News

Splunk Introduces Splunk Enterprise 6.1

New Version Delivers Mission-critical Operational Intelligence to the Global Enterprise

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced the general availability of Splunk® Enterprise 6.1, the latest version of the award-winning platform for machine data available as software or as a cloud service. Splunk Enterprise 6.1 delivers enhanced interactive analytics, continuous availability of mission-critical machine data and extends operational intelligence to every user in the organization. Watch the Splunk Enterprise video to learn more about what’s new and download Splunk Enterprise 6.1 today.

“Splunk Enterprise 6.1 adds important new capabilities for supporting high availability of mission-critical machine data analytics, embedding operational insights into other business applications and enabling powerful interactive data visualization and exploration,” said Guido Schroeder, senior vice president of products, Splunk. “Splunk’s clustering supports deployments that span multiple sites, an important requirement for globally operating enterprises, and we have further expanded our interactive visualization and information delivery features to provide machine data insights to broader audiences.”

“Delivering world class IT services and responding to the needs of the business requires putting the right data in the right hands at the right time. Whether it’s serving as an IT first responder or the CIO, Splunk Enterprise 6.1 looks to accomplish this feat with a wide variety of new capabilities,” said Michael Coté, research director of Infrastructure Software, 451 Research. “Splunk is aiming high with the new release delivering resiliency with multi-site clustering, enabling access to mainframe data, more contextual alerting mechanisms and embeddable reports into business apps like Salesforce and Microsoft® SharePoint.”

Key features and updates in Splunk Enterprise 6.1 include:

Enabling the Mission-critical Enterprise

Multi-site Clustering: Delivers continuous availability for Splunk Enterprise deployments that span multiple sites, countries or continents by replicating raw and indexed data in a clustered configuration.

Search Affinity: Provides a performance increase when using multi-site clustering by routing search and analytics requests to the nearest cluster, increasing performance and decreasing network usage.

zLinux Forwarder: Allows for application and platform data from IBM mainframes to be easily collected and indexed by Splunk Enterprise.

Data Preview with Structured Inputs: Enables previewing of massive data files to verify alignment of fields and headers before indexing to improve data quality and the time it takes to discover critical insights.

Embedding Operational Intelligence

Embedded Reports: Enable any Splunk report or table to be embedded in third-party business applications such as salesforce.com, WordPress, Wiki, Microsoft® SharePoint and more.

Custom Alerts: Deliver alerts with embedded machine data context, thereby reducing mean-time-to-resolution (MTTR) and providing the ability to customize alert templates.

Delivering Enhanced Interactive Analytics

Enhanced Dashboard Editor: Build advanced dashboards through the UI and without requiring advanced XML coding.

Chart Overlay: Improves data analysis by providing the ability to overlay one chart on top of another.

Contextual Drilldown: Enables more detailed insights when clicking on a dashboard panel without leaving the context of the dashboard itself.

Pan-and-Zoom Controls: Enables more focused analytics by enabling a range of interest on a chart and zoom in for deeper analysis.

Customers Depend on Splunk Enterprise

Splunk customers praise multi-site clustering, custom alerts and the enhanced analytics features as key developments in Splunk Enterprise 6.1:

“Splunk once again delivered meaningful updates to the platform we rely upon for the data analytics and operational intelligence of our business,” said Nick Hills, vice president of technology, Cognia, provider of communications capture, storage and analytics solutions for global enterprises and services providers. “We generate a lot of alerts and often direct them outside of our environment to partners such as mobile operators. Being able to add better explanation and detail delivers a huge benefit to our business and customers. Multisite clustering is also a game changer for us. We not only gain a stronger compliance posture through replicated data copies but also can now make analytics run in any geography through secondary sites.”

“Splunk Enterprise 6.1, through multi-site clustering, provides a way for us to meet one of the most important objectives at Middlesex Hospital. It helps us protect and meet the needs of our patients by keeping the hospital’s critical systems running even in the event of a single-site outage,” said Ant Lefebvre, senior systems engineer, Middlesex Hospital, one of the top 100 hospitals in the U.S. “Additionally, the new enhanced productivity features provide access to a greater number of hospital users that benefit from critical insights found in machine data. With the new, targeted email alerts, for instance, we can filter out unnecessary or misdirected system-generated emails. This filters out the ’email noise’ and only generates alerts that should be acted upon.”

