After a record-breaking Cyber Monday (with online sales soaring to $6.59 billion - a 16.8% increase over last year), Adobe is predicting that this will be the first-ever holiday season to surpass $100 billion in online sales. This is clearly fantastic news if you're in e-...
It's HTTPS Time
Do you need HTTPS?
Brute Force Attacks: Splunk Detection and Analytics
One of the longest-standing and most common challenges to both information security and web development teams is the brute force attack. Although this form of attack has been around for many years, it is still one of the most popular and widely used password-cracking methods. In terms of impact, brute force attacks are a very serious threat capable of affecting millions of accounts. If these attacks are not detected and addressed in a timely manner they can lead to theft of intellectual property and personally identifiable information, significant financial losses,...
Fighting Financial Fraud with Splunk
It comes as no surprise that as the banking industry is increasing its online presence, financial organizations are making fraud detection and prevention a top priority. Fraud can have a significant impact to organizations both financially and operationally. Of course, in addition to large monetary losses, damage to reputation and customer relations can also occur that further highlight the impact of fraud.
The ability for organizations to perform advanced analytics on their data is necessary to recognize and respond to patterns of fraud. Simply stated, quicker...
Cutting Risk in Half with Multi-Factor Authentication
We rely on usernames and passwords to access various systems throughout the technology world - from laptops to bank accounts, from cloud storage to blogs - our accounts are protected by these authentication mechanisms. It is easy to forget the importance of these account credentials, until it is too late - if a username and password are breached, an unauthorized user can erase, view, and copy highly sensitive data.
Our Whitepaper, Cutting Risk in Half, explores the different methods and real life examples of how much risk...
Splunking the Linux Audit System
For my last blog we discussed a Splunk topic geared towards the Windows side of the shop (Splunking Microsoft Windows Firewalls). So now it’s time to show some love to the Linux admins out there. More specifically, in today’s blog we will explore some tips for gaining insight into Linux audit logs using Splunk.
A little background on the Linux Audit System
The Linux Audit system provides a way to track security-relevant information on your...
Security Vulnerabilities - Who is to blame?
What used to be an occasional attack on celebrity computer systems, an occasional breach of security for major retailers, and even a rare glimpse into a government institution’s database, has become a common category of news. News and media outlets on regular hacks, breaches, and cyber attacks to celebrity cloud storage, major retail chains, and even recently, the U.S. Senate are constantly updating us. But, who is to blame for all of these attacks?
IT security, and therefore IT security data breaches rely not just on one resource for protection, but the combination of three: people...
Splunking Microsoft Windows Firewalls
Without exception, if you are an experienced security analyst, then you know the importance of firewall logs and the invaluable network traffic related data that they provide. Many of the key strategies of information security revolve around the network traffic of an organization and the rules that govern it. No matter the type of firewall, whether it is a hardware appliance or a software/OS level...
Troubleshooting the Splunk App for Enterprise Security
Welcome Splunkers! In this post, I'd like to talk about an issue I encountered recently when working on a Splunk App for Enterprise Security v2.2.1 (ES app) deployment and the approach I took in troubleshooting it. But before getting started, I'd like to congratulate Splunk and their Security Products team for winning the SC Magazine Award for "Best Security Information/Event Management (SIEM) Solution." Cheers to a job well done!
Passwords: Sharks Can Smell a Breach a Mile Away
2013 is not shaping up to be a banner year for Internet security. 2012 saw data breaches like 6.5 million LinkedIn password hashes leaked, 420,000 member accounts from social network Formspring, Yahoo! Voices more than 400,000 usernames and passwords, 1.5 million passwords from the online dating site eHarmony. Twitter is the latest system to suffer an embarrassing security breach with accompanying data loss. Approximately 250,000 accounts holders have had their usernames, email addresses, session tokens and encrypted/salted versions of passwords stolen. Twitter has been as proactive as...