News

Splunk Wins Top Security Award at 2016 Computerworld Hong Kong Awards

Splunk Enterprise Security Named Best Security Information and Event Management Product

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced that Splunk® Enterprise Security (ES) has been named the inaugural winner for best Security Information and Event Management (SIEM) product at the 2016 Computerworld Hong Kong Awards. The award recognizes software that provides real-time analysis of security alerts from network devices and applications.

“We are honored to be recognized by Computerworld Hong Kong and security professionals as the leader in SIEM,” said Haiyan Song, senior vice president of security markets, Splunk. “This award reflects our commitment to build products that help our customers gain end-to-end visibility into their data. By embracing a scalable and flexible SIEM solution, customers can use Splunk software as a nerve center for security and gain valuable insights through an analytics-driven security platform.”

Splunk solutions help identify threats and alerts in real time, enabling security teams to quickly contain, analyze and recover from threats. In addition to SIEM capabilities, Splunk solutions can be used for a wide range of IT operations use cases that touch security and compliance. These capabilities enable fast time-to-value and a strong ROI.

The Computerworld Hong Kong Awards, now in their 14th year, recognize the territory’s leading technology products, services and providers by giving IT users the opportunity to nominate and vote. For more information and a detailed list of categories and winners, please visit http://archive.cw.com.hk/CWaward/16/.

Splunk Enterprise Selected as CDM Data Integration Solution for 25 Federal Civilian Government Agencies

Splunk Included in Five CDM Phase 1 Task Order Awards

Splunk Inc. (NASDAQ: SPLK), the leading software platform for real-time Operational Intelligence, today announced that Splunk® Enterprise will be used at the 25 largest civilian Departments and Agencies (D/As) covering 97 percent of the federal civilian government workforce. Splunk was included in task order awards 2A-2E under Phase 1 of the Department of Homeland Security (DHS) Continuous Diagnostic and Mitigation (CDM) Program, which is managed on DHS’s behalf by the General Services Administration (GSA) Federal Systems Integration and Management Center (FEDSIM). The integrators that won these awards are Knowledge Consulting Group, Booz Allen Hamilton, Northrop Grumman Corporation, and Hewlett-Packard Enterprise.

“Splunk is thrilled to be a part of the CDM program awards and to see Splunk Enterprise brought in as the core data integration tool to support federal civilian agencies,” said Kevin Davis, vice president of public sector, Splunk. “Federal organizations today are challenged more than ever with protecting their networks and data. The CDM mission is to help agencies navigate this challenge and reinforce cybersecurity defense capabilities. We are pleased to support this Phase 1 effort, and hope to be a part of CDM Phase 2 and Phase 3 awards over the next year.”

“We conducted an exhaustive evaluation of the best combination of technologies and services to meet the Phase 1 goals for DHS,” said Matthew Brown, vice president, cyber security services, Knowledge Consulting Group (now a wholly owned subsidiary of ManTech International Corporation). “As a cybersecurity leader, we immediately saw the value Splunk’s platform would offer to the CDM program. We are excited to work with Splunk to collaboratively support DHS and provide comprehensive, enterprise-wide capabilities to monitor its networks.”

“Government agencies today face an abundance of emerging threats. Our objective for CDM Task Orders 2B and 2D is to provide best-of-breed solutions to help civilian agencies proactively identify and mitigate vulnerabilities,” said Brad Medairy, senior vice president, Strategic Innovation Group, Booz Allen Hamilton. “Splunk Enterprise is an innovative machine data platform that will help improve agencies’ real-time monitoring capabilities and provide insights that would otherwise go unnoticed.”

Splunk Enterprise will help agencies aggregate, correlate, and analyze terabytes of CDM data and enable them to create a Master Device Record (MDR). A MDR compiles the data from an agency’s hardware, software and configuration management, and vulnerability management tools and brings it into a single, holistic view to provide full visibility into network activities and endpoint behaviors. Additionally, Splunk Enterprise will fully integrate endpoint, user behavior, and event management data and provide an enterprise view for leaders to monitor critical networks, systems and assets.

