Many people are working from home (WFH) now and will be for at least the next few weeks. The VPN and TLS connections that remote workers rely on allow for secure access, and although these are not new connection types to monitor, the current WFH situation has created a significant increase in the number of these connections you must monitor. This new WFH scenario has made one thing easier: mobile users are no longer mobile.

As the responsibilities of the Security Operation Center (SOC) continue to increase, SOC teams are experiencing increased demand on their time and resources. Scaling a security team with little resources and funds can prove extremely difficult, especially when the incident response team spends most of their time chasing alerts.

Splunk is a tech company, which regularly gives us exposure to modern development practices, and the ability to implement them with our own technology. We want to share that with you. In this post, as part of a dogfooding series, I sat down with Ram Jothikumar, Head of Cloud Infrastructure & Operations for Observability at Splunk. Ram and I talk about how we support our SignalFx offering at scale, efficiently with resilience and reliability baked in.

Recently, my colleagues Ryan Kovar and Lily Lee created TA-covidIOCs, which is a Splunk TA designed for ingesting IOCs related to COVID-19. Per usual, I immediately saw this as an opportunity to hitch a ride on their coattails and benefit from their hard work. The product of this effort is a Splunk Phantom playbook uncreativly titled, "COVID-19 Indicator Check." The playbook is a simple, self-contained set of actions that takes MD5 file hashes, IPs, domains, and URLs as input.

Analyze both metric and event data on the same platform regardless of source or structure. With Splunk metric indexes, you can quickly and easily ingest, store, and analyze metrics — whether in the Analytics Workspace or with SPL — so you can deliver positive business results. Get the most value out of your data with Splunk.

It’s only taken me two years, but I’ve finally answered a question that I was asked by Derek King – “Can we use ML to detect botnets?” Thanks Derek, that was a pretty heavy question to be asked in your first week at Splunk, especially when you have no Splunk experience… You can judge the results here using the Botnet App for Splunk.

We are excited to announce that Splunk has partnered with AWS in launching a new AWS Service Ready program – Lambda Ready. This designation recognizes that Splunk provides proven solutions for customers to build, manage and run serverless applications. AWS Lambda Ready designation establishes Splunk as an AWS Partner Network (APN) member that provides validated integrations and proven customer success with a specific focus on observability and monitoring of Lambda Functions.

For many of us, the sudden en-masse work-from home revolution has been an unexpected challenge. Our normal work patterns have been upended, and we’ve traded our perfectly tailored ergonomic office setups for kitchen tables and sofas. Our routines and patterns have been thrown out the window. We may start feeling distant, isolated, and disconnected.

Google Cloud recently expanded the list of GSuite audit logs that you can share with your Cloud Audit Logs, part of your organization’s Google Cloud’s account. This is awesome news and allows administrators to audit and visualize their GSuite Admin and Login activity in Splunk real-time via the same method used to stream Google Cloud logs and events into Splunk, using the Google-provided Pub/Sub to Splunk Dataflow template.

In most of our blogs, we spend a TON of time going on about protecting our endpoints, looking at sysmon, checking the firewall, correlating IDS data and the like… Today, we're going to shift gears a bit and look at security from a different angle. Recently, there has been a tremendous focus on the shifting paradigm of a workforce that primarily resides in corporate offices, to a highly virtual workforce sitting at their kitchen tables.

When we made Splunk Remote Work Insights (RWI) available a few weeks ago, we knew we wanted to share the power of Splunk so any organization could use it to get insights on critical business activities and keep their remote workforces connected. We continue to receive a positive response from our customers and community, as many are leveraging the RWI dashboards and resources to help answer these key questions.

If you hadn't heard the term “this is the new normal” yet today, then you haven't been listening. While right now is not normal, current events have us all wondering how the work environment is going to change once we get there. There are a few things that we can expect: Having pipelines and applications that are observable is key to all of this.

