SECURITY

Staff Picks for Splunk Security Reading September 2020

Howdy, folks! A new month, so a new list of security picks! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes...they get lost! So as we promised in early 2018, we are bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series! I hope you enjoy.

 

Ryan Kovar

@meansec

BOTS

BOTS at .conf20 by Me!

Yeah. I'm doing this. Damn, right I am! Why? Because this is going to be our BIGGEST Boss of the SOC ever, with some massive changes to our backends, and you'll get a peek into the future of BOTS. This year, we will dive into AWS, GCP, ZOOM, breaking vulnerabilities, GSUITE, Azure, and even biologically modified toads. We will be running 3 different sessions for APAC, EMEA, and the Americas. Three different regions... but one single global winner. Read the blog, register for .conf, and BOTS, and we will see you on 19OCT2020!

Dave Herrald

@dherrald

BOTSBOTS

Introducing the all-new Adversary Emulation Plan Library by Jon Baker and Forrest Carver

MITRE has launched its Adversary Emulation Library. It's a structured, freely available resource to help organizations create plans to test their defenses against specific adversaries. I'm excited to see one of the first major products to emerge from MITRE Engenuity's Center for Threat-Informed Defense. We expect more high-quality resources like this one from this innovative team within MITRE over the next months and years!

John Stoner

@stonerpsu

BOTSBOTSBOTS

The Hacker and the State by Ben Buchanan

I believe a few months ago I may have mentioned this book was just being released, so I carved out some time to have a read over Labor Day weekend and I really wanted to share that with you this month. Ben looks at how nation states utilize cyber and uses events, primarily over the last 25 years to illustrate these activities. The book is divided into three sections; espionage, attack, and destabilization. Each section covers different subsections like encryption algorithms released in early 2000 by NIST for comment that were identified to have flaws in them, placed by others, that eventually found their way to RSA and Juniper, among others, with disastrous outcomes. Coercion, like the kind of pressure and attacks put on Sony as they were to release The Interview are shared and election interference and the confluence of active measures and cyber in recent elections are also discussed. The book closes with the author's thoughts on hacking and how it can be a solid tool for shaping geopolitical outcomes, but that it really isn't a good way to signal to other countries intent and because of the asymmetry of these actions, these capabilities are being enhanced by countries around the world rapidly and the challenges this causes everyone.

Matt Toth

@willhackforfood

BOTSBOTSBOTSBOTS

Supply Chain Hackers Indicted by US Justice Department by Brian Krebs

Seven Chinese nationals have been indicted by the US Justice Department for taking part in hacking campaigns for over a decade. The seven men are part of the APT41 hacking group, and targeted organizations to steal source code, code signing certificates and other information. One of the allegations I find particularly fascinating is that they would hack a software company to infect their code, with the target being farther downstream. Supply chain attacks are effective ways to bypass a targets defenses, by coming in through a trusted party.

Ryan Kovar
Posted by

Ryan Kovar

NY. AZ. Navy. SOCA. KBMG. DARPA. Splunk.

Join the Discussion