Phase 2 of the CDM program is focused on user privileges and behavior, while Phase 3 will aim to address event management, incident response and boundary protection.

For more information about how the Splunk analytics platform supports the Federal CDM program, read about it on Splunk Blogs and visit the Splunk website to learn more about how Splunk can make a difference to federal civilian agencies.

Splunk Enterprise Security 4.1 and Splunk User Behavior Analytics 2.2 Now Generally Available

New Versions of Splunk Enterprise Security and Splunk User Behavior Analytics Strengthen Analytics-driven Security

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced the general availability of Splunk® Enterprise Security 4.1 (ES) and Splunk User Behavior Analytics 2.2 (UBA). Together, Splunk ES and Splunk UBA provide customers with better machine learning, anomaly detection, context-enhanced correlation and rapid investigation capabilities. By extending user behavior analytics functionality into SIEM, Splunk continues to advance analytics-driven security solutions. Contact Splunk to purchase Splunk ES and Splunk UBA.

“We’re excited about these advanced capabilities that optimize how organizations detect, investigate and respond to threats,” said Haiyan Song, senior vice president of security markets, Splunk. “Customers now gain insights across the entire enterprise and take action more quickly by leveraging the combined power of machine learning, anomaly detection, correlation and ad-hoc investigation in an integrated solution.”

Organizations Can Now Leverage Splunk UBA Machine Learning Throughout the SIEM Workflow

Splunk UBA anomaly, threat and user context data are now available in Splunk ES. This integration includes the ability to:

  • Enhance detection and visibility of malicious attackers and insiders’ activities by combining and correlating behavioral analytics with data from enterprise and security technologies, such as threat intelligence, IPS and DLP.
  • Gain deeper context about anomalies relative to users, devices and applications in Splunk Enterprise and Splunk ES.

Splunk UBA Enhances Insider Threat and Cyberattack Detection Capabilities

Splunk UBA uses unsupervised machine learning and data science to enhance insider threat defense and cyberattack detection. New features and benefits delivered in UBA 2.2 include the ability to:

  • Define how threats are triggered from detected anomalies using the new Threat Detection Framework.
  • Increase data access and physical data loss coverage.
  • Improve precision, prioritization and correlation of threats with new data sources.

Learn more about Splunk UBA on the Splunk website. Splunk UBA can be run standalone or integrated with Splunk ES.

Splunk ES Powers Rapid Investigation of Advanced Threats

Splunk ES uses all machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information to gain organization-wide visibility and security intelligence. New features and benefits of ES 4.1 include the ability to:

  • Ingest Splunk UBA anomaly data with context for correlation against other alerts, feeds and data for more in-depth investigations.
  • Prioritize and speed investigations with risk scores added to the centralized incident review view.
  • Expand threat intelligence through the addition of Splunk Add-on for Facebook ThreatExchange.

Learn more about Splunk ES on the Splunk website. Splunk ES 4.1 requires Splunk Enterprise 6.3 or Splunk Cloud. Splunk ES can be run standalone or integrated with Splunk UBA.

New Splunk Enterprise Drives Down the Cost of Big Data Analytics

Reduces Historical Data Storage Costs Over 40 Percent; Splunk Cloud and Splunk Enterprise Introduce New Interactive Visualizations, Analytics and Cloud Apps

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced the general availability (GA) of Splunk® Enterprise 6.4 and a new Splunk Cloud release. Splunk Enterprise customers can now drive down the cost of big data analytics by reducing the storage costs of historical data by 40 percent to 80 percent whether deployed on-premises or in the cloud. Both Splunk Cloud and Splunk Enterprise include new interactive visualizations and an open library on Splunkbase where customers and partners can develop and share their custom visualizations. Other new features in both platforms include enhanced big data analytics, improved query performance, platform security and management improvements. Additionally, new cloud analytics apps are now available for Akamai Content Delivery Network (CDN) services, Amazon Web Services (AWS) and ServiceNow. Go to the Splunk website to download Splunk Enterprise 6.4 or to sign up for Splunk Cloud.

