the use of Lookup Tables.