Splunk App for VMware® Delivers Insights Beyond Virtualization

New Features Bring Comprehensive Operational Visibility Across Multiple Technology Tiers

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced the general availability of version 3.1 of the Splunk® App for VMware, which provides comprehensive operational visibility into virtualized environments. This release delivers significant new features, including 200 out-of-the-box reports, the ability to instantly identify outliers for real-time triage and built-in correlation into storage systems including a direct drill down into data from NetApp Data ONTAP. Contact Splunk to get a 60-day free trial of version 3.1 of the Splunk App for VMware today.

“Enterprise clouds based on VMware are transforming traditional data centers and driving the need for operational visibility across all infrastructure and application tiers,” said Leena Joshi, senior director of infrastructure operations marketing, Splunk. “The latest version of the Splunk App for VMware pre-packages correlations across virtualization and storage tiers to help organizations tackle the hardest operational problems. We are excited to play such a critical role in simplifying the way datacenter operations personnel gain real-time and historical insights into the virtualization layer, with the full context of application and infrastructure performance, health, capacity and security.”

“RMS has been using Splunk Enterprise and the Splunk App for VMware since its earliest days; Splunk has been integral to the success of our core business platform, RMS(one),” said James Lord, senior manager of cloud operational intelligence and monitoring, RMS, a leading provider of software, services, and expertise for the quantification and management of catastrophe risk. “Splunk software has proven itself invaluable by helping us quantify customer demand, right-size our environment and troubleshoot any issues in real time. Not only are we able to adapt reports in the Splunk App for VMware for in-depth analytics, but we are also able to correlate data across diverse applications and operating systems for a unified view of our infrastructure and service.”

“Virtualized environments introduce visibility gaps that often leave administrators combing through multiple tiers of the infrastructure to solve the most basic of issues,” said Torsten Volk, research director, Systems Management, Enterprise Management Associates. “Some of the most valuable insights are gained when virtualization administrators pair real-time monitoring with cross-tier analytics to support root cause discovery and other operational analytics such as capacity management, forecasting and anomaly detection. By extending its correlation capabilities to include drill-down into the storage tier and adding new topology visualizations to expose outliers, the Splunk App for VMware addresses a growing demand for integrated insights across diverse technology tiers.”

Watch the Splunk App for VMware video to learn more about the impact the app can make on your business and operations. Features of version 3.1 of the Splunk App for VMware include:

Operational Performance Insights: Visualize the operational health of the VMware environment with more than 200 out-of-the-box, customizable reports; identify underperforming/distressed hosts, virtual machines (VMs) and data stores in real time.

Advanced Mapping Visualizations: Access interactive, visual maps of your virtual environment, highlighting problems and statistical comparisons based on predefined, customizable thresholds. Immediately identify outliers that fall outside the normal distribution on a statistical map of your VMware environment.

NetApp and Storage Correlations: Accelerate troubleshooting, optimize capacity and streamline workloads with out-of-the-box correlation between VMware virtualization layer and storage systems, including direct drill down into data from NetApp Data ONTAP storage for in-depth investigation.

End-to-End Visibility: Correlate data from virtual infrastructure with data from applications, operating systems, hardware and networks to gain operational intelligence across all technology tiers.

Advanced Analytics: Forecast future resource CPU, memory and disk requirements on VMware VCenter, ESXi hosts and VMs using various predictive algorithms; gain visibility into potential security breaches and non-compliant usage patterns; explore unique errors and exceptions; track changes with visibility into vCenter tasks.

New Report Identifies Untapped Opportunity in Operational Intelligence for 4 in 5 Businesses

Quocirca Outlines Potential of Machine Data; Launches First Operational Intelligence Maturity Index

Splunk Inc., provider of the leading software platform for real-time operational intelligence, today announced the publication of Masters of Machines, a new report from analyst firm Quocirca. The report reveals that 82% of European businesses believe they could benefit from the use of operational intelligence by collecting, storing and analyzing real-time and historical machine data to gain insights that would not otherwise be available.

The report also launches the first Operational Intelligence Maturity Index, which gives businesses a rating from 0 to 3 based on their ability to: search and investigate; proactively monitor; provide operational visibility; and deliver real-time business insights from big data. Overall, European companies scored an average of 1.92 – between poor and some capability – indicating that although they recognise the potential of machine data, in practice they have not yet fully harnessed operational intelligence.

