Cybersecurity Infrastructure Security Agency (CISA) released Alert (AA20-302A) on October 28th called “Ransomware Activity Targeting the Healthcare and Public Health Sector.” This alert details TTPs associated with ongoing and possible imminent attacks against the Healthcare sector, and is a joint advisory in coordination with other U.S. Government agencies.

Several weeks ago, my good friend Katie Nickels (Director of Intelligence at Red Canary extraordinaire) and I were chatting about Ransomware. She was super interested and passionate about some new uses of a ransomware variant named “Ryuk” (first detected in 2018 and named after a manga/anime character) [1]. I was, to be honest, much less interested. It turns out, as usual, Katie was right; this was a big deal (although as you will see, I’m right too… still dull stuff!).

As data continues to explode across the enterprise, we are finding that it is becoming increasingly challenging for organizations to keep up. A recent Splunk report, "The Data Age is Here," found that 57% of companies interviewed expressed that the volume of data is growing faster than they can manage, with 47% bluntly saying they will fall behind when faced with rapid data volume growth.

Today, every company is a software company and digital business is a core strategy for many organizations. To gain the much-needed agility and efficient scalability, companies in all verticals are modernizing their infrastructure by moving to hybrid, multicloud and cloud-native environments. Realizing that modern applications run on modern infrastructure, IT leaders are prioritizing infrastructure modernization initiatives.

Here at Splunk, when we discuss Splunk Phantom with customers we end up talking about phishing pretty frequently because it’s something like Olivia outlined in a recent blog post, "Between Two Alerts: Phishing Emails — Don’t Get Reeled In!", customers both encounter and talk to us about all the time. It makes a lot of sense — phishing is a super common issue that almost everyone deals with ad nauseum and it’s annoying to investigate.

For years, Splunk has provided the ability to display dismissible Bulletin Messages. But what if you need to show a non-dismissible, highly-visible message across all your product pages? Now you can, with the new Global Banner! One of our top-voted Customer Ideas, the Global Banner allows an admin to display a one-line message, with optional hyperlink, at the top of their product pages.

Today, more than ever, mobilizing remote teams to triage and resolve outages separates is separating enterprises able to accelerate their digital initiatives from those who don’t. Observability has elevated our ability to quickly detect problems and ask questions in our system to triage and reduce “time to clue” — an increasingly important metric.

It’s been just over six months since Splunk disrupted the Application Performance Monitoring (APM) market with the launched SignalFx Microservices APM, combining the technologies of SignalFx and Omnition. We have pushed ourselves harder and continued to invest in creating more value for our customers by making it easier for them to ingest ALL data and providing ever more powerful analytics on top of that data.

HashiCorp’s Terraform has emerged as a powerful tool for managing infrastructure as code. Teams can fully describe an application’s infrastructure needs such as physical machines, VMs, containers and more using configuration files. This allows the application infrastructure to be version controlled, reducing human errors during deployments.

In May, we announced new updates across the Splunk Connected Experiences portfolio, including support for many popular mobile device management (MDM) providers. With support for MDM capabilities, our customers can securely deploy Splunk Mobile at scale. Today, we are excited to share that Splunk Mobile now supports another popular Mobile Device Management (MDM) provider: Microsoft Intune. You can manage Splunk Mobile on both iOS and Android devices through Microsoft Intune.

A few days ago, I tried ordering lunch from a local restaurant. I went online, spent time looking at their menu, chose a few items, clicked “submit” and… got an error message. This experience is not unique. Earlier this week, when I tried to read the news, I got a message saying they’re experiencing a technical issue. You can see both messages below: We’ve all experienced such situations, and they can be very frustrating.

Today is an exciting day for Splunk! In just 12 months since the acquisition of SignalFx and Omnition, our vision of a fully integrated Observability Suite is now a reality! As IT and DevOps teams strive to keep up with ever changing business requirements and deliver flawless customer experiences, we’re seeing the pace of digital and cloud initiatives accelerate.

