Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.

WMI (Windows Management Instrumentation) is an actual standard to access and/or control Windows components, services and applications. With its query language (resembling the SQL used by many relational databases), WMI allows collecting information from multiple sources, so-called providers. However, this comes at a cost: running WMI query is a resource- and time-consuming operation (comparing to certain alternatives).

The Splunk Security Research Team has been working on new improvements and additions to the Splunk Attack Range, a tool that allows security researchers and analysts to quickly deploy environments locally and in the cloud in order to replicate attacks based on attack simulation engines. This deployment attempts to replicate environments at scale, including Windows, workstation/server, domain controller, Kali Linux, Splunk server and Splunk Phantom server.

AWS security is an ongoing battle that you must address during every release, every change, and every CVE. When you’re first launching your production application, it’s impossible to check all the boxes; you simply don’t have the time. Until your application gets more adoption, you only have the time to do the bare essentials of security.

As our enterprise customers build out large, multi-cluster Kubernetes environments, they are encountering an entirely new set of security challenges, requiring solutions that operate at scale and can be deployed both on-premises and across multiple clouds.

The cybercrime threatscape is constantly changing as hackers adapt and repurpose the use of many different types of tools and attack vectors, and a recent report by Kaspersky Lab indicates that the use of remote administration tools (RATs) has increased during 2018. RATs are commonly developed as legitimate software suites with bundled functionalities to support system administrators and other power users.

In this day in age, businesses rely heavily upon their website as a means of driving sales and reaching customers. It is usually the first point of contact between a potential customer and the business, and thus, it commands a level of investment. Because of this, it can be frustrating and upsetting to have one’s web page hacked and rendered useless.

Security configurations are security-specific settings used to secure heterogeneous endpoints such as servers, desktops, laptops, mobile devices, and tablets. As endpoints in your network diversify, securing each endpoint becomes a challenge. One way to ensure effective endpoint security is by automating it, which is where security configurations come into play. Security configurations are utilized to secure and control every facet of your network.

You don’t need us to tell you that fraud and financial crime is on the rise. A quick google search will give you endless stats to support this claim. Fraud losses are increasing as a percentage of revenue, and that direct impact on the bottom line isan area of laser focus for senior execs.

In a previous blog post I discussed the complexity of securing Kubernetes environments, and some best practices. Unfortunately, even if we follow best practices in setting up and configuring our system, we can never eliminate all the vulnerabilities.