Operations | Monitoring | ITSM | DevOps | Cloud

February 2021

Defense Department Cybersecurity: All Ahead on Zero Trust

With the Defense Department’s quick and successful pivot to a remote workforce last Spring via its Commercial Virtual Remote (CVR) environment, it proved that the future to fully operate from anywhere in the world is now. Gone are the days of thousands of civilian employees heading into the Pentagon or other installations everyday. However, with this new disparate workforce comes increased risks for network security. As my colleague Bill Wright expertly noted last Summer.

Security Spotlight: Ryan Kovar

Splunk is home to some of the best security minds that this industry has to offer. Once a month we’ll take a deep dive and have a chat with one of those minds. First up, Distinguished Security Strategist and co-creator of the Boss Of The SOC, Ryan Kovar. With 20 years of experience in the security space, we’ll have a lot to chat about over the course of an hour.

Dear CISO

As security practitioners, we all have things we want to be able to tell our CISO’s. We need to tell them we need more money, more headcount, we need to be able to tell them their baby (security program) is ugly. Everyone wants the ear of a CISO for the dollars they control. We just want their ear to help them understand what’s really going on in the industry and in their organization.

It Came From The Clouds

Beware that which lives amongst the Clouds. Or, ya know, just attack them mercilessly. One of the best parts about having such talented security pros at Splunk, is they also make amazing products. And some are even free. Enter the Cloud Attack Range, a detection development platform written/maintained by Splunkers Jose Hernandez and Mike Haag and open-sourced to everyone. Joining us will be Co-Founder of Red Canary Keith McCammon. Red Canary integrates with Attack Cloud to help generate attack data. It’s a true community project and we’re going to chat about it.

I Wish Someone Had Squished That Phish

It’s long since been established that it’s not if a breach will occur in your enterprise, it’s when. Are you prepared for that response? As Dave Kennedy, CEO of TrustedSec once asked a Brrcon audience, “If all you had was Sysmon, could you still do a successful IR?” Best practices are only best if you actually practice them. Along with Robert Wagner, Staff Security Specialist at Splunk, we’ll talk about ways to get your teams to their fighting weight when the bad guys sneak in through the basement.

Splunking AWS ECS Part 2: Sending ECS Logs To Splunk

Welcome to part 2 of our blog series, where we go through how to forward container logs from Amazon ECS and Fargate to Splunk. In part 1, "Splunking AWS ECS Part 1: Setting Up AWS And Splunk," we focused on understanding what ECS and Fargate are, along with how to get AWS and Splunk ready for log routing to Splunk’s Data-to-Everything platform.

A Path to Proactive Security Through Automation

The sheer number of cyberattacks launched against organizations every year is massive and growing. If you’re a security analyst working in a SOC or security team, tasked with defending your organization, that means you’re getting bombarded by many more attacks than the recorded numbers above would suggest. These attacks translate into security alerts — fired from your various security tools — that you must investigate and resolve.

Advanced Link Analysis: Part 1 - Solving the Challenge of Information Density

Link Analysis is a data analysis approach used to discover relationships and connections between data elements and entities. This is a very visual and interactive technique that can be done in the Splunk platform – and is almost always driven by a person, an analyst or investigator, to understand the data and discover necessary insights specific to the business problem at hand.

Introducing Splunk OpenTelemetry Java Lambda Wrapper

AWS Lambda has become a core technology in the shift to cloud-native application development, eliminating infrastructure management and fixed costs. But there are trade-offs with serverless environments. Not having access to the production infrastructure can make debugging difficult and there are a lot of moving parts, adding distributed complexity. Monitoring serverless functions in production requires observability beyond CloudWatch logs and metrics.

Threat Hunting With ML: Another Reason to SMLE

Security is an essential part of any modern IT foundation, whether in smaller shops or at enterprise-scale. It used to be sufficient to implement rules-based software to defend against malicious actors, but those malicious actors are not standing still. Just as every aspect of IT has become more sophisticated, attackers have continued to innovate as well. Building more and more rules-based software to detect security events means you are always one step behind in an unsustainable fight.

Creating a Fraud Risk Scoring Model Leveraging Data Pipelines and Machine Learning with Splunk

According to the Association of Certified Fraud Examiners, the money lost by businesses to fraudsters amounts to over $3.5 trillion each year. The ACFE's 2016 Report to the Nations on Occupational Fraud and Abuse states that proactive data monitoring and analysis is among the most effective anti-fraud controls.

Splunking AWS ECS Part 1: Setting Up AWS And Splunk

It’s no secret that Amazon Web Services is a powerhouse Cloud provider, and one of the market pioneers in Cloud operations. They do, after all, power some of the world’s biggest and most modern systems we all use and love today. It’s natural then that they attract a lot of users both big and small to deliver high quality and effective solutions. With growing user demand comes the need for new methods of visibility and intelligence.

