Operations | Monitoring | ITSM | DevOps | Cloud

April 2020

How to Use Splunk Security Solutions to Improve Incident Response: Lessons Learned from the GE Digital Predix SOC Team

As the responsibilities of the Security Operation Center (SOC) continue to increase, SOC teams are experiencing increased demand on their time and resources. Scaling a security team with little resources and funds can prove extremely difficult, especially when the incident response team spends most of their time chasing alerts.

The SRE Dogfood Series: SignalFx SRE Team

Splunk is a tech company, which regularly gives us exposure to modern development practices, and the ability to implement them with our own technology. We want to share that with you. In this post, as part of a dogfooding series, I sat down with Ram Jothikumar, Head of Cloud Infrastructure & Operations for Observability at Splunk. Ram and I talk about how we support our SignalFx offering at scale, efficiently with resilience and reliability baked in.

Your Employees Are Superheroes, but This Superpower Might Be a Security Risk

Many people are working from home (WFH) now and will be for at least the next few weeks. The VPN and TLS connections that remote workers rely on allow for secure access, and although these are not new connection types to monitor, the current WFH situation has created a significant increase in the number of these connections you must monitor. This new WFH scenario has made one thing easier: mobile users are no longer mobile.

The Easy Guide to Adding COVID-19 Context to Any Process

Recently, my colleagues Ryan Kovar and Lily Lee created TA-covidIOCs, which is a Splunk TA designed for ingesting IOCs related to COVID-19. Per usual, I immediately saw this as an opportunity to hitch a ride on their coattails and benefit from their hard work. The product of this effort is a Splunk Phantom playbook uncreativly titled, "COVID-19 Indicator Check." The playbook is a simple, self-contained set of actions that takes MD5 file hashes, IPs, domains, and URLs as input.

Analyze Metric and Event Data on the Same Platform

Analyze both metric and event data on the same platform regardless of source or structure. With Splunk metric indexes, you can quickly and easily ingest, store, and analyze metrics — whether in the Analytics Workspace or with SPL — so you can deliver positive business results. Get the most value out of your data with Splunk.

Splunk is Lambda Ready: Announcing a New Partnership with AWS

We are excited to announce that Splunk has partnered with AWS in launching a new AWS Service Ready program – Lambda Ready. This designation recognizes that Splunk provides proven solutions for customers to build, manage and run serverless applications. AWS Lambda Ready designation establishes Splunk as an AWS Partner Network (APN) member that provides validated integrations and proven customer success with a specific focus on observability and monitoring of Lambda Functions.

Google GSuite to Splunk HEC Configuration

Google Cloud recently expanded the list of GSuite audit logs that you can share with your Cloud Audit Logs, part of your organization’s Google Cloud’s account. This is awesome news and allows administrators to audit and visualize their GSuite Admin and Login activity in Splunk real-time via the same method used to stream Google Cloud logs and events into Splunk, using the Google-provided Pub/Sub to Splunk Dataflow template.

Protecting Your Assets: It's Not Just About Servers and Laptops!

In most of our blogs, we spend a TON of time going on about protecting our endpoints, looking at sysmon, checking the firewall, correlating IDS data and the like… Today, we're going to shift gears a bit and look at security from a different angle. Recently, there has been a tremendous focus on the shifting paradigm of a workforce that primarily resides in corporate offices, to a highly virtual workforce sitting at their kitchen tables.

Splunk Remote Work Insights: Zoom In Now!

When we made Splunk Remote Work Insights (RWI) available a few weeks ago, we knew we wanted to share the power of Splunk so any organization could use it to get insights on critical business activities and keep their remote workforces connected. We continue to receive a positive response from our customers and community, as many are leveraging the RWI dashboards and resources to help answer these key questions.

How Efficiency Depends on Observability

If you hadn't heard the term “this is the new normal” yet today, then you haven't been listening. While right now is not normal, current events have us all wondering how the work environment is going to change once we get there. There are a few things that we can expect: Having pipelines and applications that are observable is key to all of this.

The Launch of Splunk Ideas

The "Q1 2020: Splunk Ideas" blog is officially live! This blog post is the first in a quarterly series that aims to educate and deliver status updates on "Splunk Ideas." In this post, I will cover the history and goals of Splunk Ideas and supply some information about our initial success. Next quarter’s post will focus on the lifecycle of an Idea, with details on our internal process of reviewing, considering, and prioritizing your ideas.

