Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With the rising tide of data breach awareness, your senior leadership is asking you to mitigate cybersecurity risk with security analytics. You’ve built up the use cases and started researching different platforms. Then, you realized: you’re not sure you have the budget. The typical security analytics platforms come with upfront technology costs as well as the “hidden fees” associated with training your team members. You know you need to use analytics to help mitigate risk.

If you haven't heard the gospel of risk-based alerting (RBA) in a SIEM context, by the end of this sermon you'll see why you’ll want it running in your environment yesterday, whether you're an analyst, an engineer, or in leadership.

As the trend toward having a more distributed labor force working remotely part or full time persists, Splunk continues to see strong customer demand for more visibility into the security of the productivity and collaborative products their employees use. To assist with these requests, we’re excited to announce the release of Splunk Add-On for Google Workspace 2.0. This second major release includes important changes requested by our customers and valuable new functionality.

It’s been a week. A long week. After the most recent Board of Directors meeting, your senior leadership tasked you with finding a security analytics solution. Over the last month, you’ve worked with leadership to develop some basic use cases to determine which solution meets your security and budget needs. You started your research, but everything on the market seems really overwhelming. The Security Information and Event Management (SIEM) tools have the capabilities you want - and then some.

Cyberattacks are fast becoming a part of our daily lives. Multiple sources such as Norton Security and Forbes suggest that since the pandemic, attacks are not only increasing in number, but they are becoming more targeted and sophisticated. The attackers using Ransomware as a Service and double extortion techniques are prime examples of how sophisticated attacks are becoming these days. Norton Security states that there are more than 2,200 cyberattacks on a daily basis.

Editor’s note: Latest update, April 6, 2022, 7:30 p.m. U.S. EDT — This post now includes an example query to aid SOC teams in generating alerts for their specific WAF data sources. See the section “Create New Web Application Firewall (WAF) Rules” for details. A critical zero-day vulnerability in Java’s popular Spring Core Framework is being actively targeted, according to multiple reports submitted to Bleeping Computer.

It’s time again for another meeting with senior leadership. You know that they will ask you the hard questions, like “how do you know that your detection and response times are ‘good enough’?” You think you’re doing a good job securing the organization. You haven’t had a security incident yet. At the same time, you also know that you have no way to prove your approach to security is working. You’re reading your threat intelligence feeds.

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.

The Splunk Threat Research Team is actively monitoring the emergence of new threats in the cyber domain of ongoing geopolitical events. As we have shown previously in several releases, including HermeticWiper and CaddyWiper, actors in this campaign are deploying, updating, and modifying stealthier malicious payloads. On March 17th, 2022, the Ukraine CERT discovered a new malicious payload named DoubleZero Destructor (CERT-UA #4243).

This is the third post in the Threat-Based Methodology blog series. In the first post, we introduced Threat Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. In that post, we ended by listing the top seven controls based on their Protection Value. The second post explored configuration settings in greater depth and explained how Devo supports the ability to meet the CM-6 control.