Operations | Monitoring | ITSM | DevOps | Cloud

June 2021

Splunk Named Market Share Leader in ITOM and SIEM Reports

2020 was a challenging year for modern enterprises. In under a year, we experienced a decade's worth of transformation while a global pandemic raged on. And while the worst of COVID-19 will hopefully soon be behind us, the need to continuously transform our digital environment is unequivocally here to stay. We've already seen an example of this, thanks to a significant increase in data generated from across the business.

That's A Data Problem - The New Normal | Daniel Newman & Splunk's Kristen Robinson

The COVID-19 pandemic accelerated digital transformation directly impacting companies’ people strategies. As companies adjust to the new normal, leadership must keep human centricity, flexibility and employee well-being at the top of their agenda - putting people at the heart of the process. Tech Analyst Daniel Newman and Chief People Officer at Splunk, Kristen Robinson, discuss how to manage the new normal. The pair touches on culture, connectivity and how to prepare for the unexpected.

Art of Data: Bringing Data to Esports

You may have seen the announcement that Splunk and McLaren Racing have expanded their partnership, which sees Splunk as an Official Global Partner of the McLaren Shadow Esports team and the Logitech McLaren G Challenge. As a budding Esports fan and data enthusiast, it’s really exciting to see these two worlds collaborate and accelerate the virtual racing experience.

Microsoft 365: Are You Flying Blind...and at What Cost?

Many organizations today are migrating from on-prem solutions for email / calendar / communications to Microsoft 365. If this is you, this is your productivity cloud across work and life, designed to help you achieve more with innovative Office apps, intelligent cloud services, and world-class security.

Understanding Where You Fit in the Web Performance Maturity Curve

We all know that faster is better. Research and results clearly indicate that faster experiences with fewer errors result in increased usage, conversion, and revenue. With the desire to improve business metrics in mind, organizations often seek immediate improvements in customer experience across digital properties. However, without proper planning and coordination, these attempts consistently fail.

A day in the life of cybersecurity. Splunk customer stories of SOC-cess

We have a saying at Splunk. It goes something like “if you’re ever having a bad day, go and talk to a customer”. What organizations around the world are doing with their data and Splunk brings a huge smile and an eyebrow raising, positive “can’t quite believe you’ve done that” very-impressed nod of the head. That’s never more true than with our security customers.

What Top Brands Are Saying About Splunk Observability Cloud

Customers have had a lot to say about the new Splunk Observability Cloud since we announced general availability on May 5, 2021. For the first time ever, IT and DevOps teams can get all their data in one place with unified metrics, traces and logs — collected in real time, without sampling and at any scale. What makes Splunk Observability Cloud unique from other solutions? We’ll let our customers do the talking.

That's A Data Problem - How Do Security Programs Drive Business Results?

The sheer number of cybersecurity attacks against companies continues to grow, and with accelerated cloud transformation, IT teams are facing new challenges. To drive innovation and stay competitive, companies need to ensure they are using cloud securely, prioritizing a security first approach and mitigating risks to drive business results.

Why You Need Real-Time for Faster MTTR

“If you ain't first, you're last.” While that famous one-liner from Ricky Bobby (Will Ferrell) in the cult hit Talladega Nights is more joke than catchphrase, it hits home for those of us in the world of DevOps and Observability. Faster is better. And in our technology-driven world of online transactions and complex environments, faster isn’t just better — it’s crucial.

That's A Data Problem - Thriving in an Uncertain World | Daniel Newman & Splunk's Doug Merritt

The COVID-19 pandemic unveiled the importance of business resiliency. Moving forward, the case for prioritizing business resilience is beyond doubt. Leadership must leverage data and system resilience to meet new threats that could impact their business model and operations. Tech Analyst Daniel Newman and CEO of Splunk, Doug Merritt, discuss how to build business resilience focusing on data strategies, people-first leadership and investing to be ready for a future of uncertainty.

Understanding the DoD's Data Strategy: Part 2

Published in late 2020, the DoD Data Strategy emphasizes the importance of unlocking and operationalizing data-value from across its enterprise to support mission operations and maintain battlefield advantage. The strategy highlights seven goals and objectives that the DoD believes will align the DoD's Data Strategy with industry best practices.

How to Use Observability to Reduce MTTR

When you’re operating a web application, the last thing you want to hear is “the site is down." Regardless of the reason, the fact that it is down is enough to cause anyone responsible for an app to break out into a sweat. As soon as you become aware of an issue, a clock starts ticking — literally, in some cases — to get the issue fixed. Minimizing this time between an issue occurring and its resolution is arguably the number one goal for any operations team.

Is Operational Resilience in Financial Services actually just a data problem?

Operational resilience is currently a hot topic in Financial Services, largely because of the impact that COVID has had on how customers interact with financial institutions. Almost overnight, the financial services industry had to cope with a large volume of transactions moving to digital channels at the same time as its employees were forced to set up home offices so that they could continue to work remotely.

SOARing to the Clouds with Splunk SOAR

For years, security practitioners have kicked and screamed about their reality. There are too many alerts to fully investigate and manually resolve every day. There is a massive talent shortage of qualified security professionals across the globe. Then couple that with analyst burnout and siloed security point-products. All of these factors are preventing security operation centers (SOCs) from operating at their full potential, with increased efficiency, performance and speed.

