With the increasing transitions of various infrastructures into the cloud, blue teams can be left with a huge blind spot when it comes to finding various nefarious activities within cloud environments. Combine this with the rapid and instant deployment of services or instances, and things can get sticky fairly quick. In this post, I will go over four AWS-specific detections you can use to monitor potentially malicious activity within your AWS environment using Splunk, and our risk-based ShadowHawk platform.
Read MoreOne of the growing attacks we have seen has been Remote Desktop brute forcing, MITRE ATT&CK technique T1076(link https://attack.mitre.org/wiki/Technique/T1076), especially if you have laptops that connect directly to the internet when not at your office. We know what you are thinking…people still connect without a network firewall?...YES.
Read MoreIn this brief Splunk tip for defenders we are going to talk web proxy logs and analyzing user agent strings. We will identify some common ones and show a search you can modify to fit your needs.
Read MoreAs defenders, there are many times our priorities are being determined by forces outside of our control. We are being guided by urgent projects, never ending vulnerabilities, sensational headlines, and over promised technologies. Meanwhile, real attackers continue to try to exploit our IT infrastructure and our End Users. The sophistication level of an average attack on the enterprise environment is increasing by the day and the average burnout of a defender is increasing by the minute. At some point, you start asking yourself are we always just suppose to lose?
Read MoreThis last post in our phishing series walks through a real phishing campaign to really show the power behind this solution both in the ability to identify and remediate malicious emails quickly and efficiently.
Read MoreNow that the data is in Splunk and searchable, you can start to pattern phishing behavior. Based on the patterns we were seeing in our environment, we started creating searches to proactively spot campaigns prior to our users reporting them (or clicking and not reporting). We created a Phishing Insight dashboard to display our new searches.
Read More