Staff Picks for Splunk Security Reading May 2024

Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.

Check out our previous staff security picks, and we hope you enjoy.

Shannon Davis

@DrShannon2000

The Ethics of Advanced AI Assistants by Iason Gabriel et al for Google DeepMind

"A very long whitepaper – 273 pages – about the ethics of advanced AI assistants authored by a number of individuals from Google and numerous universities. I'm only a short way through, but I believe this is one of the most comprehensive attempts to put these ideas down on paper so far. If you want to understand the ethics surrounding the use of these tools along with proposals on how to deal with them, read on! I recommend a long-haul flight or maybe even use this long paper as an excuse to avoid doing other stuff for an entire day, it's really up to you!"

Justin Bull

Linkedin

How Attackers Can Own a Business Without Touching the Endpoint by The Hacker News

"’Digital identities are increasingly complicated and hard to secure.’ - The emergence of technology in our everyday lives has brought with it the battle between security and complexity. The ease-of-use of the things we need to use presents difficulty in providing those things securely. As cloud technology has become more widely adopted, it has also taken the enterprise perimeter from local or regional to global."

Brandon Sternfield

@TheLawsOfChaos

Rethinking How You Work With Detection and Response Metrics by Jeffrey Schwartz for Dark Reading

"Alert fatigue is a significant challenge for SOC analysts. This article discusses a new framework proposed to help SOCs balance the quantity and quality of detections to mitigate this issue. The Threat Detection and Response (TDR) Maturity Model, introduced by Stott, a Senior Staff Engineer at Airbnb and a presenter at Black Hat Europe, aims to help organizations prioritize the MITRE ATT&CK techniques that are most relevant to their critical risks. Stott's SAVER (Streamlined, Awareness, Vigilance, Exploration, and Readiness) Framework is designed to improve the development of metrics. He believes that implementing both frameworks will enable organizations to accurately assess their detection and response maturity and guide future investments to enhance these capabilities. Interested individuals can sign up to view the recorded webinar here.”

Mark Stricker

@maschicago

Microsoft’s AI ‘Recall’ feature raises security, privacy concerns by Laura French for SC Media

"Microsoft announced a new feature this week that has some folks’ spidey sense tingling. Their new co-pilot PCs are coming with a feature called ‘Recall’ that takes snapshots of the user's activity every few seconds. This is concerning because it would seem to present a big target for bad actors. While the data is local (and encrypted), it doesn't strip out sensitive data. This is an interesting article about privacy and security concerns surrounding this feature."

Robin Burkett

Linkedin

Using ideas from game theory to improve the reliability of language models by Rachel Gordon for MIT CSAIL

“This is an interesting article that explains how to use aspects of game theory to improve how AI understands and generates text. It’s similar to when you are learning something new and how it helps to approach similar concepts from different perspectives. MIT CSAIL researchers created a “consensus game” that pits two different AI approaches against each other until they are in agreement, creating a more reliable and consistent model.”

David Montero-Suárez

LinkedIn

Cyber Security: A Pre-War Reality Check by Bert Hubert

“Sobering read. I am Costa Rican and we don't have military forces. Although we don't go to war anymore, war still comes to us. Cyber threats do not differentiate. We know, we were hacked two years ago… but even if you think there’s only a 10% chance of conflict, it’s still good to think about this.”

Audra Streetman

@audrastreetman / @audrastreetman@infosec.exchange

Potent youth cybercrime ring made up of 1,000 people, FBI official says by AJ Vicens for CyberScoop

“The cybercriminal group behind a number of high-profile attacks including MGM Resorts and Caesars Entertainment is made up of about a thousand people, CyberScoop reports. Bryan Vorndran, assistant director of the FBI’s Cyber Division, revealed this information at Sleuthcon, a cybercrime-focused conference, adding that Scattered Spider is made up of mostly English speakers in the US and UK and is classified as a top three cybersecurity threat alongside China and Russia.”