Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

How to Stop Phishing Attacks: Lessons Learned From the JPMorgan Chase SOC Team

Phishing attacks aren’t going away anytime soon. The numbers from Verizon’s 2019 DBIR Report and SANS Institute prove only one thing: When you’ve done all you can to protect against phishing attacks, that means it’s time to do more.

The Power of Splunk Security Essentials + Accedian Skylight Powered Security

As new technologies emerge, end-to-end application stacks continue to grow, and connected devices become more omnipresent in everyday lives, our society will only become more intrinsically connected across multiple touchpoints. It’s even estimated that in the US alone, there will be roughly 200 billion IoT devices by the end of 2020.

Introducing the Splunk for CMMC Solution

On January 31st, 2020, the Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD A&S) published V1.0 of the Cybersecurity Maturity Model Certification (CMMC). The CMMC builds on DFARS both in terms of required practices and by establishing “trust, but verify” relationships with DoD contractors.

Delivering on Data's Promise Requires a Personal Touch

I have often heard it said that "data is the new oil" - it has value if it can be extracted and used correctly. How to extract value and leverage this opportunity - and occasional threat - is what I most commonly hear is keeping today's executives awake at night. From mom-and-pop shops to global enterprises, within nonprofits and the public sector, every leader wants to become data-driven. Unlocking the power of data is, obviously, critical to success.

Speed: A Security Analyst's Best Friend

In so many ways, speed is a security analyst’s best friend. From threat detection to containment to response – the faster you are, the more secure your business will be. It’s exactly why metrics like dwell time, MTTD (mean time to detect) and MTTR (mean time to respond) exist. It’s a barometer for the strength of your organization’s security, and a gauge of success for any good security team.

Announcing the latest version of Security Monitoring for Splunk App

It’s been a while since I have had the pleasure of announcing a new version of Security Monitoring (September 2018), but today I am doing just that. There is nothing better to inspire spending your evenings coding and playing with Splunk than your partner watching shows that just don’t interest you! For my UK friends, yes ‘Love Island’ is that show and for my more international friends "look it up!". So, what updates did I bring?

Detecting CVE-2020-0601 Exploitation Attempts With Wire & Log Data

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.

CVE-2020-0601 - How to operationalize the handling of vulnerabilities in your SOC

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.