As more and more organizations collect, analyze and retain data at an astounding rate, storage is increasingly becoming the most expensive aspect of data analytics. Long-term data retention is becoming a critical issue as companies grapple with regulatory compliance, security investigations and the need to better understand long-term business trends.

“Splunk is passionate about making big data analytics more affordable for organizations of every size. Reducing the cost of historical data retention and analysis is a major part of delivering that value to our customers,” said Shay Mowlem, vice president of product marketing and management, Splunk. “Splunk Enterprise customers can now reduce storage costs for historical data by up to 80 percent for on-premises, cloud and hybrid deployments. We are also engineering long-term data archiving functionality into Splunk Cloud, which we expect to deliver later this year.”

“For many organizations, data retention costs are the single biggest factor driving analytics TCO. Splunk Enterprise addresses this problem with the new storage optimizations for historical data,” said Jason Stamper, analyst, 451 Research. “The new visualizations, analysis enhancements and storage cost reductions support Splunk’s vision for cost-effective machine data analytics and platform strategy.”

“We are pleased Splunk is continuing to focus on innovating its platform to provide better visualization options and lower cost of ownership,” said Ed Bailey, enterprise architect, TransUnion. “The previous version of Splunk Enterprise doubled our performance, and now the new storage optimization abilities in Splunk Enterprise 6.4 can significantly lower our storage costs. We have compared costs to other solutions including open source and Splunk has a lower total cost of ownership.”

“We rely on Splunk Enterprise for real-time visibility into key business metrics such as order volume, value and completion rates to provide the smoothest possible customer experience,” said Andre Pietsch, product manager, Otto Group. “The new visualization library and developer framework in Splunk Enterprise 6.4 will make it even easier to create custom visualizations specific to our needs, especially around transaction monitoring. Ultimately, we will be able to make critical business decisions even faster.”

Customers benefit from several features in the new releases:

Lower Cost of Long-term Data Storage (Splunk Enterprise Only)

  • Cut historical data storage costs with Splunk Enterprise by 40-80 percent, whether deployed on-premises, in the cloud or in a hybrid environment.
  • Enables users to selectively optimize the cost/performance of queries on their historical data.

Interactive Visualizations and Enhanced Analytics

  • Leverage portfolio of new pre-built visualizations and a new visualization library on Splunkbase.
  • Easily create or customize visualizations using the new developer framework.
  • Improved query performance and flexible data sampling options.
  • Enhanced predictive analytics: More accurately forecast trends and predict missing values.

Platform Security and Management

  • New views in Splunk management console provide deeper visibility into Splunk system event collection and health.
  • Additional support for web single sign-on for OKTA, Azure Active Directory and Active Directory Federation Services (ADFS).
  • Increase management flexibility and security using delegated administration roles.

Operational Intelligence for Cloud Services

  • Monitor and analyze the real-time performance, availability and security of the Akamai CDN service with the Splunk App for Akamai.
  • Ensure security, efficiency and cost management of an AWS environment with the new version of the Splunk App for AWS.
  • Track incidents, changes and event management processes in ServiceNow with the updated Splunk App for ServiceNow.

Splunk Security Solutions Take Top Awards at 2016 SC Magazine Awards

Splunk Enterprise Security Wins Best SIEM Solution and Splunk Enterprise Named Best Fraud Prevention Solution

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced Splunk® Enterprise Security (ES) has been recognized as the Best SIEM Solution at the 2016 SC Magazine Awards. Splunk Enterprise has also been named the Best Fraud Prevention Solution. This is the fifth consecutive year Splunk solutions have been honored by the U.S. SC Magazine Awards. Learn more about Splunk Enterprise and Splunk ES on the Splunk website.

“We are honored that SC Magazine has again recognized Splunk as a leader in the security industry. These awards reflect our commitment to build products that help our customers stay ahead of advanced security threats in a rapidly evolving landscape,” said Haiyan Song, senior vice president of security markets, Splunk. “Today’s cyberthreats are dynamic and attackers are constantly finding new ways to bypass even the top security systems. The key to combating fraud, theft and abuse detection, while keeping an eye on your security defense, lies within analytics-driven security. This is why so many organizations rely on Splunk security solutions.”

