In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.

Digital transformation is accelerating at a staggering pace. Consider these statistics. In December 2019, Splunk partner Zoom had 10 million monthly active users. By the end of last year, that number was estimated to be closer to 300 million. It was part of an explosion of technological growth replicated across many industries and businesses in 2020. As Splunk CEO Doug Merritt said.

Splunk is a fantastic platform for ingesting, storing, searching and analysing data from logs, metrics and traces from a massive variety of sources. But does that mean we should ignore all of that data that doesn’t fall into these categories, like image and video data for example? Of course not!

I drive a 2005 Ford diesel pickup truck. Most of the time my truck runs great. But occasionally an orange light on the dashboard will flicker on to alert me that something is wrong. Unfortunately, there’s no information about what is wrong and why. My truck has a monitoring solution, but not an observability solution. In many cases, IT has the same problem as my truck.

If you want just to see how to find HAFNIUM Exchange Zero-Day Activity, skip down to the “detections” sections. Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.

When you have a team of security analysts that have a wide range of expertise, knowledge, and experience, it is natural to see the difference in the quality of work performed. One of the biggest challenges that security operation managers face when auditing the work performed is that some team members may execute different steps at different levels of rigor when investigating and remediating threats.

All the work presented in this blog post is open source and available as part of our Splunk Connect for Ethereum repository examples, including the instrumentation of Besu as a Docker container, the configuration of Splunk, and two applications showing how to monitor Besu syncing to the chain.

Hey there, The European Union Agency for Cybersecurity (ENISA) has recently published its NIS Investment report - a survey conducted on European organisations identified as Operator of Essentials Services (OES) and Digital Service Providers (DSP).

For anyone who works in cybersecurity, getting a tough job done with severely limited resources is all in a day’s work. But when funding allocations suddenly shift after essential programs are already under development, it can be hard for even the most creative, resilient CIOs and CISOs to keep up.