Levelling up your ITSI Deployment using Machine Learning

Here at Splunk we’re passionate about helping our customers get as much value from their data as possible. Recently Lila Fridley has written about how to select the best workflow for applying machine learning and Vinay Sridhar has provided an example of anomaly detection in SMLE.

DoD's Cyber Posture: A Focus on Automation

The importance of the security of the Department of Defense’s (DoD’s) networks is no secret (well, of course a lot of it is secret!). This is evidenced by the Department’s IT/cybersecurity budget request that annually tops $40 billion dollars. Last year’s IT and Cyberspace Activities Budget Overview perhaps said it best.

Smarter Noise Reduction in ITSI

Maybe you have used the previous blog post about generating smarter episodes in ITSI using graph analytics and want to know what else you can apply ML to. Maybe you’re still swamped in alerts even after using the awesome content pack for monitoring and alerting. Maybe your boss has told you to go read up on AIOps…. Whatever the reason for finding yourself here this blog is intended to help you identify the “unknown unknowns” in your alert storms.

Ringing In the New Year With Splunk and Microsoft: Three New Integrations

Like champagne and party hats, Splunk and Microsoft just go together. Here at Splunk, one of our New Year’s resolutions is to continue to empower our customers with data — in this case, Microsoft data. From cloud, to security, to troubleshooting, we’re back with the latest round of new integrations designed to help you do more with Splunk and Microsoft.

Visual Link Analysis with Splunk: Part 3 - Tying Up Loose Ends

In my previous Link Analysis blogs, "Visual Link Analysis with Splunk: Part 1 - Data Reduction" and "Visual Link Analysis with Splunk: Part 2 - The Visual Part," I used techniques that work well when we have a controlled data set. However, as we know, real data can be messy. When analyzing links in fraud data, the data can be very noisy. Let’s say we want to use IP addresses for link analysis in the Splunk platform. It is not unusual for two people to share an IP address.

Smarter Root Cause Analysis: Determining Causality from your ITSI KPIs

Root cause analysis can be a difficult challenge when you are troubleshooting complex IT systems. In this blog, we are going to take you through how you can perform root cause analysis on your IT Service Intelligence (ITSI) episodes using machine learning, or more specifically causal inference. The approach shown here is included in the Smart ITSI Insights app for Splunk, with this blog largely detailing how to use the ITSI Episode Analysis dashboard.

How Operators Build Operational Excellence with Modern Data Platforms Splunk

Enhancing the customer experience and boosting revenue with the power of analytics are key concepts for telecom operators in today’s ultra-competitive business environment. Many telecoms are going through transformation of their system architectures and stacks to change how they operate and manage their day to day operations as well as their strategies and planning for what comes next.

Smarter ITSI Episodes Powered by Community Detection Algorithms

In this blog we are going to describe how you can create a notable event policy in IT Service Intelligence (ITSI) that is able to group your events using labels generated by unsupervised machine learning in the Smart ITSI Insights App for Splunk – and don’t worry you don’t have to be a data scientist to read this blog!

AWS Distro for OpenTelemetry - Now with Splunk Observability Support!

Back in October, we announced the Splunk OpenTelemetry Collector Distribution, which offered the industry’s first production-ready support for OpenTelemetry. This distribution is the recommended way that customers of Splunk’s award-winning observability products capture metrics and traces.

Next Level Automation: What's New with Splunk Phantom

Splunk Phantom 4.10 introduced many new enhancements, including the ability to develop playbooks in Python 3. In fact, Python 3 is now the default for Splunk Phantom playbooks. In doing so, we needed to create two different “playbook runners” to ensure we could continue to support playbooks written in Python 2.7 while also supporting Python 3.

Visual Link Analysis with Splunk: Part 2 - The Visual Part

In part one of the "Visual Analysis with Splunk" blog series, "Visual Link Analysis with Splunk: Part 1 - Data Reduction," we covered how to take a large data set and convert it to only linked data in Splunk Enterprise. Now let’s look at how we can start visualizing the data we found that contains links. Why, you may ask, when we just developed a nice table of data that shows us links? Tables of data don’t always work well if you have more than one page of data.

Detecting Credit Card Fraud Using SMLE

Organizations lose billions of dollars to fraud each year. For instance, the financial services sector projects losses to reach $40 billion per year in the next 5-7 years unless financial institutions, merchants, and consumers become more diligent about fraud detection and prevention. Splunk delivers integrated enterprise fraud management software that quickly defines behavior patterns and protects enterprise information from malicious actors.