Data, Data Everywhere... But Not a Drop of Insight

Like the sailor in Coleridge’s “The Rime of the Ancient Mariner,” who is surrounded by salt water that he cannot drink, many financial services professionals contend with similar challenges: data is all around them, but it’s not doing them much good. Firms need to drink deeply from their data, developing greater expertise not only at data discovery, but also at data valuation. Because at this point, data is the only true source of ompetitive differentiation.

Ransomware: How to Combat a Growing Threat to Your Organization

Ransomware is a serious threat to institutions of all kinds, resulting in mounting costs for organizations that must literally pay ransom to regain access to their essential systems. A ransomware attack takes place when a cybercriminal denies an organization access to the data it needs to conduct business, usually by encrypting the data with a secret key. The attacker then offers to reveal the encryption key in exchange for a payment. The payment can vary in amount or kind.

Keep Calm And Carry On Your Business Services

Businesses who operate along supply chains, like manufacturers, distributors, and retailers, have innovative systems and processes for predicting demand and keeping consumers satisfied. Until a crisis hits. When demand for essential SKUs spikes due to panic buying and fear-based hoarding, organizations in essential consumer categories can find themselves forced to make critical decisions without reliable information to base them on, significantly increasing their risk exposure.

Getting Started with Citrix in Splunk - [Part 1]

With most of the world on lockdown due to the COVID-19 virus, many aspects of IT services and digital transformation have been put into the fast lane. There are reports of massive surges in the use of tools such as Zoom, Microsoft Office 365, etc. in order to communicate and collaborate. At the same time organizations are required to scale up access to their internal applications.

Between Two Alerts: Phishing Emails - Don't Get Reeled In!

Potential attackers are really good at what they do. Security analysts see this firsthand with the amount of phishing emails their organizations see daily. A newly released State of the Phish report reveals that nearly 90% of organizations dealt with business email compromise (BEC) attacks in 2019. End users reported 9.2 million suspicious phishing emails globally for the year.

Understanding and Baselining Network Behaviour using Machine Learning - Part I

Managing a network more effectively has been something our customers have been asking us about for many years, but it has become an increasingly important topic as working from home becomes the new normal across the globe. In this blog series, I thought I’d present a few analytical techniques that we have seen our customers deploy on their network data to: Better understand their network and Develop baselines for network behaviour and detect anomalies.

Understanding and Baselining Network Behaviour using Machine Learning - Part II

A difficult question we come across with many customers is ‘what does normal look like for my network?’. There are many reasons why monitoring for changes in network behaviour is important, with some great examples in this article - such as flagging potential security risks or predicting potential outages.

Colonel Mustard in the Library with Microservices APM

As many of us are rediscovering an interest in board games, it feels relevant to make reference to Hasbro’s classic Clue. Understanding what’s going right or wrong in your sprawling digital business can feel a lot like a murder mystery: it was the authentication service in the east region with the memory exhaustion error. This analogy has a weakness when applied to modern operations. The Clue board game had 6 weapons, 6 suspects, and 9 rooms. That’s 324 combinations.

Sharing Code Dependencies with AWS Lambda Layers

The use of Serverless execution models is expanding extremely rapidly and cloud providers are continuing to enhance their platforms. Per Flexera’s “State of the Cloud” report: Leading this trend for the last two years, Amazon has released a few features that address AWS Lambdas’ pain points and make them a more feasible choice for large scale deployments consisting of numerous applications.

Stop the world, I want to get off. Oh! It stopped...

Sitting here in my home office reflecting the potential problems the world faces both in the short term and longer term, I can’t help but think back to my career before coming to Splunk. That time was spent on the ground working ‘in the real world’, maintaining the operational and security state of systems and networks. I can empathise with the huge pressures the entire IT chain from CIOs, CISOs, IT Managers and IT admins are under right now.

Zoom in on Security in a Remote Work World

Our world has been turned upside down by COVID-19. Whether it's strategically planning our grocery run decontamination process, or trying to keep the kids quiet for even one single moment while on a conference call — things are different. One very evident difference is the change in the way we meet with each other. And one technology enabling this change is Zoom.

Helping Your Remote NOC Teams Work Better Together

In light of COVID-19 related office closures, one thing we’ve seen and heard repeatedly is the “abandoned NOC.” People that are responsible for finding, escalating and resolving problems in your infrastructure and applications quickly are now having to work very differently. Two-minute hallway conversations are replaced with time-consuming emails, Slack, and virtual calls.

