Category Archives: Splunk

Splunk acquires Phantom Cybersecurity for $350 million

Posted on by

Big data analyzation platform company Splunk announced Tuesday that it will acquire security automation and orchestration company Phantom Cybersecurity in a deal worth $350 million. Phantom’s platform relies on automation to complete various tasks and workflows, freeing up enterprise security teams to focus on high-level issues. By combining Phantom’s product into Splunk’s data automation platform, enterprises will be able to further reduce risk and respond faster to security incidents. “Phantom’s employees and technology significantly expand and strengthen Splunk’s vision for the security nerve center and for business revolution through IT,” said Doug Merritt, Splunk’s president and CEO. “Splunk is committed to continuously pushing the limits of technology to help our customers get the answers they need from their data.” The cybersecurity world has been buzzing about Phantom over the past two years. The company was named the Most Innovative Startup at the 2016 RSA Innovation Sandbox contest. It has raised […]

The post Splunk acquires Phantom Cybersecurity for $350 million appeared first on Cyberscoop.

Continue reading Splunk acquires Phantom Cybersecurity for $350 million

[SANS ISC] Using Bad Material for the Good

Posted on by

I published the following diary on isc.sans.org: “Using Bad Material for the Good“: There is a huge amount of information shared online by attackers. Once again, pastebin.com is a nice place to start hunting. As this material is available for free, why not use it for the good? Attackers (with

[The post [SANS ISC] Using Bad Material for the Good has been first published on /dev/random]

Continue reading [SANS ISC] Using Bad Material for the Good

[SANS ISC] Suspicious Domains Tracking Dashboard

Posted on by

I published the following diary on isc.sans.org: “Suspicious Domains Tracking Dashboard“. Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how

[The post [SANS ISC] Suspicious Domains Tracking Dashboard has been first published on /dev/random]

Continue reading [SANS ISC] Suspicious Domains Tracking Dashboard

Splunk Custom Search Command: Searching for MISP IOC’s

Posted on by

While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events,

[The post Splunk Custom Search Command: Searching for MISP IOC’s has been first published on /dev/random]

Continue reading Splunk Custom Search Command: Searching for MISP IOC’s

Splunk, ForeScout, Carbon Black, and ManageEngine – Enterprise Security Weekly #65

Posted on by

Splunk goes shopping, ForeScout joins forces with an endpoint vendor, Carbon Black makes an announcement, new ManageEngine integrations, new Microsoft security features, and more enterprise news! Enterprise News Splunk Acquires Rocana Assets ForeScout and CrowdStrike Form Strategic Alliance to Deliver Advanced Endpoint and Network Threat Protection Carbon Black Points to Predictive Cloud Security | Comms […]

The post Splunk, ForeScout, Carbon Black, and ManageEngine – Enterprise Security Weekly #65 appeared first on Security Weekly.

Continue reading Splunk, ForeScout, Carbon Black, and ManageEngine – Enterprise Security Weekly #65

Splunk is latest company to take exception to Larry Ellison’s slams at Oracle OpenWorld

Posted on by

 Larry Ellison was at it again yesterday, making friends, influencing people and pissing off rivals. It was AWS in the keynote earlier in the week. Yesterday, it was Splunk, a seemingly innocuous logging software company, which somehow fell into Ellison’s marketing cross-hairs. The company took serious exception. Splunk is best known for logging all events related to IT. Ellison announced… Read More Continue reading Splunk is latest company to take exception to Larry Ellison’s slams at Oracle OpenWorld

Splunk expands machine learning capabilities across platform

Posted on by

 Splunk has always been data central for IT operations info, but as the logs fill up with ever-increasing amounts of data, it has become impossible for humans to keep up. Recognizing this, Splunk started building in machine learning and artificial intelligence last year, and this week they are enhancing those capabilities to make it easier to surface the data that’s most critical. The… Read More Continue reading Splunk expands machine learning capabilities across platform

[SANS ISC] Getting some intelligence from malspam

Posted on by

I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week.

[The post [SANS ISC] Getting some intelligence from malspam has been first published on /dev/random]

Continue reading [SANS ISC] Getting some intelligence from malspam

New infosec products of the week​: August 18, 2017

Posted on by

New Firebox M Series appliances help SMBs keep up with encrypted traffic WatchGuard Technologies announced hardware upgrades to its Firebox M Series to handle the proliferation of encrypted web traffic. With the new M470, M570 and M670 appliances, users can add additional network modules to increase the number of copper or fiber ports available to support the growing use of 10G fiber in midsize enterprise data centers. The appliances also enable users to inspect encrypted … More Continue reading New infosec products of the week​: August 18, 2017