Operations | Monitoring | ITSM | DevOps | Cloud

On Saturday, December 12, our CEO was advised by an executive at FireEye of a security vulnerability in our Orion Software Platform which was the result of a very sophisticated cyberattack on SolarWinds. We soon discovered that we had been the victim of a malicious cyberattack that impacted our Orion Platform products as well as our internal systems.

This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).

Genesys is one of the world’s leading Contact Centre platforms, offering their customers the ability to deliver superior experiences. Genesys offers a range of solutions which cover SaaS, multi-cloud, and on-premises options to cater for all of their customer requirements. Splunk is traditionally known for helping customers with challenges around IT monitoring and security requirements regardless of whether they are running an on-premises datacenter or have a cloud first approach.

Many of our customers rely on the Amazon Web Services (AWS) Well-Architected Framework as a guide to build safe, secure, and performant applications in the cloud. AWS offers the Well-Architected Review (WAR) Tool as a centralized way to track and trend adherence to Well-Architected best practices. It allows users to define workloads and answer a set of questions regarding operational excellence, security, reliability, performance efficiency, and cost optimization.

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.

The FireEye breach on Dec 8, 2020, was executed by a “nation with top-tier offensive capabilities.” These hackers got a hold of FireEye’s own toolkit, which they can use to mount new attacks globally. What does this mean for you? Mandiant is a leading Red Team/Penetration Testing company with a highly sophisticated toolkit, called the "Red Team tools." These are digital tools that replicate some of the best hacking tools in the world.

2020 is nearly over, and we’d like to take a couple of minutes to reflect on our year as well as provide a sneak peek into what you can expect from us in 2021. Although it has been a year full of distractions, the CFEngine team has continued to make significant strides when it comes to product improvements and new features that help our users.

The Domain Name System (DNS) is a naming system for computers, services, or other resources connected to the Internet or a private network. DNS translates domain names to the numerical IP addresses needed for locating and identifying computer services and devices. For decades It’s been an essential component of the Internet. It’s an essential part of Kubernetes as well, and is used to determine how workloads connect to Kubernetes services as well as resources outside the cluster.

One of the lasting changes brought about by the COVID-19 pandemic is that it forced organizations to rethink the concept of a workspace. As remote work became inevitable, IT teams had to enable the secure transition to remote work almost overnight. Opening up offices, on the contrary, will likely be executed in planned phases. A United States Department of State advisory recommends that workforces return to an office in three phases, with the employees most at risk coming in at a later stage.