Staff Picks for Splunk Security Reading April 2022

Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers and customer case studies that we feel are worth a read.

Check out all monthly staff security picks and our evergreen picks for security books and articles. We hope you enjoy.

Drew Church

@drewchurch

11 Strategies of a World-Class Cybersecurity Operations Center by Kathryn Knerler and Ingrid Parker at The MITRE Corporation Carson Zimmerman at Microsoft

"In 2016 I started a full-court press into educating myself on HOW the upper echelon of successful organizations "do" security. A colleague of mine made me aware of the book titled "10 Strategies of a World-Class Cybersecurity Operations Center" and I was enamored. It really glued together the why and how of the organizations I'd seen in my work. In March 2022, The MITRE Corporation published a second edition that encompasses a total of 11 strategies. For anyone interested in the structure of a security program with actionable insights, start reading it today."

Haylee Mills

@7thdrxn

A twitter thread on Cyberhactivism and Russia by Micah Lee

"I had heard little tidbits of releases on Distributed Denial of Secrets here and there, but it's wild to see the sustained hacktivism against the Russian government and private industry. There's even a person in the comments talking about folks who have been organizing to crack communication protocols and SCADA systems! Hell hath no fury like a hacker scorned."

Shannon Davis

@DrShannon2000

Episode 114: HD from Jack Rhysider at Darknet Diaries

"This is a great Darknet Diaries podcast, which was really just a fireside chat with HD Moore around some of his history and how Metasploit came to be. Was really interesting to hear the story directly from HD, who is super humble even though he created one of the greatest red team tools in existence."

Tamara Chacon

@holly1g0lightly

NFTs Are a Privacy and Security Nightmare The blockchain isn’t as “anonymous” as you might think by Eric Ravenscraft at WIRED

"The world of crypto is interesting. It allows you to be “anonymous” by using a false name, address, or other PII that you would like to keep private. You have a wallet that is viewable, people can see what that wallet is doing, but it is harder to see who is using that wallet. With NFTs on the rise, anonymity is more difficult simply because the entire point of an NFT is it being a “unique identifiable token." The article by Eric Ravenscraft touches on why NFTs are creating privacy and security nightmares for crypto users. It brings up simple points that many have been overlooked in this new chapter of digital currency. The article brought to light things I did not know could take place within the crypto world."

Audra Streetman

@audrastreetman

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure by CISA, FBI, NSA, and International Partners

"The Cybersecurity and Infrastructure Security Agency issued a joint Cybersecurity Advisory this month that it calls 'the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.' The advisory includes technical details on cyber operations from Russian cybercrime groups and state-sponsored actors. Based on evolving intelligence, CISA says it appears the Russian government is exploring options for potential cyberattacks against the West. The advisory also recommends several immediate actions organizations can take to protect their networks such as patching known vulnerabilities, enforcing MFA, monitoring RDP, and providing security awareness training for end-users. Organizations can also visit cisa.gov/shields-up for the latest guidance on how to defend against potential cyberattacks."