Fall brings certain things annually: leaves falling, pumpkin spice, and cybersecurity awareness. Looking back at the past nine months, cybersecurity awareness is more important now than at any other time in history.
October marks Cybersecurity Awareness Month, an initiative that has been observed annually since 2004, when it was launched by the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA). The goal was to raise awareness about the importance of cybersecurity across both the public and private sectors. Initially, it focused on encouraging individuals and businesses to implement basic security measures, but over the years, it has evolved to address the growing complexity of cyber threats and the need for a more comprehensive, collective approach to digital safety.
This year, as we reflect on the progress made over the past two decades, the theme of resilience stands out as critical. Cyberattacks have become more frequent and sophisticated, making it clear that prevention alone is not enough. In this ever-changing digital landscape, resilience is key—not just protecting against attacks, but being prepared to detect, respond to, and recover from them. Whether it's through regular software updates, training employees on the latest threats, or developing a thorough incident response plan, the focus of Cybersecurity Awareness Month is on fostering a proactive and resilient cybersecurity culture. At SURGe, we are constantly keeping tabs on threat landscapes, industry trends, and of course – wombats (our team mascot). It has been quite a busy year, and we’re super proud of the content we’ve created. Let’s take a look at some of our work from earlier this year:
SURGe analyzed 140,000 Chrome browser extensions to review the security risks for every extension publicly available in the Chrome Web Store. We closely examined the permissions, authentication scopes, and other static attributes of the extensions to determine if they adhere to standard safety and privacy practices, and to identify the potential security risks to users and developers. The team created a framework to score extensions using different features they contain, including an adjustable risk threshold based on user-defined criteria. Using these same technical attributes of Chrome extensions, we created a model-assisted threat hunting approach to identify potential masquerading extensions.
What about observability you ask? We’ve got you covered. SURGe published three blogs that explain how observability tools can benefit security teams. These use cases include:
We also released work on developing a focused approach to securing Large Language Models (LLMs) by combining Splunk’s capabilities with the OWASP foundation’s Top 10 principles tailored for LLM applications. We addressed LLM-specific vulnerabilities, such as Prompt Injection and Sensitive Information Disclosure, and demonstrated mitigation strategies. The core methodology involves integrating Splunk to collect and analyze LLM interaction data, enabling near real-time threat detection and response. We showcased Splunk's role in identifying these risks and providing actionable insights, using both traditional statistical analysis and machine-learning techniques.
The SURGe team surveyed the threat hunting community to determine if there were common tasks that everyone is performing, what resources are being used, and how these could align with a framework like PEAK. The results of our survey show that data is king. Analysis, validation, and hygiene are not just everyday tasks — these tasks are the heart and soul of threat hunting.
We also wanted to know how threat hunters worked together, and if they have already adopted a threat hunting framework in their teams. More than three quarters of respondents said that they were using one of the existing frameworks, or had developed their own. Collaboration, both during and after the hunt, is crucial to success, with ticketing systems, document shares, and wikis emerging as the key tools for teams to keep track of their hunting.
Recognizing the need for threat hunting to evolve, and utilizing the expertise of SURGe team members alongside Splunk’s own internal threat hunting team, SURGe built on existing frameworks to develop the PEAK Threat Hunting Framework, a vendor-agnostic, customizable approach.
The framework is designed to help organizations create or refine their threat hunting programs to keep up with adversaries and drive continuous improvement across their entire security posture. If you’re interested in learning more about PEAK, the team put together a comprehensive, free e-book that you can download.
Did I mention The Security Detail? Now in Season 3 – be sure to check out fantastic interviews with cybersecurity experts that dive deep into today’s security topics. You can listen on Podbean, Apple, Spotify, or wherever you find your podcasts. Recent interview guests include:
In the coming weeks, we’ll release a series of blogs to make you even more cyber aware, and highlight some of the team’s latest projects – stay tuned!
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.