The "Q1 2020: Splunk Ideas" blog is officially live! This blog post is the first in a quarterly series that aims to educate and deliver status updates on "Splunk Ideas." In this post, I will cover the history and goals of Splunk Ideas and supply some information about our initial success. Next quarter’s post will focus on the lifecycle of an Idea, with details on our internal process of reviewing, considering, and prioritizing your ideas.

Like the sailor in Coleridge’s “The Rime of the Ancient Mariner,” who is surrounded by salt water that he cannot drink, many financial services professionals contend with similar challenges: data is all around them, but it’s not doing them much good. Firms need to drink deeply from their data, developing greater expertise not only at data discovery, but also at data valuation. Because at this point, data is the only true source of ompetitive differentiation.

With most of the world on lockdown due to the COVID-19 virus, many aspects of IT services and digital transformation have been put into the fast lane. There are reports of massive surges in the use of tools such as Zoom, Microsoft Office 365, etc. in order to communicate and collaborate. At the same time organizations are required to scale up access to their internal applications.

Ransomware is a serious threat to institutions of all kinds, resulting in mounting costs for organizations that must literally pay ransom to regain access to their essential systems. A ransomware attack takes place when a cybercriminal denies an organization access to the data it needs to conduct business, usually by encrypting the data with a secret key. The attacker then offers to reveal the encryption key in exchange for a payment. The payment can vary in amount or kind.

Businesses who operate along supply chains, like manufacturers, distributors, and retailers, have innovative systems and processes for predicting demand and keeping consumers satisfied. Until a crisis hits. When demand for essential SKUs spikes due to panic buying and fear-based hoarding, organizations in essential consumer categories can find themselves forced to make critical decisions without reliable information to base them on, significantly increasing their risk exposure.

Potential attackers are really good at what they do. Security analysts see this firsthand with the amount of phishing emails their organizations see daily. A newly released State of the Phish report reveals that nearly 90% of organizations dealt with business email compromise (BEC) attacks in 2019. End users reported 9.2 million suspicious phishing emails globally for the year.

The use of Serverless execution models is expanding extremely rapidly and cloud providers are continuing to enhance their platforms. Per Flexera’s “State of the Cloud” report: Leading this trend for the last two years, Amazon has released a few features that address AWS Lambdas’ pain points and make them a more feasible choice for large scale deployments consisting of numerous applications.

Managing a network more effectively has been something our customers have been asking us about for many years, but it has become an increasingly important topic as working from home becomes the new normal across the globe. In this blog series, I thought I’d present a few analytical techniques that we have seen our customers deploy on their network data to: Better understand their network and Develop baselines for network behaviour and detect anomalies.

A difficult question we come across with many customers is ‘what does normal look like for my network?’. There are many reasons why monitoring for changes in network behaviour is important, with some great examples in this article - such as flagging potential security risks or predicting potential outages.

As many of us are rediscovering an interest in board games, it feels relevant to make reference to Hasbro’s classic Clue. Understanding what’s going right or wrong in your sprawling digital business can feel a lot like a murder mystery: it was the authentication service in the east region with the memory exhaustion error. This analogy has a weakness when applied to modern operations. The Clue board game had 6 weapons, 6 suspects, and 9 rooms. That’s 324 combinations.

Sitting here in my home office reflecting the potential problems the world faces both in the short term and longer term, I can’t help but think back to my career before coming to Splunk. That time was spent on the ground working ‘in the real world’, maintaining the operational and security state of systems and networks. I can empathise with the huge pressures the entire IT chain from CIOs, CISOs, IT Managers and IT admins are under right now.

Our world has been turned upside down by COVID-19. Whether it's strategically planning our grocery run decontamination process, or trying to keep the kids quiet for even one single moment while on a conference call — things are different. One very evident difference is the change in the way we meet with each other. And one technology enabling this change is Zoom.

