Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your business runs on servers. Without your DNS server, your users wouldn’t be able to connect to online resources. Without your proxy servers, your local networks would be visible across the public internet. Without your database servers, your organization wouldn’t be able to execute the queries that enable them to make data-driven decisions. Since servers are critical to business operations, threat actors value them.

A wise person once said that you should use the lookup command before you go threat hunting. Or, as I hear it in my head, “Look it up before you go-go…hunting”, a la WHAM!:   In this must-read tutorial for hunting in Splunk, we’re looking at the lookup command, including what it does and how and where to use it for threat hunting. Let’s get started! (This article is part of our Threat Hunting with Splunk series. We’ve updated it recently to maximize your value.)

Vulnerability scanning is the process of identifying security weaknesses and flaws in systems and software running on them. It's part of a vulnerability management program that protects organizations from data breaches. IT departments or third-party security service providers scan for vulnerabilities using vulnerability scanning tools. Doing so helps predict how effective countermeasures are in case of a threat or attack.

Back in the early days of corporate networking, IT departments typically deployed firewalls to keep employees from accessing non-work related content, like social media sites. While content filtering remains part of a firewall’s job, it’s no longer the primary reason for using one. In today’s connected world, firewalls are fundamental to network security.

The way we work has drastically changed since the start of the pandemic. With more companies adopting remote and hybrid work models, there has been a 600% increase in cybercrime and 65% of organizations have seen a measurable increase in attempted cyberattacks, which is particularly problematic since, according to the 2022 Splunk State of Security report, 78% say remote workers are harder to secure.

Supply chain security issues are not exactly new. High-profile attacks, like SolarWinds in 2020, were a big wake-up call for many people because they brought home just how far-reaching and destructive these attacks could be. The threat from supply chain partners remains one of the most significant risks to security beaches. The SANS 2023 Attack and Threat Report found that 40% of breaches in 2022 occurred through supply chain partners.

Bots have become integral to our lives, offering many benefits across various industries. Of all these bots, there are good bots, bots for telling dad jokes and (significantly less cool) bots focused on distributing malware. Understanding the types of bots out there should help you harness the power of good bots while helping you identify bots to avoid. This article will explore all types of bots, empowering you to make informed decisions and reap the rewards while keeping risks at bay.