Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Staff Picks for Splunk Security Reading January 2021
By
Ryan Kovar
|
Howdy, folks! A new month, so a new list of security picks! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes...they get lost! So as we promised in early 2018, we are bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read.
Check out our monthly staff security picks and our all-time best picks for security books and articles. I hope you enjoy.
|
Consider all outcomes before taking a step, and spend your life on one leg. |
Advanced Painting with Data: Choropleth SVG by Splunk's Ryan O'Connor This is a little bit of a different security pick for me. Years and years ago, when I was still a Splunk customer, I was desperate to get D3 visualizations going in Splunk. At the time, Splunk legend Nate McKervey was my PS consultant, and we hounded him for years on the subject! Eventually, a now deprecated feature called escape hatch was developed, which gave me the flexibility that I needed to do D3 OUTSIDE of Splunk, but I still yearned for sexy SVG viz inside of Splunk. The recent work done by the UI/UX team at Splunk shows how this is possible! This excellent blog by Ryan O'Connor at Splunk gives some great examples of the new SVG capabilities and links back to the Splunk Dashboard Example app. If you haven't dusted off your Stephen Few and Edward Tufte books for a couple of years, I recommend you do so and start making Security visualizations! I'm now itching to make an org tree image and having the "gauge" fill up the business units to show their patching levels! Imagine walking into a SOC and seeing that! |
|
Expect the worst, it's the least you can do. |
Not your grandparent's watering hole... by Dan Goodin When discussing hacks and attacks, we often think of the malware, vulnerability or the aftermath. One aspect that often gets overlooked is the reconnaissance an adversary does to make sure they hit their intended target. The recent hacking operation detailed by Google Project Zero, utilized a watering-hole attack and four zero-day exploits to hit their targets. A watering-hole attack is when an adversary compromises a website that they believe their target will visit, with the objective of infecting the target when it does visit the site. The exploit chains used in this specific attack are impressive, and the research team does a good job of detailing the exploits. Be aware that an adversary will do their research to determine how to attack you (what sites you visit, who you are connected to on LinkedIn, what OS's you use, etc), and that by limiting the data available to them, it makes you a harder target. |
|
People are noticing you! Try wearing pants more often. |
The Mac Malware of 2020 by Patrick Wardle The fact that we can have an article titled, "Mac Malware of 2020" and it be readable in twenty minutes means two things. First, Macs have held up well under the assault of malware writers, and second Macs are not invulnerable to malware. If you've been voluntold to start monitoring Macs at your workplace, there is a dearth of material available. Luckily, Patrick Wardle has stepped in and done an amazing job of documenting the threats to the platform and how to find and defend against them. |
|
You are 192,239th in line for COVID Vaccine |
CrowdStrike Services Cyber Front Lines Report by Crowdstrike This year end report snuck out at the end of December 2020, but with the Solorigate efforts, holidays and the like, this may have gotten overlooked and I couldn't let that happen, so my pick for January is the Crowdstrike Service Cyber Front Lines Report. I will preface that Crowdstrike will prompt you for an email address to gain access to the report, but I found the report to be interesting and useful. Basically, this report takes outcomes and findings from their previous year's incident response engagements and discusses those findings thematically and then looks ahead to the coming year. A couple of key stats that I found interesting included the dwell time of the adversary is down to 79 days, with some organizations getting down to a week but others going longer than six months! Another interesting data point is that 68% of organizations encountered another sophisticated intrusion attempt in the next year. Crowdstrike rolls these findings into six themes to think about in the coming year with some thoughts about how to take action to counter these challenges. Like any report, you might read a section, and say, yeah I knew that, but in terms of looking at a broader set of incident response engagements and looking for themes and ideas of where to improve your security posture, this one is a good one to check out! |
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
