Security Blogs

This blog, the Splunk Threat Research Team (STRT) showcases a year's evolution of QakBot. We also dive into a recent change in tradecraft meant to evade security controls. Last, we reverse engineered the QakBot loader to showcase some of its functions.

We're proud to be one of the early partners of Amazon Security Lake, allowing joint Splunk and AWS customers to efficiently ingest the OCSF-compliant data to help improve threat detection, investigation and response.

We ran over 400,000 instances of malware to see how good ClamAV really is. Here's the data.

On 28th November, European Member States formally adopted the revision of the Network and Information Security Directive (NIS2) (EN, DE, FR). The Directive will enter into force before the end of the year, but will only be applicable after EU Member States transpose the Directive into national law - by September 2024. So now is the time for a heads-up about the upcoming changes and what they will mean for your cybersecurity operations.

Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read. We hope you enjoy.

SOAR helps you orchestrate security workflows and automate tasks in seconds to empower your SOC, work smarter and respond faster. Increasingly, security automation is becoming seen as a milestone in maturing your security operations. And maturing security operations is something all organizations need to do, with the rising threat of attacks and threats of all kinds.

Splunker Shannon Davis shares a closer look at updated searches for detecting SpookySSL.

The Splunk Threat Research Team (STRT) describes the different tactics, techniques and procedures mapped to the ATT&CK framework leveraged by the Agent Tesla remote access trojan.

Recently I sat down with Enrico Maresca, CISO of .italo, to discuss their security operations strategy and double click into multiple lessons learned and best practices. Enrico shared insight into what good looks like when communicating to the Board of Directors, discussed cyber security topics and SecOps use case development strategies.