AIOps Without Training is Just...Ops

Algorithms are at the heart of the technologies we use in virtually every facet of our daily lives — formulas and processes that help us connect, solve problems and accomplish amazing things. Things like better speech recognition and landing an autonomous rocket on a drone ship, or giving us really great Netflix recommendations. But an algorithm is just a set of rules or a set of tasks to perform given a certain input.

Hunting COVID Themed Attacks With IOCs

This blog post is part twenty-four of the "Hunting with Splunk: The Basics" series. I've been dealing with viruses for years, but this is the first time I've written a blog post where we are dealing with actual viruses. Ever since the 2004 tsunami, I have witnessed cyber-baddies using current events to trick users into opening documents or clicking on links. The COVID-19 breakout is no different.

Splunk Rapid Adoption Packages - Part 2

In part 1 of the RAP blog we focused on an overview of Rapid Adoption Packages, Part 2 will now focus on the use case package specifics and how these can help with customer goals. With Rapid Adoption Packages Customers have the option to select a number of use cases which are specifically designed exactly to do this, there are currently 9 available use case packages and they include...

Monitoring Family Pickle Consumption with Splunk!

Recently, about a month after our public health crisis started in the US, I opened my mailbox. Inside was a printed public service announcement sent from the mayor of my little community northwest of Denver. It had cute graphics of cartoonish townsfolk wearing facemasks, and the content conveyed reasonable, folksy messaging about social distancing and sheltering in place.

Fraud Detection: WFH Leading to Increased BEC and Phishing Threats - What To Look For

A lot has changed in the past few weeks. And the percentage of us working from home (WFH) has increased tremendously. With increased WFH, we rely more on email communication, and this increases the opportunities for abuse by others. One thing that has stayed constant: bad people want to do bad things. As we have seen in the past, when one avenue of attack is restricted, the fraudsters redouble their efforts in other areas, and online fraud attempts are already increasing during our new normal.

Splunk Rapid Adoption Packages - Part 1

In September 2019 Splunk unveiled a number of new pricing options which included: In this blog, we are going to focus on RAP which is short for Rapid Adoption Packages. Rapid Adoption Packages are something Splunk has introduced to help customers get up and running with various use cases across both IT Operations and Security.

Top 10 Things Keeping CISOs Up at Night in 2020

Chief information security officers (CISOs) face no shortage of challenges. Expanding attack surfaces and complex cloud security environments have given rise to new advanced threats. Compliance regulations have become more rigorous and punitive. And while digital transformation accelerates the pace of doing business, its impact is often limited by budget restrictions and security talent gaps. At Splunk we talk to hundreds of CISOs every year. Here's what they told us they care about in 2020.

The Hitchhiker's Guide to the "Work from Home" Monitoring Galaxy

In these times of remote teamwork, the pressure on IT teams is at its peak. So how can you ensure teams function well and conditions are good when working remotely? How do you ensure that the IT Ops teams can support the business as per usual? VPN, office suite, critical applications, videoconference, etc. The list of priorities change, new business apps need to be added while your kids and their endless energy become your face to face office colleagues. :)

Recapping the Splunk for CMMC Solution Launch

On Wednesday, March 25th, we launched our Splunk for CMMC Solution with a webinar presentation to a diverse set of defense industrial base (DIB) participants and partners. As I discussed during the launch event, the Splunk for CMMC Solution provides significant out-of-the-box capabilities to accelerate organizations’ journeys to meet, monitor, track, and mature the cybersecurity practices required by the Cybersecurity Maturity Model Certification (CMMC).

Effective Collaboration a Must as Agency Leaders Maximize Telework

As Washington and the nation reel from the spread of COVID-19, public servants across the country are quickly adapting to the “new normal.” As described in OMB’s March 23rd memo to agency and department heads, harnessing technology to support mission continuity should be a priority.

Between Two Alerts: Easy VPN Security Monitoring with Splunk Enterprise Security

Welcome to the new world, my friends. Now that working from home is our new reality, we've found that many of our customers are taking a much closer look at the technology that binds us all together and allows us to access corporate resources: the humble VPN. In the spirit of enablement, I’ve put together a quick list of dashboards that can help add that extra bit of visibility for our faithful Splunk Enterprise Security customers.