Cybersecurity Awareness Is Not Just for Spooky Season

Fall brings certain things annually: leaves falling, pumpkin spice, and cybersecurity awareness. Looking back at the past nine months, cybersecurity awareness is more important now than at any other time in history. 

October marks Cybersecurity Awareness Month, an initiative that has been observed annually since 2004, when it was launched by the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA). The goal was to raise awareness about the importance of cybersecurity across both the public and private sectors. Initially, it focused on encouraging individuals and businesses to implement basic security measures, but over the years, it has evolved to address the growing complexity of cyber threats and the need for a more comprehensive, collective approach to digital safety.

This year, as we reflect on the progress made over the past two decades, the theme of resilience stands out as critical. Cyberattacks have become more frequent and sophisticated, making it clear that prevention alone is not enough. In this ever-changing digital landscape, resilience is key—not just protecting against attacks, but being prepared to detect, respond to, and recover from them. Whether it's through regular software updates, training employees on the latest threats, or developing a thorough incident response plan, the focus of Cybersecurity Awareness Month is on fostering a proactive and resilient cybersecurity culture. At SURGe, we are constantly keeping tabs on threat landscapes, industry trends, and of course – wombats (our team mascot). It has been quite a busy year, and we’re super proud of the content we’ve created. Let’s take a look at some of our work from earlier this year:

Browser Extension Risk Analysis

SURGe analyzed 140,000 Chrome browser extensions to review the security risks for every extension publicly available in the Chrome Web Store. We closely examined the permissions, authentication scopes, and other static attributes of the extensions to determine if they adhere to standard safety and privacy practices, and to identify the potential security risks to users and developers. The team created a framework to score extensions using different features they contain, including an adjustable risk threshold based on user-defined criteria. Using these same technical attributes of Chrome extensions, we created a model-assisted threat hunting approach to identify potential masquerading extensions.

Observability + Security

What about observability you ask? We’ve got you covered. SURGe published three blogs that explain how observability tools can benefit security teams. These use cases include:

• How Splunk Observability Cloud can provide great visibility for security incident response. 
• How you can use traces to see directly into the workings of an application to find a potential threat. 
• How you can use observability data sources to build a baseline as part of implementing the PEAK threat hunting framework.

Securing Large Language Models

We also released work on developing a focused approach to securing Large Language Models (LLMs) by combining Splunk’s capabilities with the OWASP foundation’s Top 10 principles tailored for LLM applications. We addressed LLM-specific vulnerabilities, such as Prompt Injection and Sensitive Information Disclosure, and demonstrated mitigation strategies. The core methodology involves integrating Splunk to collect and analyze LLM interaction data, enabling near real-time threat detection and response. We showcased Splunk's role in identifying these risks and providing actionable insights, using both traditional statistical analysis and machine-learning techniques.

Threat Hunting!

The SURGe team surveyed the threat hunting community to determine if there were common tasks that everyone is performing, what resources are being used, and how these could align with a framework like PEAK. The results of our survey show that data is king. Analysis, validation, and hygiene are not just everyday tasks — these tasks are the heart and soul of threat hunting. 

We also wanted to know how threat hunters worked together, and if they have already adopted a threat hunting framework in their teams. More than three quarters of respondents said that they were using one of the existing frameworks, or had developed their own. Collaboration, both during and after the hunt, is crucial to success, with ticketing systems, document shares, and wikis emerging as the key tools for teams to keep track of their hunting.

Threat Hunting… with PEAK!

Recognizing the need for threat hunting to evolve, and utilizing the expertise of SURGe team members alongside Splunk’s own internal threat hunting team, SURGe built on existing frameworks to develop the PEAK Threat Hunting Framework, a vendor-agnostic, customizable approach. 

The framework is designed to help organizations create or refine their threat hunting programs to keep up with adversaries and drive continuous improvement across their entire security posture. If you’re interested in learning more about PEAK, the team put together a comprehensive, free e-book that you can download.

Podcast!

Did I mention The Security Detail? Now in Season 3 – be sure to check out fantastic interviews with cybersecurity experts that dive deep into today’s security topics. You can listen on Podbean, Apple, Spotify, or wherever you find your podcasts. Recent interview guests include: 

• Tom Marsland, board chair of VetSec
• Liz Wharton, founder of Silver Key Strategies 
• François Delerue, assistant professor of law at IE University
• Tanya Janca, head of community and education at Semgrep

What’s Next?

In the coming weeks, we’ll release a series of blogs to make you even more cyber aware, and highlight some of the team’s latest projects – stay tuned!