In light of COVID-19 related office closures, one thing we’ve seen and heard repeatedly is the “abandoned NOC.” People that are responsible for finding, escalating and resolving problems in your infrastructure and applications quickly are now having to work very differently. Two-minute hallway conversations are replaced with time-consuming emails, Slack, and virtual calls.

In the past few weeks, financial firms and governments have had to build and launch websites in a hurry — for a multitude of reasons including the emergency loan programmes that have been backed by various governments around the world including the USA and Europe.

Algorithms are at the heart of the technologies we use in virtually every facet of our daily lives — formulas and processes that help us connect, solve problems and accomplish amazing things. Things like better speech recognition and landing an autonomous rocket on a drone ship, or giving us really great Netflix recommendations. But an algorithm is just a set of rules or a set of tasks to perform given a certain input.

This blog post is part twenty-four of the "Hunting with Splunk: The Basics" series. I've been dealing with viruses for years, but this is the first time I've written a blog post where we are dealing with actual viruses. Ever since the 2004 tsunami, I have witnessed cyber-baddies using current events to trick users into opening documents or clicking on links. The COVID-19 breakout is no different.

In part 1 of the RAP blog we focused on an overview of Rapid Adoption Packages, Part 2 will now focus on the use case package specifics and how these can help with customer goals. With Rapid Adoption Packages Customers have the option to select a number of use cases which are specifically designed exactly to do this, there are currently 9 available use case packages and they include...

Recently, about a month after our public health crisis started in the US, I opened my mailbox. Inside was a printed public service announcement sent from the mayor of my little community northwest of Denver. It had cute graphics of cartoonish townsfolk wearing facemasks, and the content conveyed reasonable, folksy messaging about social distancing and sheltering in place.

A lot has changed in the past few weeks. And the percentage of us working from home (WFH) has increased tremendously. With increased WFH, we rely more on email communication, and this increases the opportunities for abuse by others. One thing that has stayed constant: bad people want to do bad things. As we have seen in the past, when one avenue of attack is restricted, the fraudsters redouble their efforts in other areas, and online fraud attempts are already increasing during our new normal.

In September 2019 Splunk unveiled a number of new pricing options which included: In this blog, we are going to focus on RAP which is short for Rapid Adoption Packages. Rapid Adoption Packages are something Splunk has introduced to help customers get up and running with various use cases across both IT Operations and Security.

Chief information security officers (CISOs) face no shortage of challenges. Expanding attack surfaces and complex cloud security environments have given rise to new advanced threats. Compliance regulations have become more rigorous and punitive. And while digital transformation accelerates the pace of doing business, its impact is often limited by budget restrictions and security talent gaps. At Splunk we talk to hundreds of CISOs every year. Here's what they told us they care about in 2020.

As Washington and the nation reel from the spread of COVID-19, public servants across the country are quickly adapting to the “new normal.” As described in OMB’s March 23rd memo to agency and department heads, harnessing technology to support mission continuity should be a priority.

In these times of remote teamwork, the pressure on IT teams is at its peak. So how can you ensure teams function well and conditions are good when working remotely? How do you ensure that the IT Ops teams can support the business as per usual? VPN, office suite, critical applications, videoconference, etc. The list of priorities change, new business apps need to be added while your kids and their endless energy become your face to face office colleagues. :)

On Wednesday, March 25th, we launched our Splunk for CMMC Solution with a webinar presentation to a diverse set of defense industrial base (DIB) participants and partners. As I discussed during the launch event, the Splunk for CMMC Solution provides significant out-of-the-box capabilities to accelerate organizations’ journeys to meet, monitor, track, and mature the cybersecurity practices required by the Cybersecurity Maturity Model Certification (CMMC).

Welcome to the new world, my friends. Now that working from home is our new reality, we've found that many of our customers are taking a much closer look at the technology that binds us all together and allows us to access corporate resources: the humble VPN. In the spirit of enablement, I’ve put together a quick list of dashboards that can help add that extra bit of visibility for our faithful Splunk Enterprise Security customers.