Operations | Monitoring | ITSM | DevOps | Cloud

The first means to collect security-relevant information at Cloud SIEM Enterprise (CSE) was our Network Sensor. It was built to analyze network traffic and provide visibility beyond traditional SIEM's down to the network-level. Beyond organizing packets into flows, the sensor supports more advanced features such as decoding of common protocols, file carving, SSL certificate validation, OS fingerprinting, clustered deployment and more.

One of the practices being thrust into action right now is social distancing. As you would expect, this means millions of people around the world are working from home and this migration in the workforce is going to have a massive impact on the services IT practitioners must monitor and maintain in a virtual-first environment. We are already seeing reports of massive usage surges across tools like Zoom and outages in Microsoft Teams just as the COVID-19 pandemic pushes people to work from home.

As WFH usage surges, an increasing number of users will be connecting from home laptops over the internet into a Citrix server that could be hosted in a data center. This will likely put strains on licensing, internet bandwidth and server performance hosting the Citrix environment. These are all key areas that Splunk can monitor with various add-ons.

It was a cloudy winter morning when I had arrived at the office and found, to our horror, that a Kubernetes cluster was suffering from extremely high CPU and network usage and had become almost completely non-functional. To make things worse, restarting the nodes (the go-to DevOp solution), seemed to have absolutely no effect on the issue. Something was poisoning the network and we had to find out what it was and fast.

The evolution of Security Information and Event Management (SIEM) is deeply intertwined with cloud computing, both in terms of technological breakthroughs the cloud provided and from its inherent security challenges. With the rise of cloud computing, we no longer rely on long-lived resources. An ephemeral infrastructure obscures the identity of the components and, even if you do have the visibility it doesn’t necessarily mean you can comprehend the meaning behind the components.

Maybe you’re interested in finding out more about deep learning? Maybe your current ML analytics are running too slowly or crushing your CPU and RAM? Or perhaps your boss has told you that they need an AI-based app so they can show off to their boss (who will then brag about it to their boss)?

We’re happy to announce the beta availability of our new government region, AWS GovCloud (US East), for the Elasticsearch Service on Elastic Cloud. This new region is our first step in simplifying operations for Elastic users who handle government data as we work toward gaining a Moderate authorization for the Federal Risk and Authorization Management Program (FedRAMP).

When it comes to complex application integrations, RED monitoring provides a sensible and necessary common element to see how our systems are performing and to alert us to behavior which is detrimental to your customers and your business goals. So, what is RED? RED stands for rate, errors, duration and is an offshoot of the Google Golden Signals.

With more and more endpoints accessing your network remotely, you should expect rapid increases in VPN connections and usage, as well as exponential usage of cloud-based services. There are numerous Splunk apps that can help you increase the monitoring of remote endpoints but let’s showcase Splunk Security Essentials (SSE).