Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Staff Picks for Splunk Security Reading July 2019
By
Ryan Kovar
|
Howdy, folks!
A new month, so a new list of staff picks for Splunk security reading! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes... they get lost! So as we promised in early 2018, we're bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read.
For more reading, check out our monthly staff security picks and our all-time best picks for security books and articles! I hope you enjoy.
|
We are writing this |
I'll be clear: I hate math. I couldn't Pythagoras my calculus if you dropped a hypotonus on my head. However, as I have progressed in my cybersecurity career, I have continually been reminded that the best way to find the "known unknown" is looking for outliers. And apparently, the best way to do that is using (audible huffing noise)... math. Several years ago, I began on a path of self-education that started with learning basic statistics. Something I managed to sleep through and avoid in high school. After several false starts, I ended up consuming this free opensource textbook. If you work in cybersecurity, you absolutely should have a solid understanding of at least basic statistics, and this is the book that can help you get there. |
|
while creating |
Joint Task Force -- Computer Network Defense: 20 Years Later edited by Michael Martelle I enjoy history as it often provides a view into how we arrived where we are today. When I came across this, I thought this would be a nice posting to direct your attention to if you enjoy history in the cyber domain. Jason Healey and Karl Grindal donated documents to the National Security Archive at George Washington University that focus on the evolution and development of Department of Defense-wide defensive cyber capabilities based on these two events; Eligible Receiver and Moonlight Maze. That organization is now known as US CyberCommand. In the archive, 17 documents show the struggle of establishing responsibilities in what was then a new domain. An exciting set of docs that provides some insight into how the DoD has embraced defensive cyber. |
|
BOTS 4.0. So people didn't contribute as much |
How to get started with Threat Modeling, before you get hacked by Alex Wauters We talk a lot about automating phishing and malware investigations with Splunk Phantom, but over the last few weeks, I've been talking with several people about what they want to build for their next use cases. Although everyone agrees that automating these processes is great, we sometimes run into an issue where we may not know what to automate or more importantly, what our process is. This is where we start to discuss threat modeling and what kind of data we need in Splunk to use to alert on and then what systems are involved in our response process. I recently came across a great write up on getting started with threat modeling and how to discuss how data flows through applications, servers, databases, and other systems in the environment. The article does into further details about how to begin documenting and drawing a diagram for these systems and using the STRIDE method to create a checklist that documents any potential threats, their impact, and proposed mitigations. |
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