Enterprises require big data security solutions that can adapt to advanced threats and changing business demands. Simple monitoring of traditional security events is no longer enough. Splunk security solutions help organizations stay ahead of external attacks, malicious insiders and costly fraud demands by providing fast incident response and the ability to detect and respond to known, unknown and advanced threats. Additionally, Splunk ES goes beyond traditional SIEMs by arming security teams with deep investigative and rapid response capabilities, enabling them to quickly detect and respond to internal and external attacks. The newest version of Splunk ES further advances analytics-driven security solutions by extending behavior analytics into SIEM and enabling organizations to leverage Splunk User Behavior Analytics within Splunk ES.

Splunk ES won the Excellence Award for Best SIEM. The Excellence Awards honor the best the IT security industry has to offer. Splunk Enterprise won the Trust Award for Best Fraud Prevention Solution. The Trust Awards represent the voice of the people who use the solutions and honor security vendors’ dedication to improving the IT security industry.

“The Trust Award category is one of the most highly anticipated designations at the SC Awards ceremony because it represents the voice of the people who are really using the products. Splunk Enterprise was chosen as the Best Fraud Prevention Solution winner for its ability to meet and exceed the needs of its customers,” said Illena Armstrong, VP, editorial, SC Magazine. “As a winner in the Excellence Award category, Splunk proved its ability to execute comprehensive security measures to help protect the enterprise from data-stealing attacks.”

The SC Awards, now in its 19th year, are recognized throughout the security industry as the gold standard of excellence in cybersecurity. With the awards, SC Magazine recognizes the achievements of security professionals in the field, the innovations happening in the vendor and service provider communities, and the vigilant work of government, commercial and nonprofit entities. Vendors and service providers which offer a product and/or service for the commercial, government, educational, nonprofit or other industries are eligible for the Trust Award category in the SC Awards. For more information and a detailed list of categories and winners, please visit www.scmagazine.com/awards.

Splunk Named Worldwide IT Operations Analytics Software Market Share Leader in New Report

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced it has been named the worldwide IT Operations Analytics (ITOA) software market share leader for 2014 in a new report by IDC, a leading provider of global IT research and advice. The IDC report* states Splunk® software and cloud services claimed the top market share with 28.7 percent. This is IDC’s first study of vendor revenues and market shares in the emerging ITOA software market, which is experiencing rapid growth.

According to the IDC report authored by Tim Grieser and Mary Johnston Turner: “The company achieved rapid growth driven by expansion in log management and analysis capabilities delivered via its software and cloud service. The number of data sources and use cases continued to expand along with increases in customer data volumes, driving increased adoption. Splunk has invested in solutions for Hadoop, mobile, real-time wire, security and cloud, among other data sources.” Additionally, “Splunk supports pre-packaged content and visualization for a variety of analytics use cases including IT operations, APM, mobile and IoT. This is making Splunk-based analytics available to an increasing variety of IT and business users.”

“Splunk helped pioneer the ITOA market and we look forward to accelerating our ITOA leadership with the introduction of our newest solution — Splunk IT Service Intelligence,” said Rick Fitz, senior vice president of IT markets, Splunk. “IDC’s report validates our analytics-driven approach to address complex customer requirements across the enterprise. With IT Service Intelligence, Splunk Enterprise and Splunk Cloud, IT and business users can realize the value Splunk analytics can deliver from machine data that legacy solutions were not designed to handle.”

Splunk Enterprise and Splunk Cloud enable organizations to consolidate silos of machine data and use analytics to improve IT service health, reduce costs, resolve problems faster and drive critical business decisions. Splunk IT Service Intelligence (ITSI), an IT monitoring and analytics solution, provides new levels of visibility into key performance indicators of IT services. Splunk ITSI utilizes advanced analytics powered by machine learning to highlight anomalies, provide predictive insights, detect root causes and pinpoint areas of impact.

