Staff Picks for Splunk Security Reading July 2023

Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.

Check out our previous staff security picks, and we hope you enjoy. 

Chris Perkins


Unraveling Zero Trust: An Airport Security Analogy + ODAM

"This blog post aims to present a comprehensive examination of the intricate relationship between ODAM (Operationalizing Data Analytics Methodology) and Zero Trust Architecture (ZTA), with a focus on clarifying the prevailing industry discourse. While marketing teams excel in guiding customers towards informed purchasing decisions and articulating the advantages of specific products for organizations, this analysis will delve into the convergence of zero trust and ODAM, illuminating the profound synergies and strategic advantages that arise from their seamless integration."

Haylee Mills 


Investigate by ZombieLucy for

"I love this breakdown of what's happening when an analyst gets an alert and the biases to keep in mind with how analysts work and how we provide context as detection engineers. The bullet points at the end are all gold, but in particular: 'Engineers must reduce the investigative load on analysts as much as possible.' PREACH!"

Zachary Christensen


WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks from The Hacker News

"WormGPT is one of the latest generative artificial intelligence (AI) cybercrime tools. It's easier than ever for adversaries to launch various attacks using the tool. Like ChatGPT, cybercriminals can use this technology to help create phishing emails, malware, and more. Furthermore, by leveraging WormGPT, foreign actors can more easily create compelling emails personalized to the intended target, increasing the success rate without being hindered by a language barrier.

WormGPT and tools like it are just the start of a new wave of cybercrime tools that will emerge to make it even easier for an adversary to quickly and easily automate the creation of targeted attacks."

Ryan Fetterman


Rockwell warns of new APT RCE exploit targeting critical infrastructure by Sergiu Gatlan for Bleeping Computer

"Industrial Control Systems (ICS) often run totally unique protocols compared to the IT environment. These protocols can include proprietary and sometimes undocumented control codes and logic. This advisory states that 'following successful exploitation, malicious actors could also manipulate the module's firmware, wipe the module memory, alter data traffic to and from the module, establish persistent control, and potentially impact the industrial process it supports.' This amount of functionality reveals that adversaries are investing significant resources into building, testing, and potentially reverse-engineering specific ICS hardware and software to build targeted capabilities. As these exploits become more widely available, they can be re-used by less skilled adversaries, and we may see a rapid increase of exploitation attempts."

Richard Marsh


Compromised Microsoft Key: More Impactful Than We Thought by Shir Tamari for

"Microsoft's Response to Storm-0558 is easily one of the biggest news stories of the year. The severity of a compromised MSA key cannot be overstated. Organizations have a responsibility to check their environment for any activity that could have originated from this attacker. Unfortunately, this includes first-party Microsoft applications and third-party AAD apps. Wiz gives a great explanation of how to best check your Azure environment for impact in this post."

Audra Streetman

@audrastreetman /

White House Says Amazon, Google, Meta, Microsoft Agree to AI Safeguards by Sabrina Siddiqui and Deepa Seetharaman for the Wall Street Journal

"The White House recently met with representatives from seven major tech companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI— to discuss guardrails for the development of artificial intelligence (AI) technology. This includes the creation of an AI watermarking system for visual and audio content to help identify AI-generated media and what system created it. The guidelines are voluntary, unenforceable, and most notably, they do not include the disclosure of data used to train AI algorithms, which can result in unintended bias. The agreement is one step in the right direction, but much more action is needed to address the risks involved with the rapid growth of AI technology."

Audra Streetman is a member of SURGe, Splunk's security research team. Before arriving at Splunk, Audra worked as a reporter, producer and anchor at local TV stations in Indiana, California, Kentucky and Colorado. As a journalist, she covered several major cybersecurity stories including SolarWinds and ransomware attacks targeting Colonial Pipeline, JBS and Kaseya. In her free time, she enjoys hiking and skiing in the Colorado Rockies.

Show All Tags
Show Less Tags