Posts

Showing posts with the label SIEM

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

Image
Are you aware of  Network Detection and Response (NDR)  and how it's become the most effective technology to detect cyber threats? NDR massively upgrades your security through risk-based alerting, prioritizing alerts based on the potential risk to your organization's systems and data. How? Well, NDR's real-time analysis, machine learning, and threat intelligence provide immediate detection, reducing alert fatigue and enabling better decision-making. In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false positives and efficient threat response. Why Use Risk-Based Alerting? # Risk-based alerting is an approach where security alerts and responses are prioritized based on the level of risk they pose to an organization's systems, data, and overall security posture. This method enables organizations to concentrate their resources on addressing the most critical threats first. Benefits of risk-based alerting include efficient resource allocation and more: By

Stat! 3 Must-Have Data Filtering Techniques

Image
Data filtering techniques for threat hunting Why is filtering data important? Well, Splunk allows you to store gigabytes, terabytes, or even petabytes of full-fidelity security data — yet the evidence you are seeking during a hunt or investigation is often contained in just a few events.  You need to eliminate the noise and expose the signal. To do this, we will focus on three specific techniques for filtering data that you can start using right away. For all three tutorials, below, we use data from our Boss of the SOC v1.0 data set.  Technique 1. It’s About Time: Specifying a time range The most obvious (but often overlooked) technique for reducing the number of events returned by your Splunk search — and getting you closer to actionable results — is to specify an appropriate time range.  If you can put a left and right boundary on the timeline of your hunt, you enable Splunk to ignore events from time periods that have nothing to do with your hypothesis, potentially sa

Introducing the Splunk App for Behavioral Profiling

Image
S plunk is the platform for a million use cases, used to investigate operational data across security, observability, fraud, business intelligence and many other domains. But, in my time at Splunk, I’ve come to realize that all of our customers face challenges that stem from the same core problem:  Within exploding data volumes, finding the anomalously behaving entities that are most threatening to the resilience of their organization. Introducing the Splunk App for Behavioral Profiling , a collection of workflows which enable you to operationalise detection and scoring of behavioral anomalies at scale in complex environments, correlated to profile and highlight the entities that are affecting resilience - designed to help:  Fraud Teams tasked with locating increasingly sophisticated attackers that employ evolving methods across physical and digital channels to avoid simplistic detection rules. IT Operations supporting modern infrastructure, services and solutions com