Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk has been named #1 SIEM Provider in the Worldwide Security Information and Event Management Market Shares, 2022: The Multitude of SIEMs (doc #US51012523, July 2023). The continued recognition from IDC as a SIEM market Leader is a testament to our commitment to delivering a data-centric, modern solution that delivers data-driven insights for full-breadth visibility for our users.

Starting on Aug 25, 2023, we started to notice some unusually big HTTP attacks hitting many of our customers. These attacks were detected and mitigated by our automated DDoS system. It was not long however, before they started to reach record breaking sizes — and eventually peaked just above 201 million requests per second. This was nearly 3x bigger than our previous biggest attack on record.

Earlier today, Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric Distributed Denial of Service (DDoS) attacks.

According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations' ability to protect their businesses from cyber attacks. This is despite the fact that 96% of CEOs acknowledge the importance of cybersecurity for the growth and stability of their organizations.

Modern cloud applications are made up of thousands of distributed services and resources that support an equally large volume of concurrent requests. This level of scale makes it more challenging for engineers to identify system failures before they lead to costly outages. System failures are often difficult to predict in cloud environments, and security threats add another layer of complexity.

Security orchestration, automation, and response (SOAR) has an opportunity to be a game changer in how we tackle cyber risk, but there is a significant disconnect between the promises made by existing SOAR platforms and how organizations are able to realize their real-world operational and cost-saving efficiencies. All those automations that promise to eliminate late hours working on mundane stuff. All the orchestrations that promise to get things done faster.

“Purpose-built does not scale.” That’s what IDC says in its latest research report “How Hyperautomation Is Used to Reduce Gaps and Inefficiencies in Network Cybersecurity.” What does that mean? It means that your monitoring point products, like legacy SOAR, just don’t cut it any longer. They can’t scale in today’s hybrid cloud and multi-cloud environments without piling on more tools, further fueling tech stack sprawl.