Visit the Splunk website to learn how Vodafone’s operations team uses analytics from Splunk ITSI to gain real-time insights in the Vodafone case study, and to learn more about IT Operations Analytics with Splunk Enterprise and Splunk Cloud.

* Worldwide IT Operations Analytics Software Market Shares, 2014: Special Report (doc #US40619915, November 2015)

Splunk Achieves ISO 27001 Certification for Splunk Cloud

Customers Continue to Win as Splunk Cloud Release Strategy Focuses on Agile, Cloud-First Releases

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced it has achieved the International Organization for Standardization’s information security standard 27001 (ISO 27001) certification for Splunk® Cloud. The ISO/IEC 27001:2013 certification is an international standard that formally outlines requirements for an information security management system (ISMS) to help protect and secure organizations’ data. The certification is in addition to Splunk Cloud’s SOC2 Type II attestation and provides additional third-party validation of the security practices and procedures of Splunk Cloud. Splunk Cloud’s certifications for SOC2 Type II and ISO/IEC 27001:2013 currently apply to Splunk Cloud environments provisioned for data ingested over 20GB/day.

“Stringent data security and data integrity are fundamental design principles of Splunk Cloud,” said Marc Olesen, senior vice president and general manager of cloud solutions, Splunk. “Achievement of ISO 27001 certification is a result of our focus on information security management, compliance with international standards and delivery of an easy-to-use cloud service that helps customers worldwide quickly gain value with full confidence.”

Splunk Cloud Driving Customer Value

Splunk’s investment in building easy-to-use cloud services continues to drive significant value to customers on a journey to the cloud. Splunk’s cloud-first product release strategy enables rapid delivery of new features and increased functionality to Splunk Cloud customers. The latest cloud release includes increased security controls and enhancements to the HTTP Event Collector to give organizations expanded ability to collect cloud data sources. Customers can deploy Splunk Cloud alongside Splunk Enterprise for a single, centralized view across their machine data.

“From day one, Splunk Cloud has given us actionable, data-driven intelligence, and Splunk’s cloud-first release process ensures we always have the leading-edge cloud-based SIEM solution,” said George Do, CISO, Equinix. “With Splunk Enterprise Security in the cloud, we are getting comprehensive SIEM functionality, the economics and simplicity of software as a service, and outstanding availability and security. As a result, we are able to reduce roughly 20 billion raw events into about 20 actionable alerts per month and investigate security incidents 30 percent faster – all while realizing a 50 percent TCO savings compared to legacy SIEM solutions.”

Splunk Cloud Customers span a wide range of verticals, geographies and company sizes, and gain value across a diverse range of use cases including security, IT operations, fraud, business analytics and the Internet of Things.

Splunk Enterprise Security 4.0, Splunk UBA and the Splunk App for PCI Compliance 3.0 Now Generally Available

Splunk Enterprise Security and Splunk UBA Are a Leap Forward in Detecting and Responding Throughout the Lifecycle of Security Attacks

Splunk Inc, provider of the leading software platform for real-time Operational Intelligence, today announced the general availability of Splunk Enterprise Security 4.0 (ES), Splunk User Behavior Analytics (UBA) and the Splunk App for PCI Compliance 3.0. Splunk® ES includes major updates to help organizations track attackers’ actions with streamlined ad hoc analyses and event sequencing. Splunk UBA delivers out-of-the-box capabilities driven by machine learning and advanced analytics to help detect cyberattacks and insider threats. The Splunk App for PCI Compliance helps organizations verify their compliance to the Payment Card Industry Data Security Standards (PCI DSS).

“Splunk is the nerve center for security, enabling our customers to detect, understand and take rapid, coordinated action across the organization,” said Haiyan Song, senior vice president of security markets, Splunk. “Splunk Enterprise Security lets analysts visually correlate events over time and better communicate details of multi-stage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders. Together, they create a powerful defense that is further strengthened by hundreds of security apps available to Splunk customers on Splunkbase.”

