The Splunk Threat Research Team (STRT) continuously monitors the threat landscape to develop, test, and deliver custom detection searches to help identify vulnerabilities and cyber attacks within your environment. All detections relevant to a particular threat are packaged in the form of analytic stories (also known as use cases) and housed on the Splunk Security […]
Looking for the latest Splunk security content? You’ve come to the right place! This page is updated quarterly with all the latest security content details. This blog post covers all the security content developed November 2023 – January 2024. Jump straight to the updates below, or read on to learn more about: How Splunk develops […]
The Splunk team released the Splunk Add-on for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer version 1.1. These apps strengthen the unified security operations experience, and this release allows users to bring automated threat analysis verdicts of URLs into Splunk Enterprise Security (ES) notable events to provide enhanced security measures for SOC […]
The recent increase in the number of application security testing tools has caused confusion among buyers and vendors. Some have started to view DAST as just a checkbox item, prioritizing cost over quality. This rush for cheaper options is putting organizations at risk, often without the knowledge of security leaders. It’s time to differentiate between […]
What you need to know The Securities and Exchange Commission is accusing SolarWinds and its CISO of misrepresenting the company’s security situation before and after the 2020 SolarWinds Orion hack. The SEC’s action could set a precedent for holding security officers personally liable for security incidents and their consequences. The case has sparked a […]
There will always be a natural tension between cybersecurity teams and developers. Developers are paid to create and ship new applications, while security teams are responsible for ensuring that bad things don’t happen when new software is deployed, such as data breaches or loss of business services due to vulnerabilities. While this dynamic can create […]
Public companies in the United States have been aware of the SEC tightening down on reporting security incidents for some time now. With compliance deadlines here, the reality of the situation is becoming more apparent. This piece serves as a recap and checklist for both public and private businesses on what to focus on now […]
Back in 2021, Google introduced a new security standard known as the Minimum Viable Secure Product, in collaboration with other organizations. Now, 2 years later, they have updated this standard. Minimum Viable Secure Product If you are interested, you can read the original announcement from Google. However, in this post, we will focus on the […]
The Security Headers grading criteria is something that doesn’t change often, but when it does, there’s a good reason behind the change. In this blog, I will outline the new grading criteria and the reasons why we’ve made the change. Security Headers For those that aren’t familiar, Security Headers is a free security scanning tool […]
When it comes to web application security testing tools, there are different options available depending on what and how you are testing. However, for a comprehensive assessment of your running applications’ security status, dynamic application security testing (DAST) is highly recommended. DAST is designed to test websites and applications by simulating real attacks and identifying […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
