Detecting Abnormal or suspicious upload (or) download activity by a user using a Machine learning model. A leading power distribution organization wants to monitor its insider threat using the abnormal or suspicious upload (or) download activity by the user.
CHALLENGES
SOLUTIONS
BENEFITS
Monitored Systems/Data Sources: Squid proxy logs.
Users: Security Operation Center Team
Product: Splunk Enterprise
Splunk App: Machine Learning Tool Kit
[image] => posts/March2023/7dRwSVXLelMbeWGpIB9O.png [image_alt] => data-transfer-anomalies [slug] => power-distribution-firm-seeks-ml-to-detect-data-transfer-anomalies [meta_description] => Power distribution organisation aims to detect insider threat via suspicious upload/download activity with focus on ML capabilities for anomaly detection. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:23:25 [updated_at] => 2023-05-26 13:22:22 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 14 [author_id] => 1 [category_id] => 2 [title] => Power distribution firm seeks ML to detect data transfer anomalies [seo_title] => Power distribution firm seeks ML to detect data transfer anomalies [excerpt] => Power distribution organisation aims to detect insider threat via suspicious upload/download activity with focus on ML capabilities for anomaly detection [body] =>Detecting Abnormal or suspicious upload (or) download activity by a user using a Machine learning model. A leading power distribution organization wants to monitor its insider threat using the abnormal or suspicious upload (or) download activity by the user.
CHALLENGES
SOLUTIONS
BENEFITS
Monitored Systems/Data Sources: Squid proxy logs.
Users: Security Operation Center Team
Product: Splunk Enterprise
Splunk App: Machine Learning Tool Kit
[image] => posts/March2023/7dRwSVXLelMbeWGpIB9O.png [image_alt] => data-transfer-anomalies [slug] => power-distribution-firm-seeks-ml-to-detect-data-transfer-anomalies [meta_description] => Power distribution organisation aims to detect insider threat via suspicious upload/download activity with focus on ML capabilities for anomaly detection. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:23:25 [updated_at] => 2023-05-26 13:22:22 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [1] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 15 [author_id] => 1 [category_id] => 2 [title] => Helping a telecom service provider to remote user monitoring [seo_title] => Helping a telecom service provider to remote user monitoring [excerpt] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [body] =>The Telecom Service Utility has been facing the challenge of monitoring and analyzing the access and authentication activities of its users while they are working remotely. This problem is due to a change in the work model, where employees accessing sensitive data is a big concern and visibility to monitor the user activity has become essential in this work scenario.
CHALLENGES
SECURITY THREAT
Account compromise | Reconnaissance |
Data exfiltration | DDOS attack |
Insider Threat | Brute force |
Command and control | Unauthorized access |
Privilege escalation | Lateral movement |
SOLUTIONS
BENEFITS
Data Sources: FortiGate network logs, Storage application logs, Authentication server logs, and RDS services logs.
Users: CSIRT Team
Product: Splunk Enterprise
[image] => posts/February2023/384iYcj7WZeW1jppTRFS.png [image_alt] => user-monitoring [slug] => helping-a-telecom-service-provider-to-remote-user-monitoring [meta_description] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:36:47 [updated_at] => 2023-04-05 09:14:52 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 15 [author_id] => 1 [category_id] => 2 [title] => Helping a telecom service provider to remote user monitoring [seo_title] => Helping a telecom service provider to remote user monitoring [excerpt] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [body] =>The Telecom Service Utility has been facing the challenge of monitoring and analyzing the access and authentication activities of its users while they are working remotely. This problem is due to a change in the work model, where employees accessing sensitive data is a big concern and visibility to monitor the user activity has become essential in this work scenario.
CHALLENGES
SECURITY THREAT
Account compromise | Reconnaissance |
Data exfiltration | DDOS attack |
Insider Threat | Brute force |
Command and control | Unauthorized access |
Privilege escalation | Lateral movement |
SOLUTIONS
BENEFITS
Data Sources: FortiGate network logs, Storage application logs, Authentication server logs, and RDS services logs.
Users: CSIRT Team
Product: Splunk Enterprise
[image] => posts/February2023/384iYcj7WZeW1jppTRFS.png [image_alt] => user-monitoring [slug] => helping-a-telecom-service-provider-to-remote-user-monitoring [meta_description] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:36:47 [updated_at] => 2023-04-05 09:14:52 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [2] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 23 [author_id] => 1 [category_id] => 2 [title] => Successful completion of Splunk cloud migration for Fintech company [seo_title] => Successful completion of Splunk cloud migration for Fintech company [excerpt] => Splunk cloud migration for fintech company to manage their payment infrastructure. [body] =>The Fintech Company had a remarkable payment infrastructure, but no matter how good the system seemed to be, there were always problems. Despite having the latest and greatest technology available, their systems kept going down, resulting in data loss. The reports and alerts were also delayed, causing a lack of real-time monitoring. The Company collaborated with Positka, a Splunk Cloud partner, to resolve the issue.
Challenges:
Solution:
Benefits:
Users: Information Security Team
Product: Splunk Cloud
[image] => posts/February2023/TtxnDwDvonZtps0vMdt8.png [image_alt] => splunk-cloud-migration [slug] => successful-completion-of-splunk-cloud-migration-for-fintech-company [meta_description] => Splunk cloud migration for fintech company to manage their payment infrastructure [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-28 06:19:11 [updated_at] => 2023-04-06 05:14:51 [tags] => Splunk cloud, Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 23 [author_id] => 1 [category_id] => 2 [title] => Successful completion of Splunk cloud migration for Fintech company [seo_title] => Successful completion of Splunk cloud migration for Fintech company [excerpt] => Splunk cloud migration for fintech company to manage their payment infrastructure. [body] =>The Fintech Company had a remarkable payment infrastructure, but no matter how good the system seemed to be, there were always problems. Despite having the latest and greatest technology available, their systems kept going down, resulting in data loss. The reports and alerts were also delayed, causing a lack of real-time monitoring. The Company collaborated with Positka, a Splunk Cloud partner, to resolve the issue.
Challenges:
Solution:
Benefits:
Users: Information Security Team
Product: Splunk Cloud
[image] => posts/February2023/TtxnDwDvonZtps0vMdt8.png [image_alt] => splunk-cloud-migration [slug] => successful-completion-of-splunk-cloud-migration-for-fintech-company [meta_description] => Splunk cloud migration for fintech company to manage their payment infrastructure [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-28 06:19:11 [updated_at] => 2023-04-06 05:14:51 [tags] => Splunk cloud, Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) ) [escapeWhenCastingToString:protected] => ) 1