“True operational intelligence uses the data generated by machines to access, tune and improve IT and business processes, identify security threats, highlight performance issues and spot emerging customer trends,” said Bob Tarzey, analyst, Quocirca. “Those companies who will gain the most value are those that start using machine data – everything from customer clickstreams and transaction records to logs and feeds from applications, servers, network activity and sensors – to enable practical business decision making. Making sure the right technologies are in place for better data capture and improved analysis of large volumes of machine data is essential to achieve this.”

In addition, the report finds 83% of organizations admit that they would like to improve, or aren’t currently getting, real-time business insight from their machine data.

Within European businesses, it is IT managers that have the best view of operational intelligence with over half (56%) having a comprehensive view.

This compares to just 35% of board level executives, 28% of marketing managers and 27% of product managers who respondents believed have a comprehensive view of operational intelligence.

“Advanced IT departments are accustomed to using insights from machine data to streamline processes and resolve issues, and successful security teams also regularly analyse IT data to identify potential threats,” said James Murray, vice president and general manager of EMEA, Splunk, “The real breakthrough comes when organisations use the operational data already being viewed by IT and security to provide wider business insights in real-time, ultimately aiding better decisions.”

When it comes to operational intelligence maturity, industries are ranked in the following order:

Telecoms – 2.23
Finance – 1.98
Retail, transport and distribution – 1.92
Gaming 1.91
Other commercial – 1.90
Manufacturing – 1.82

Telecoms and finance stand out because they are more ‘transactive’ than other industries, with 111,000 and 66,000 IT-driven transactions per day respectively generating considerable machine data, compared to an average volume of 40,445.

New Report Identifies Untapped Opportunity in Operational Intelligence for 4 in 5 Businesses

Quocirca Outlines Potential of Machine Data; Launches First Operational Intelligence Maturity Index

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced the publication of Masters of Machines, a new report from analyst firm Quocirca. The report reveals that 82% of European businesses believe they could benefit from the use of operational intelligence by collecting, storing and analyzing real-time and historical machine data to gain insights that would not otherwise be available.

The report also launches the first Operational Intelligence Maturity Index, which gives businesses a rating from 0 to 3 based on their ability to: search and investigate; proactively monitor; provide operational visibility; and deliver real-time business insights from big data. Overall, European companies scored an average of 1.92 – between poor and some capability – indicating that although they recognise the potential of machine data, in practice they have not yet fully harnessed operational intelligence.

“True operational intelligence uses the data generated by machines to access, tune and improve IT and business processes, identify security threats, highlight performance issues and spot emerging customer trends,” said Bob Tarzey, analyst, Quocirca. “Those companies who will gain the most value are those that start using machine data – everything from customer clickstreams and transaction records to logs and feeds from applications, servers, network activity and sensors – to enable practical business decision making. Making sure the right technologies are in place for better data capture and improved analysis of large volumes of machine data is essential to achieve this.”

In addition, the report finds:

83% of organizations admit that they would like to improve, or aren’t currently getting, real-time business insight from their machine data.

Within European businesses, it is IT managers that have the best view of operational intelligence with over half (56%) having a comprehensive view.

This compares to just 35% of board level executives, 28% of marketing managers and 27% of product managers who respondents believed have a comprehensive view of operational intelligence.

“Advanced IT departments are accustomed to using insights from machine data to streamline processes and resolve issues, and successful security teams also regularly analyse IT data to identify potential threats,” said James Murray, vice president and general manager of EMEA, Splunk, “The real breakthrough comes when organisations use the operational data already being viewed by IT and security to provide wider business insights in real-time, ultimately aiding better decisions.”

When it comes to operational intelligence maturity, industries are ranked in the following order:
Telecoms – 2.23
Finance – 1.98
Retail, transport and distribution – 1.92
Gaming 1.91
Other commercial – 1.90
Manufacturing – 1.82

Telecoms and finance stand out because they are more ‘transactive’ than other industries, with 111,000 and 66,000 IT-driven transactions per day respectively generating considerable machine data, compared to an average volume of 40,445.