Splunk ES Helps Organizations Detect, Scope and Respond to Advanced Attacks

Splunk ES 4.0 tackles multi-stage attacks with improved breach detection and response as well as improved collaboration through an extensible analytics framework. New features and benefits include:

– Investigator Journal keeps track of ad hoc searches and activities to streamline analysis of multi-stage attacks associated with breach detection and response.
– Investigator Timeline allows individual analysts to place any event, activity or annotation within a visual timeline to better understand and communicate the cause and effect of events and the details of advanced multi-stage attacks.
– Investigator Timeline also allows different security team members to place events, actions and annotations onto the visual timeline to share their analysis and understanding of the scenario to collaboratively investigate incidents, problems and breaches.
– Enterprise Security Framework allows customers, vendors and third parties to create, access and extend ES functionality with their own apps that can run within ES and utilize features such as the alert management, risk scoring, threat intelligence, and identity and asset frameworks.

Learn more about Splunk ES 4.0 on the Splunk website. Splunk ES 4.0 requires Splunk Cloud or Splunk Enterprise version 6.3.x.

Splunk UBA Adds a New Layer of Defense

Splunk UBA uses unsupervised machine learning, multi-entity behavior baselines, peer group analytics and advanced correlations to improve detection of cyber-attacks and insider threats. Benefits include:

– Helps detect anomalous behavior by users, devices and other entities within the enterprise, and then discover and combine patterns of anomalies into specific, actionable threats.
– Increases security analysts’ effectiveness by helping them to focus upon meaningful threats and malicious activities using kill chain visualizations.
– Operationalizes security through integration with the larger family of Splunk products, including rapid analysis of data from Splunk Enterprise and automatic creation of alerts in Splunk ES 4.0 for easy to manage incident response.

Learn more about Splunk UBA on the Splunk website.

Splunk App for PCI Compliance Measures the Effectiveness of PCI

Splunk App for PCI Compliance 3.0 is designed to help organizations verify their PCI compliance posture by reviewing and measuring the effectiveness and status of their technical controls. It can also identify and prioritize any control areas that need attention and lets organizations quickly address auditor requirements. Features include:

– New reports and searches covering the PCI DSS 3.1 standard.
– Updated user interface and additional technology add-ons.
– Built on the Enterprise Security Framework to take advantage of the alert management, risk scoring, threat intelligence, and identity and asset frameworks.

Learn more about the Splunk App for PCI Compliance on Splunkbase.

New Splunk App for AWS Announced at AWS re:Invent 2015

Splunk and FINRA to Present How Organizations Gain End-to-End Visibility in Large-Scale AWS Environments

AWS re:Invent 2015 and SAN FRANCISCO – October 6, 2015 – Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced the new release of the Splunk App for AWS at AWS re:Invent 2015. The new version of the app transforms AWS CloudTrail, AWS Config, Amazon CloudWatch, and now Amazon Virtual Private Cloud (Amazon VPC) Flow Logs into easy-to-use dashboards that provide comprehensive security, compliance and operational insights into Amazon Web Services (AWS) environments.

“The new Splunk® App for AWS provides leading enterprises with additional visibility and security as they move mission critical workloads to the cloud with confidence,” said Marc Olesen, senior vice president of cloud solutions, Splunk. “As they efficiently and productively deploy and manage AWS environments, enterprises benefit from end-to-end visibility and the ability to monitor user activity, resource changes, topology and network traffic flows. We are excited to show organizations how this can be done with Splunk cloud solutions at AWS re:Invent 2015.”

“Splunk is an excellent example of a company that leverages rapid, continuous innovation to the benefit of AWS customers,” said Terry Wise, vice president of channels and alliances, Amazon Web Services. “With the Splunk App for AWS, customers can further simplify their operational and security intelligence by centralizing their machine data into easy-to-use dashboards.”

“The Splunk App for AWS succeeded in providing us an effortless click through experience in configuring and monitoring all our AWS logs. Using the Splunk App for AWS we are able to visualize and represent our data in a way that makes sense to developers, system administrators and security professionals in one easy to manage interface. The new VPC Flow logging is an exciting and new added bonus that finally gives us insight into intra-VPC and inter-VPC traffic patterns,” said Nathan J Gibson, product privacy and security lead, ADT.