When it comes to DevOps, Splunk has a lot to say at .conf20. There’s a lot to digest from new product names to introducing new products to create a complete observability experience. We announced the Splunk Observability Suite, which creates a seamless workflow across monitoring, investigation and troubleshooting tasks. We also extended our portfolio with Splunk Real User Monitoring, which provides front end engineers better insights into performance.

At Splunk, we've been leading the way in observability and helping accelerate the adoption of the OpenTelemetry project. With the trace specification reaching a stable maturity level and several SignalFx Gateway and client library capabilities being upstreamed, we're ready to go all-in while we continue accelerating the growth and adoption of OpenTelemetry beyond the commitments we made last year.

Every business transformation needs a data strategy and the ability to manage increasingly complex environments. And while companies all over the globe are embracing the cloud, this shift has only exacerbated the associated complexity, compounded by the uncertainty brought about by the current global pandemic. You’ve got more data centers and attack surfaces to monitor and secure, in addition to greater unpredictability and risk.

Previous articles in our series have introduced the Splunk App for Infrastructure (SAI) and provided getting-started guidance for Linux and Windows using native metric-collection tools such as collectd and perfmon. But did you know you can also use your existing Splunk Universal Forwarders (UF’s), together with the Splunk Add-on for Unix and Linux (TA-Nix) to send both the metrics and logs without the need of additional agents?

Artificial intelligence for IT Operations (AIOps) still sounds like something from the future to a lot of IT professionals. Maybe you’ve heard about the benefits but don’t think your organization is ready. In these three short, informative videos, Kia Behnia, Vice President of IT Operations, addresses three key questions IT pros still have when it comes to AIOps.

In a recent post by the Splunk Threat Research team, we addressed permanent and temporary token/credential abuse in AWS and how to mitigate credential exposure. With 94% of Enterprises using a cloud service, and some using at least five different cloud platforms, it’s imperative to stay ahead of threats across multicloud environments. Let’s now turn our attention to Google Cloud Platform (GCP) and how to detect and mitigate OAuth Token Abuse.

We are excited to announce the preview of the Splunk extension for AWS Lambda, a new way to integrate monitoring and observability in Lambda environments. Splunk is already the pioneer in providing real-time observability into serverless environments. With the Splunk extension, capturing and ingesting observability data become seamless without the need to instrument function code.

Some of you may have attended the recent webinar on how to simplify ticket remediation with ML-Powered Analysis. We’re thrilled to announce that we have packaged the new app shown in that demo – the Smart Ticket Insights App for Splunk – and it is now live on Splunkbase!

We just got some great news. IDC has ranked Splunk #1 for both market share and market revenue in their IDC Worldwide IT Operations Analytics Software Market Shares, 2019 report. This is the sixth year in a row IDC has ranked Splunk as #1 in ITOA. While we’re proud of this recognition, let me say right away that our success is due to the continued success of our customers, and we’re very grateful for the opportunity to be a part of it.

I’m excited to announce the launch of a new series of apps on Splunkbase: MLTK Smart Workflows. These apps are domain-specific workflows, built around specific use cases, that can be used to help you develop a set of machine learning models with your data. In this blog post, I’d like to take you through the process we adopted for developing the workflows.

While working with customers over the years, I've noticed a pattern with questions they have around operationalizing machine learning: “How can I use Machine Learning (ML) for threat detection with my data?”, “What are the best practices around model re-training and updates?”, and “Am I going to need to hire a data scientist to support this workflow in my security operations center (SOC)?” Well, we are excited to announce that the SplunkWorks team launched a new add-

We’ve seen quite a bit of change this year as businesses have had to pivot to accelerating their digital transformation strategy, and placing even more emphasis on leveraging technology as a competitive differentiator. Most have continued to stress the importance of maintaining excellent customer relationships through their contact centers, but the playing field has changed as they now have to tap into data for insights that may have normally been gleaned through an analog approach.

Have you ever had to saw through a board by hand? I had to finish a partial cut by hand the other day while building a new mantle for my fireplace. It’s slow and difficult, and it often results in a lesser quality cut than one done with a power tool. It’s good exercise, though! We should all have to do it at least once so we appreciate our power tools more.