Splunk Enterprise 6 Wins Best Cloud Management Award at UK Cloud Awards

Award-winning Platform for Machine Data Recognized for Unique Ability to Analyze Massive Volumes of Data

Splunk Inc., the leading software platform for real-time operational intelligence, today announced that Splunk® Enterprise 6 has won the Best Cloud Management Product award at the inaugural UK Cloud Awards. Splunk software helps customers to deliver powerful operational insights from the cloud and gives a single-pane-of-glass view across on-premises and public, private or hybrid cloud deployments to proactively troubleshoot, monitor cloud health and resolve problems.

“Splunk Enterprise enables us to see behavior across our new AWS cloud platform with far greater insight,” said Peter Raymond, solution architect, UCAS, an online university and college application service provider. “We can monitor response times, and often drill down to specific users. That means we can be more proactive in spotting faults before they occur. We use a range of analytics tools, but none of those tools give access to logged data. That’s what differentiates Splunk. There is a gold mine of data in the logs and Splunk helps us get to it.”

“We’re incredibly proud to be helping UCAS deliver a reliable cloud-based service to students as they find out if all their hard work has paid off,” said James Murray, vice president and general manager of EMEA, Splunk. “Many of our customers are heavily investing in cloud migration and Splunk Enterprise, together with our apps for AWS and Microsoft Azure, is an integral part of this strategy. Splunk software can provide the necessary visibility into operational status, security postures and customer analytics in cloud-based environments. We would like to thank Cloud Pro, The Cloud Industry Forum and techUk for recognizing the value we deliver for cloud-based deployments.”

The UK Cloud Awards, run by Cloud Pro in association with The Cloud Industry Forum and techUk, recognize the best of the cloud industry. The Best Cloud Management Product award celebrates products that give effective demonstrable control and reporting of cloud workloads. Unlike most cloud management tools, Splunk Enterprise 6 was acknowledged for its unique ability to monitor and analyze huge volumes of machine data, regardless of where it is deployed. By combining cloud data from solutions such as AWS and Azure and virtualization information with the Splunk App for VMware, organizations can gain a holistic view of hybrid cloud operations.
Go to the Splunk website to read the full UCAS case study.
Register now for .conf2014, the 5th Annual Splunk Worldwide Users’ Conference, featuring more than 130 sessions by 4,000 plus Splunk customers, partners, experts and employees. .conf2014 is being held October 6-October 9 at MGM Grand in Las Vegas.

SC Magazine Honors Splunk Enterprise As 2014 Winner of Best Enterprise Security Solution

Splunk Inc., provider of the leading software platform for real-time operational intelligence, today announced Splunk® Enterprise has been selected as the Best Enterprise Security Solution in SC Magazine’s 2014 Excellence Awards in the U.S. This marks the second consecutive year that Splunk has received recognition from SC Magazine – with Splunk Enterprise being honored in 2013 as SC Magazine’s Best Security Solution in Europe and SC Magazine’s Best SIEM in the U.S. This latest announcement was made February 25, 2014 at the SC Awards ceremony held in conjunction with the annual RSA Conference in San Francisco.

“SC Magazine’s expert panel of judges have a strong understanding of today’s most malicious and complex cybersecurity threats, and the solutions required to defeat them. We’re honored to be selected by such a prestigious organization of IT security professionals,” said Haiyan Song, vice president of security markets, Splunk. “Through close collaboration with our customers and a strong investment in R&D, we are committed to ensuring Splunk continuously provides our customers with an agile solution that helps enable them to improve their security posture and protect their confidential data.”

“The annual Excellence Awards is one of the most highly anticipated at the SC Awards ceremony because it represents the leading innovators in today’s evolving security market,” said Illena Armstrong, VP, editorial, SC Magazine. “Splunk can be very proud of this achievement and what it represents.”

The annual SC Awards program, now in its 17th year, is recognized as the most prestigious mark of achievement for information technology (IT) security professionals and products. It showcases the best solutions, services and professionals working to fend off the myriad security threats in today’s corporate world. SC Magazine distinguishes the achievements of the security professionals in the field, the innovations happening in the vendor and service provider communities, and the dedicated work of government, commercial and nonprofits. For more information and a detailed list of categories and winners, please visit www.scmagazineus.com/awards.

