ABC’s of Splunk Part Twelve: Protect yourself against Ransomware and Kernel-mode Malware

Protecting your Windows Environment from Kernel-mode Malware As we were looking to better protect the Windows environments from Ransomware, we quickly realized that very few security technologies have visibility into kernel-mode malware behavior. This type of malware has equal or even higher privileges than most security tools. Thus, attackers can essentially take safe refuge in […]

ABC’s of Splunk Part Eleven:Ransomware and the Pyramid of Pain

Since the beginning of the COVID-19 lockdown, we have witnessed an astonishing amount of attacks launched against remote workers. More and more companies have begun to pay perpetrators through a financial windfall that have allowed them to add more programmers to launch even more sophisticated attacks. Ransomware has become a full-on war than a skirmish. […]

ABC’s of Splunk Part Nine: Reduction of Attack Surface Area

For this post, we take a little side trip to explore Splunk as a tool for early identification of areas vulnerable to attacks so we can reap the benefits of all our learnings and extract valuable information as to what makes Splunk powerful from a SIEM perspective. Please revisit our previous posts if you would like […]

ABC’s of Splunk Part Seven: Basics of Search

Now that you have some knowledge from our previous blogs, you are now ready to start your journey to become a Splunk Ninja! For the next six blogs, we are going to focus on Search starting from the basics and moving into advanced correlation and detection. Let’s begin… Splunk uses Search Processing Language, commonly known […]

Splunk 2020 Predictions

Around the turn of each new year, we start to see predictions issued from media experts, analysts and key players in various industries. I love this stuff, particularly predictions around technology, which is driving so much change in our work and personal lives. I know there’s sometimes a temptation to see these predictions as Christmas […]