This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).

The news of the “Sunburst Backdoor” malware delivered via SolarWinds Orion software has organizations choosing to shut down Orion to protect themselves. This includes several U.S. government organizations following the recent CISA guidance. If you are considering a similar response in your own environment, a critical next step is quickly restoring the lost visibility to the health and operations of your infrastructure.

Sematext Logs is a Log Management-as-a-service. Think of it as your own central location for logs in the cloud. If you prefer or need to keep logs in your own environment instead of shipping it to the cloud Sematext Enterprise, designed to run on your own infrastructure, makes that possible. You can collect logs from any part of your software stack or infrastructure, IoT devices, network hardware, and much more.

This week, the world stopped for a few hours as Google users experienced an outage on a massive scale. The outage affected ALL services which require Google account authentication. This includes the Google Cloud Platform (Cloud Console, Cloud Storage, BigQuery, etc.), Google Workspace (Gmail, Calendar, Docs, Drive, etc.) and Google Classroom. With the myriad of affected platforms, this particular outage was far from passing by unnoticed by users.

We are delighted to announce that Elastic Cloud on Kubernetes (ECK), the official Elastic Operator, is now a Red Hat OpenShift Certified Operator. The operator helps make it easier to deploy and automate Elasticsearch, Kibana, APM Server, Beats, and Enterprise Search in your OpenShift environment.

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.

The FireEye breach on Dec 8, 2020, was executed by a “nation with top-tier offensive capabilities.” These hackers got a hold of FireEye’s own toolkit, which they can use to mount new attacks globally. What does this mean for you? Mandiant is a leading Red Team/Penetration Testing company with a highly sophisticated toolkit, called the "Red Team tools." These are digital tools that replicate some of the best hacking tools in the world.

The Well-Architected Tool is a new AWS service that compares the state of your workloads with AWS architectural best practices. Splunking your workload state and improvement recommendations will give you better insights into your applications as well as best practices to follow along your cloud journey. The Well-Architected integration in Grand Central will give you workload insights broken down by the following 5 pillars.

We’re happy to announce that we’ve successfully completed PCI (Payment Card Industry Data Security Standard) Service Provider Certification. This means that at Logit.io we are committed to the security of storing, processing and transmitting credit card transactions.

Yesterday, FireEye published a report about a global intrusion campaign that utilized a backdoor planted in SolarWinds Orion. Attackers gained access to the download servers of Orion. They managed to infect signed installers downloaded by Orion users who had all reason to believe that the packages are safe and had not been tampered with. With this information out in the world, teams are scrambling to investigate if their environments are affected by this breach.