Go to the Splunk website to learn more about why more than 2,800 organizations use Splunk Enterprise as a big data security intelligence platform for real-time detection and alerting of known and unknown threats, incident investigation and response, forensics, security and compliance reporting, fraud detection, centralized log management, and more.

Register now for .conf2014, the 5th Annual Splunk Worldwide Users’ Conference, featuring more than 130 sessions by 4,000 plus Splunk customers, partners, experts and employees. .conf2014 is being held October 6-October 9 at MGM Grand in Las Vegas.

Tableau and Splunk Announce Strategic Technology Alliance

Jointly developed integration brings together the power of visual analytics and real-time machine data

Splunk Inc., provider of the leading software platform for real-time operational intelligence, and Tableau Software (NYSE: DATA), a global leader in rapid-fire, easy-to-use business analytics software, today announced a strategic alliance to leverage the power of advanced visual analytics and real-time machine data. As part of a joint technology investment, the latest version of Tableau software includes Splunk® Enterprise as a native data source using Splunk’s recently launched ODBC driver.

“Tableau is the most widely recognized provider of visual analytics software,” said Guido Schroeder, senior vice president of products, Splunk. “Our alliance with Tableau extends the value that Splunk software unlocks in machine data. Using Tableau to visualize structured data with machine data in Splunk will enable people to gain new business insights.”

“Splunk leads the market in enabling organizations to collect, index and make searchable machine data from apps, servers, networks, websites and devices in real time,” said Chris Stolte, chief development officer and co-founder, Tableau Software. “Our integration lets organizations use our visual analytics software on their machine data in Splunk software. Whether it’s to find quick insights or explore machine data, it accelerates new insights for anyone using Tableau and Splunk.”

The direct connection between Splunk and Tableau provides the following benefits:

Makes it easier for Tableau users to visualize machine data and find new insights – Users can now leverage Tableau to visualize machine data from Splunk Enterprise, enabling new business insights from a rapidly growing class of data.

New source of valuable data now available to more people – People can now access a new source of valuable machine data with Splunk Enterprise. These capabilities are complementary to the real-time and historical visualizations and analytics across large data sets in Splunk Enterprise.

Correlate machine data with other structured data- The integration enables users to correlate, analyze and visualize machine data with other structured data for advanced business analytics.

Splunk Enterprise Selected as Symantec’s Security Investigation Platform

Splunk Software to Help Investigate Security Incidents and Ensure Compliance

Splunk Inc., provider of the leading software platform for real-time operational intelligence, today announced that Symantec (NASDAQ: SYMC) has selected Splunk® Enterprise 6 to help bolster its security intelligence operations. Through this partnership, Symantec will centralize, monitor and analyze security-related data in Splunk Enterprise to help investigate incidents and detect advanced threats. Symantec will also use Splunk software to ensure comprehensive compliance with Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standard (PCI DSS).

“With today’s threat landscape, it’s critical that we react quickly to identify and respond to any type of threat, especially advanced threats that continue to increase in complexity” said Julie Talbot-Hubbard, chief security officer, Symantec. “Our efforts, in combination with Splunk software, demonstrate that we are implementing best practices to not only protect our customers and partners, but also help with addressing critical customer problems.”

“Symantec is more than a valued Splunk customer, they also are a strong partner as together we help businesses and organizations tackle the toughest cybersecurity threats in the world,” said Haiyan Song, vice president of security markets, Splunk. “We look forward to seeing the Symantec security team’s accomplishments with Splunk software.”

Splunk Doubles License Capacity for Entry-level Customers

Encourages New Users to Analyze Additional Valuable Data Sources

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced that it is doubling license capacity at entry levels for Splunk® Enterprise. Doubling capacity enables Splunk customers to take more advantage of the hidden value in their machine data. They can more easily address their security, IT operations and application management use cases and correlate additional disparate data sources. Splunk customers can now leverage the award winning power of Splunk Enterprise more broadly across their organizations and drive further adoption of Splunk as their platform for machine data.

“From the start, we have believed in offering a free download so anyone can explore and analyze machine data at no cost. Now, we are doubling capacity for entry level customers, to further increase their ability to adopt Splunk software, explore new use cases and realize rapid return on investment,” said Godfrey Sullivan, Chairman and CEO, Splunk. “By enabling Splunk customers to analyze more data, we are further delivering on our mission to make machine data accessible, usable and valuable to everyone.”