Onboarding Data in Splunk Security Analytics for AWS

Splunk Security Analytics for AWS's new data onboarding wizard quickly takes you from subscribing to the service to visualizing your AWS environment. We’ll walk through the wizard in this video, and you’ll see how the new process can save you hours, days, or even weeks when compared to traditional data onboarding processes.

Detecting and Investigating Threats in Splunk Security Analytics for AWS

Splunk Security Analytics for AWS’s pre-built, AWS-specific detections and dashboards allow you to easily visualize your AWS environment and centralize your security analysis and investigations. We’ll walk through some of the offering’s key dashboards and detections in this video, as well as the investigation interface.

SOCtails Episode 4 - Respond Fast to Security Incidents with Automated Playbooks

Investigating and responding to phishing attacks is tedious and time-consuming. Kevin responds to phishing attacks by following a step-by-step manual process catalogued in his "Cybersecurity Playbook." Jeff shows Kevin an easier and faster way to respond using automated playbooks from Splunk SOAR (formerly known as Splunk Phantom).

Introducing the World's First Modern Cloud-Based SecOps Platform: Splunk Security Cloud

To say that the past year presented its fair share of cybersecurity challenges to the InfoSec community would be a drastic understatement. The rapid migration to remote work at scale left 80% of CIOs unprepared, and SecOps teams struggled to confront the evolving threat landscape with disparate toolkits and skill sets. Not to mention that as more organizations shifted to hybrid and multi-cloud environments at scale, cloud complexity (and cloud-based threats) skyrocketed.

Splunk Workload Pricing For the Win!

We at Splunk know that data drives better decisions. We see this with customers, and we live it every day in our own operations within Splunk. Running large cloud services across multiple cloud providers, we have to manage data policies and data processing needs against an increasing set of use cases, as well as the backdrop of regulatory, privacy and security frameworks.

Secure Factory: Time to Step Up for the Manufacturing Industry

The ongoing news of massive cyberattacks on manufacturing and energy companies has been a wake-up call. Operational Technology (OT) Security had not been on the radar of many CISOs and plant managers until they got hit. After reacting in a defensive mode last year it is time to step up with a proactive security strategy including OT. Secure Factory by Splunk helps manufacturing companies better understand and address their unique security challenges.

Understanding the DoD's Data Strategy: Part 1

As my colleague, Tim Frank, wrote about recently in his blog post, "The Department of Defense Data Strategy: An Important Start," in late 2020 the Department of Defense (DoD) released its new Data Strategy — providing focus and direction for the Department’s efforts to become data-centric at all levels of its enterprise.

Splunk SOAR Playbooks: GCP Unusual Service Account Usage

As organizations increase their cloud footprints, it becomes more and more important to implement access control monitoring for as many resources as possible. In previous playbooks, we have shown examples of AWS and Azure account monitoring, but the series would not be complete without also supporting Google Cloud Platform (GCP).

Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

What the Fastly Outage Can Teach Us About Observability

On Tuesday June 8th, the Content Delivery Network Fastly experienced an outage that made large swaths of the web unavailable for nearly an hour. To focus on the positive, this outage can serve as a wakeup call for Observability teams, because it shows how much modern sites depend on resources beyond their immediate control, and how hard it is to "observe" these kinds of issues with an incomplete Observability mindset.

Tales of a Principal Threat Intelligence Analyst

At Splunk, we’re constantly on the hunt for new and emerging threats — tirelessly developing detection techniques to zero in on bad actors, while sharing key intelligence around cybercrime activity. But because threat intelligence can relate to so many different things — ranging from spear phishing campaigns to dark web dealings — it can be a challenge to cover and define all the specifics of what (or who) to look out for.

Monitoring Kafka Performance with Splunk

Today’s business is powered by data. Success in the digital world depends on how quickly data can be collected, analyzed and acted upon. The faster the speed of data-driven insights, the more agile and responsive a business can become. Apache Kafka has emerged as a popular open-source stream-processing solution for collecting, storing, processing and analyzing data at scale.

Collecting Kafka Performance Metrics with OpenTelemetry

In a previous blog post, "Monitoring Kafka Performance with Splunk," we discussed key performance metrics to monitor different components in Kafka. This blog is focused on how to collect and monitor Kafka performance metrics with Splunk Infrastructure Monitoring using OpenTelemetry, a vendor-neutral and open framework to export telemetry data. In this step-by-step getting-started blog, we will.

EO, EO, It's Off to Work We Go! (Protecting Against the Threat of Ransomware with Splunk)

On June 2nd, 2021, the White House released a memo from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology. The subject? “What We Urge You To Do To Protect Against The Threat of Ransomware.” It outlines several recommendations on how to protect your organization from ransomware. The memo was a follow-up to President Biden’s May 12th Executive Order on Improving the Nation’s Cybersecurity Order (EO14028).

Understanding Splunk Phantom's Join Logic

If you’re an active Splunk Phantom user, it’s safe to assume you know what a playbook is. If not, here’s a quick summary: Phantom playbooks allow analysts to automate everyday security tasks, without the need for human interaction. Manual security tasks that used to take 30 minutes can now be executed automatically in seconds using a playbook. The result? Increased productivity and efficiency, time saved, and headaches avoided.