New Splunk Security Solutions Advance as the Nerve Center for Security

Splunk Takes Organizations’ Security Posture to the Next Level with Splunk Enterprise Security 4.0 and Splunk User Behavior Analytics

Splunk Inc, provider of the leading software platform for real-time Operational Intelligence, today announced a leap forward in detecting and responding across the entire lifecycle of modern security attacks. Splunk® Enterprise Security 4.0, formerly named the Splunk App for Enterprise Security, includes major updates to help organizations track attackers’ steps through streamlined ad hoc analyses and event sequencing. Splunk is also announcing Splunk User Behavior Analytics (UBA), a new solution developed from the acquisition of Caspida, Inc. Splunk UBA delivers out-of-the-box capabilities driven by machine learning and advanced analytics to detect cyberattacks and insider threats. Splunk Enterprise Security 4.0 and Splunk UBA will be generally available by October 31, 2015.

“When critical networks are under assault, every second counts. Splunk security solutions give an edge to security teams by improving attack and breach detection and incident response,” said Haiyan Song, senior vice president of security markets, Splunk. “Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilize their data to detect, understand and take rapid, coordinated action across the organization. Splunk Enterprise Security lets analysts visually correlate events over time and communicate details of multi-stage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders – advanced attackers including malicious insiders.”

“Splunk is the trailblazer in security analytics and is continuing its path of innovation with Splunk Enterprise Security and Splunk UBA,” said Robert Herjavec, Founder and CEO, Herjavec Group. “Splunk solutions continue to help us protect our clients from rapidly changing attack techniques. Splunk Enterprise Security 4.0 represents another significant step in how we help our clients tackle multi-stage attacks while Splunk UBA promises to illuminate anomalies using disparate machine data to defend against the most dangerous breaches, those responsible for most of the headlines.”

”Splunk continues to address analytics-driven security through product developments and strategic acquisitions,” said Scott Crawford, research director, 451 Research. “Splunk Enterprise Security is designed to help practitioners conduct more efficient investigations and provides a new open framework that further supports a growing ecosystem of partners. Splunk User Behavior Analytics extends threat detection for customers through data science and machine learning.”

Splunk Enterprise Security Helps Organizations to Detect, Scope and Respond to Advanced Attacks

Splunk Enterprise Security 4.0 (ES) tackles multi-stage attacks with improved breach detection and response as well as improved collaboration through an extensible analytics framework. New features and benefits include:

– Investigator Journal keeps track of ad hoc searches and activities to streamline analysis of multi-stage attacks associated with breach detection and response.
– Investigator Timeline allows individual analysts to place any event, activity or annotation within an investigation timeline to better understand, visualize and communicate the cause-and-effect of events and the details of advanced multi-stage attacks. For example, users could apply the kill chain within the timeline during investigations.
– Investigator Timeline also allows different security team members to place events, actions and annotations into the timeline to share their perspective of the scenario to collaboratively investigate incidents, problems and breaches.
– Enterprise Security Framework allows customers, vendors and third parties to create, access and extend ES functionality with apps that can run within ES and access functionality such as the alert management, risk, threat intelligence, and the identity and asset frameworks.

Splunk Enterprise Security 4.0 requires Splunk Cloud or version 6.3 of Splunk Enterprise.

Splunk UBA Adds a New Layer of Cyber Defense

Building upon technology recently acquired with Splunk’s purchase of Caspida, Inc., Splunk UBA uses machine learning, behavior baseline, peer group analytics and advanced correlations to improve breach detection. Benefits include:

– Improve detection of cyberattacks and insider threats.
– Increase security analysts’ effectiveness by helping them to focus upon meaningful threats with malicious activities using a kill chain visualization.
– Operationalize security by rapidly getting data into Splunk UBA and streamlining incident response by leveraging the proven power of Splunk solutions.

Go to the Splunk website to learn more about Splunk UBA.