The increased capacity applies to all new licenses up to 20 GB of daily indexing capacity. Splunk Enterprise U.S. licensing now starts at $4,500 for a 1 gigabyte (GB)/day perpetual license and $1,800 for a 1 GB/day annual term license. Splunk is also offering recent customers of Splunk Enterprise who purchased licenses up to 20 GB/day a special limited-time promotion to capitalize on the new license capacity levels.

Splunk customers can deploy Splunk Enterprise on-premises, in private or public clouds and in virtualized environments. A free version of Splunk Enterprise is available as a download for anyone indexing up to 500 MB/day and also as an Amazon Machine Image (AMI) through the AWS Marketplace, where organizations can use Splunk software without the hassle of building and maintaining a physical infrastructure. Click here to download Splunk Enterprise.

Splunk does not charge for data sources, data types, number of users, number of searches or alerts, or total data stored – instead maintaining the simple, straightforward pricing based on daily indexing volume that fosters adoption across organizations. For more details, please visit the pricing page on the Splunk website or contact Splunk Sales. Pricing varies by region.

Stalk Cyberattackers with the Latest Splunk App for Enterprise Security

New Visualizations Significantly Reduce Time to Incident Detection and Response

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced version 3.0 of the Splunk® App for Enterprise Security, which empowers security professionals to stalk cyberattackers. New visualizations enable advanced threat detection, resulting in a significant reduction in the time to incident discovery and response. The Splunk App for Enterprise Security also includes a new threat intelligence framework, support for new data types, data models and pivot interface.

Threat detection speed and accuracy can be deciding factors in whether an attack becomes a massive data breach or a success story for security teams. In order to know and understand attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events. Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale for even the largest IT environments, in real time. Watch the Splunk App for Enterprise Security demo to learn more about the latest release and the Splunk for Security video to better understand Splunk software’s role in organizations’ security infrastructure.

“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” said Steve Sommer, chief marketing officer, Splunk. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”

“The Splunk App for Enterprise Security provides the flexibility and customization necessary for an incident responder, security professional or SOC to pull the information they need to the surface quickly,” said Adrian Sanabria, senior security analyst, 451 Research. “Researching a security incident is stressful enough – being able to identify threats through a simple point-and-click interface and easily create alerts is essential. The Splunk App for Enterprise Security helps the security professional work incidents and perhaps discover the source of an intrusion in as little time as possible.”

Customers Slash Threat Response Times with Security Solutions from Splunk

IDT Corporation (NYSE: IDT) is a leading telecommunications and payment services provider that is using Splunk Enterprise 6 and the Splunk App for Enterprise Security as the backbone of its security infrastructure.

“Splunk software already helped IDT security teams cut incident response times from minutes to seconds, and the new version of the Splunk App for Enterprise Security will further improve our security posture for internal and external threats,” said Golan Ben-Oni, chief security officer and senior vice president of network architecture, IDT. “One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data. The threat intelligence framework is also a welcome addition, as it will allow us to not only view all of our feeds in one place but also eliminate duplicated information on new threats.”

The Splunk App for Enterprise Security takes full advantage of the features available in Splunk Enterprise 6. New features include:

New Visualizations: Security professionals can visually correlate data to identify anomalous behavior, providing a starting point for security investigations. Once an unusual data pattern for a person, application or system is identified, the analyst is never more than three clicks away from the raw data and can create a notable event for investigation and analysis workflows.

Threat Intelligence Framework: Organizations subscribing to threat intelligence feeds can organize and de-duplicate the data to make it more useful to security teams, instead of just viewing the data like most SIEM products.

Data Models and Pivot Interface: Anyone can create, save or export new, custom visualizations or reports without being an advanced Splunk user or having any knowledge of Splunk’s search processing language (SPL). Splunk Enterprise 6 and the Splunk App for Enterprise Security includes a large catalog of visualizations as a starting point and developers can create custom visualizations using the programming language of their choice with the powerful web framework.

Support for New Data Types and Threat Feeds: All data is security-relevant, and the Splunk App for Enterprise Security supports making decisions quickly with the context of business activity by supporting traditional log data, flow data, packet capture data, industrial control system data, external threat intelligence feeds and other business data that may be in databases.