Splunk Expands Security Offerings with Analytics, Monitoring
Splunk has expanded its solutions for real-time operational intelligence with a new behavior analytics offering and new functionality for its enterprise software that provides more visibility into the movement of attackers on a network, the company said.
September 30, 2015
Splunk has expanded its solutions for real-time operational intelligence with a new behavior analytics offering and new functionality for its enterprise software that provides more visibility into the movement of attackers on a network, the company said.
The former is a new product, Splunk User Behavior Analytics (UBA), that the company developed from its acquisition in July of Caspida. UBA provides machine learning and analytics to detect cyberattacks and insider threats on a network, according to Splunk. It is slated to be available at the end of October.
The latter is new capability in Splunk Enterprise Security 4.0 (formerly called the Splunk App for Enterprise Security) aimed at defending against multistage attacks, the company said. It does this through improved breach detection and response as well as an analytics framework that can be extended with third-party apps.
Splunk’s solutions provide real-time knowledge into attacks as they’re happening, giving enterprise security teams the ability to respond quickly to attacks and breaches, said Haiyan Song, senior vice president of Security Markets at Splunk, in a press release. The new offerings improve this type of visibility and intelligence to defend against even the most insidious and more sophisticated attacks, he said.
“Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilize their data to detect, understand and take rapid, coordinated action across the organization,” Song said. “Splunk Enterprise Security lets analysts visually correlate events over time and communicate details of multistage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders—advanced attackers including malicious insiders.”
Specifically, Splunk UBA uses machine learning, behavior baseline, peer group analytics and advanced correlations to improve breach detection, according to Splunk. Benefits include improved detection of cyberattacks and insider threats and an increase in the effectiveness of security analysts by helping them drill down their security focus on the most meaningful threats and malicious activities on the network, the company said.
New features in Splunk Enterprise Security 4.0 include functions called Investigator Journal and Investigator Timeline. The former keeps track of ad hoc searches and activities to streamline the analysis of multistage attacks associated with breach detection and response. The latter allows individual analysts to place any event, activity or annotation within an investigation timeline that helps analysts better understand, visualize and communicate events and the details of advanced multistage attacks with other analysts, the company said.
The product also includes an Enterprise Security Framework that can be extended through third-party applications that run within the framework and access functionality such as alert management, risk, threat intelligence, and identity and asset frameworks.
To use Splunk Enterprise Security 4.0, companies must already use Splunk Cloud or version 6.3 of Splunk Enterprise. Companies can try Splunk solutions for free through the company’s trial program.
About the Author
You May Also Like