When Splunk told me we would have a “breach holiday” theme for the summer, I didn’t think it would be quite so on the nose… For those of you who have been working on this Kaseya REvil Ransomware incident over the weekend, I salute you. We’ve been doing the same. As usual, my team here at Splunk likes to make sure that we have some actionable material before posting a blog, and this time is no different.

AI monitoring technologies have the potential to introduce significant cost savings for CSPs. Based on machine learning and fully autonomous, these monitoring solutions provide high ROI by dramatically reducing Time to Detection (TTR), Time to Resolution (TTR), the total number of alerts, and the number of false positives and negatives.

JWT stands for JSON Web Token, is a famous technology that comes with its own controversy. Few people find it quite beneficial, while others feel one must never use it. Nonetheless, in this article, we shall discuss the reason behind this controversy, understand JWT in detail, and when and why one must use it. We'll cover the following section in this blog. JWT (JSON Web Token) authentication is a process or method used to verify the owner of JSON data.

I have often joked that IT, and in particular cybersecurity, is like fashion — not a lot is ever new, just reimagined and, in some cases, improved. As I sit pondering the beauty of my COVID-19 comb-over mullet, I have found myself thinking about how this fashion analogy applies to zero trust.

On Monday, June 21st, Microsoft updated a previously reported vulnerability (CVE-2021-1675) to increase its severity from Low to Critical and its impact to Remote Code Execution. On Tuesday, June 29th, a security researcher posted a working proof-of-concept named PrintNightmare that affects virtually all versions of Windows systems. Yesterday, July 1, Microsoft assigned this flaw a new CVE, CVE-2021-34527.

For our latest expert interview on our blog, we’ve welcomed cybersecurity specialist Tom Kirkham to share his wealth of experience on the topic of cybersecurity. Tom is the founder and CEO of IronTech Security, a managed security service provider (MSSP) that focuses on educating and encouraging law firms, court systems, water utilities, and financial firms to establish a security-first environment with cybersecurity training programs for all workers to prevent successful attacks.

Security teams have the tough job of monitoring and securing every single workload in each cloud and for workloads in the development pipeline. Inevitably, these processes wind up being a bottleneck from the developer’s perspective, and developers get frustrated. Understandably, developers feel like security is simply making their jobs harder. But, on the other hand, security teams feel like they’re powerless to provide full coverage.

The ability for security teams to integrate threat data into their operations substantially helps their organization identify potentially malicious endpoint and network events using indicators identified by other threat research teams. In this blog, we’ll cover how to ingest threat data with the Threat Intel Filebeat module. In future blog posts, we'll cover enriching threat data with the Threat ECS fieldset and operationalizing threat data with Elastic Security.