- By : Editor
- In : News
- Comments : Comments Off on Stalk Cyberattackers with the Latest Splunk App for Enterprise Security
New Visualizations Significantly Reduce Time to Incident Detection and Response
Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced version 3.0 of the Splunk® App for Enterprise Security, which empowers security professionals to stalk cyberattackers. New visualizations enable advanced threat detection, resulting in a significant reduction in the time to incident discovery and response. The Splunk App for Enterprise Security also includes a new threat intelligence framework, support for new data types, data models and pivot interface.
Threat detection speed and accuracy can be deciding factors in whether an attack becomes a massive data breach or a success story for security teams. In order to know and understand attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events. Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale for even the largest IT environments, in real time. Watch the Splunk App for Enterprise Security demo to learn more about the latest release and the Splunk for Security video to better understand Splunk software’s role in organizations’ security infrastructure.
“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” said Steve Sommer, chief marketing officer, Splunk. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”
“The Splunk App for Enterprise Security provides the flexibility and customization necessary for an incident responder, security professional or SOC to pull the information they need to the surface quickly,” said Adrian Sanabria, senior security analyst, 451 Research. “Researching a security incident is stressful enough – being able to identify threats through a simple point-and-click interface and easily create alerts is essential. The Splunk App for Enterprise Security helps the security professional work incidents and perhaps discover the source of an intrusion in as little time as possible.”
Customers Slash Threat Response Times with Security Solutions from Splunk
IDT Corporation (NYSE: IDT) is a leading telecommunications and payment services provider that is using Splunk Enterprise 6 and the Splunk App for Enterprise Security as the backbone of its security infrastructure.
“Splunk software already helped IDT security teams cut incident response times from minutes to seconds, and the new version of the Splunk App for Enterprise Security will further improve our security posture for internal and external threats,” said Golan Ben-Oni, chief security officer and senior vice president of network architecture, IDT. “One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data. The threat intelligence framework is also a welcome addition, as it will allow us to not only view all of our feeds in one place but also eliminate duplicated information on new threats.”
The Splunk App for Enterprise Security takes full advantage of the features available in Splunk Enterprise 6. New features include:
New Visualizations: Security professionals can visually correlate data to identify anomalous behavior, providing a starting point for security investigations. Once an unusual data pattern for a person, application or system is identified, the analyst is never more than three clicks away from the raw data and can create a notable event for investigation and analysis workflows.
Threat Intelligence Framework: Organizations subscribing to threat intelligence feeds can organize and de-duplicate the data to make it more useful to security teams, instead of just viewing the data like most SIEM products.
Data Models and Pivot Interface: Anyone can create, save or export new, custom visualizations or reports without being an advanced Splunk user or having any knowledge of Splunk’s search processing language (SPL). Splunk Enterprise 6 and the Splunk App for Enterprise Security includes a large catalog of visualizations as a starting point and developers can create custom visualizations using the programming language of their choice with the powerful web framework.
Support for New Data Types and Threat Feeds: All data is security-relevant, and the Splunk App for Enterprise Security supports making decisions quickly with the context of business activity by supporting traditional log data, flow data, packet capture data, industrial control system data, external threat intelligence feeds and other business data that may be in databases.