Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Staff Picks for Splunk Security Reading July 2021
By
Ryan Kovar
|
Howdy, folks! A new month, so a new list of security picks! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes... they get lost! So as we promised in early 2018, we are bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read.
Check out our monthly staff security picks and our all-time best picks for security books and articles. I hope you enjoy.
|
Really looking forward to BH/DC2039 |
Kubernetes Hardening Guidance by NSA, CISA If there is one new technology I have not wrapped my head around, it is Kubernetes. Or K8. Or Katie? Still not clear. Splunk has been doing some great work on it (BOTSV anyone?), but I need to get more knowledge! My favorite bit of recently acquired information is that many cloud security professionals believe that Kubernetes is not inherently insecure; it is just not installed correctly :-). So the answer to that? Hardening guides. Great job by the NSA/CISA, once again, putting out some valuable and approachable information. Read through their 50+ guide for some great examples of securing, architecture, and configuration guides. |
|
But this year, it was cancelled for us |
Chinese State-Sponsored Cyber Operations: Observed TTPs by NSA, CISA and FBI July....just, wow. So many choices this month, between ransomware attacks, new research, vendor best practices, there was a lot out there, but I wanted to highlight the joint advisory that NSA, CISA and FBI published on Chinese State-Sponsored Cyber Operations. The actual advisory itself is fairly brief but contains some good high level themes around state sponsored activities that have taken place and some of the recent focus areas that have been observed, including the use of public vulnerabilities and multi-hop proxies. If you would like to dig deeper, the appendix provides a robust listing of TTPs, which can be extremely helpful to contextualize actions being observed. Additionally, the detection and mitigation recommendations section is a nice punch list of actions that defenders can use to help button up their organizations. It is also worth noting that this is the first document that I have seen that uses the DEF3ND framework that MITRE developed with funding from the Cybersecurity Directorate of NSA. Concepts like platform hardening and executable allowlisting are techniques identified that can have wide-ranging benefits and definitely should serve as food for thought. Even if you don't believe that your organization is targeted with this advisory, it is still a worthwhile document to review to better understand how adversaries utilize techniques and how detections can be employed to mitigate them, no matter who the adversary may be. |
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
