Archive for January, 2014

Stalk Cyberattackers with the Latest Splunk App for Enterprise Security

New Visualizations Significantly Reduce Time to Incident Detection and Response

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced version 3.0 of the Splunk® App for Enterprise Security, which empowers security professionals to stalk cyberattackers. New visualizations enable advanced threat detection, resulting in a significant reduction in the time to incident discovery and response. The Splunk App for Enterprise Security also includes a new threat intelligence framework, support for new data types, data models and pivot interface.

Threat detection speed and accuracy can be deciding factors in whether an attack becomes a massive data breach or a success story for security teams. In order to know and understand attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events. Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale for even the largest IT environments, in real time. Watch the Splunk App for Enterprise Security demo to learn more about the latest release and the Splunk for Security video to better understand Splunk software’s role in organizations’ security infrastructure.

“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” said Steve Sommer, chief marketing officer, Splunk. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”

“The Splunk App for Enterprise Security provides the flexibility and customization necessary for an incident responder, security professional or SOC to pull the information they need to the surface quickly,” said Adrian Sanabria, senior security analyst, 451 Research. “Researching a security incident is stressful enough – being able to identify threats through a simple point-and-click interface and easily create alerts is essential. The Splunk App for Enterprise Security helps the security professional work incidents and perhaps discover the source of an intrusion in as little time as possible.”

Customers Slash Threat Response Times with Security Solutions from Splunk

IDT Corporation (NYSE: IDT) is a leading telecommunications and payment services provider that is using Splunk Enterprise 6 and the Splunk App for Enterprise Security as the backbone of its security infrastructure.

“Splunk software already helped IDT security teams cut incident response times from minutes to seconds, and the new version of the Splunk App for Enterprise Security will further improve our security posture for internal and external threats,” said Golan Ben-Oni, chief security officer and senior vice president of network architecture, IDT. “One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data. The threat intelligence framework is also a welcome addition, as it will allow us to not only view all of our feeds in one place but also eliminate duplicated information on new threats.”

The Splunk App for Enterprise Security takes full advantage of the features available in Splunk Enterprise 6. New features include:

New Visualizations: Security professionals can visually correlate data to identify anomalous behavior, providing a starting point for security investigations. Once an unusual data pattern for a person, application or system is identified, the analyst is never more than three clicks away from the raw data and can create a notable event for investigation and analysis workflows.

Threat Intelligence Framework: Organizations subscribing to threat intelligence feeds can organize and de-duplicate the data to make it more useful to security teams, instead of just viewing the data like most SIEM products.

Data Models and Pivot Interface: Anyone can create, save or export new, custom visualizations or reports without being an advanced Splunk user or having any knowledge of Splunk’s search processing language (SPL). Splunk Enterprise 6 and the Splunk App for Enterprise Security includes a large catalog of visualizations as a starting point and developers can create custom visualizations using the programming language of their choice with the powerful web framework.

Support for New Data Types and Threat Feeds: All data is security-relevant, and the Splunk App for Enterprise Security supports making decisions quickly with the context of business activity by supporting traditional log data, flow data, packet capture data, industrial control system data, external threat intelligence feeds and other business data that may be in databases.

Splunk Enterprise Named Best Big Data Analytics Solution

Government Security News 2013 Homeland Security Awards Recognize Critical Impact of Machine Data on Security Posture for Public Sector Organizations

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced that Splunk® Enterprise has been named the Best Big Data Analytics Solution in the GSN: Government Security News 2013 Homeland Security Awards.

“Splunk is honored to be recognized by GSN as the leading big data analytics solution, and we share the honor with all those who use Splunk software in mission-critical Homeland Security projects,” said Bill Cull, vice president of public sector, Splunk. “Modern security is far from simple because all data is relevant to security investigations. As a big data security intelligence platform, Splunk software enables customers to collect, search, visualize and analyze massive streams of machine data so that they can identify and act on threats in real time.”

“The director of the FBI recently noted that cybersecurity is one of the largest and most dangerous threats public sector organizations will face in the near term,” said Chuck Brooks, vice president and client executive for Department of Homeland Security (DHS), Xerox. “It is great to see that entries for the GSN awards, like Splunk Enterprise and the Splunk App for Enterprise Security, are at the cutting edge of cybersecurity solutions across the threat spectrum.”

The award winners were selected by a panel of judges that included Brooks; Scott Greiper, president of Secure Strategy Group; Paul Goldenberg, CEO of Cardinal Point Strategies and member of the Homeland Security Advisory Council (HSAC); and Matt Johnson, cybersecurity expert and veteran of the Department of Defense Intelligence Community.

GSN specializes in news, analysis, interviews, new products and technologies in all aspects of homeland security, from access control and airport security to biometrics, border protection, disaster recovery, emergency preparedness, IT security, maritime and port security, rail security, security services, state and local governments and urban security.

Splunk App for VMware Wins Top Honors for Server Virtualization

App for VMware and Splunk Enterprise Recognized by Virtualization Review in “Editor’s Choice” Awards

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced that Splunk® App for Vmware has won the Editor’s Choice award for the Server Virtualization category in Virtualization Review’s 2014 Reader’s Choice Awards. Customers rely on the Splunk App for VMware for proactive health monitoring, operational insights such as performance, capacity and security analytics, and to correlate VMware data with data from all other technology tiers for true end-to-end visibility.

“In the information age, data is king, and Splunk is able to process lots of it coming from just about any source – OS, apps, hardware – and make sense of it all,” said Michael Domingo, editor-in-chief, Virtualization Review. “The simplicity with which it offers up that data to users is why it earned a spot on the 2014 Virtualization Review Editor’s Choice in the category of Server Virtualization.”

“Splunk is honored to be recognized by Virtualization Review with an award that demonstrates the value that the Splunk App for VMware provides customers in resolving challenges in virtualized environments,” said Leena Joshi, senior director of solutions marketing, Splunk. “This recognition, coupled with the app’s popularity among Splunk’s customers, confirms that virtualized datacenters value the ability to gain operational insights about their virtualization layer in context of data from all their other technology tiers.”

Virtualization Review is the first and only print publication solely devoted to IT virtualization and cloud technologies. The 2014 awards are chosen by the readers of Virtualization Review and presented to vendors in 16 categories ranging from Mobile Virtualization and Cloud Storage to Business Continuity and Virtualization Automation. E-mail invitations were sent to Virtualization Review readers in October 2013 to vote on more than 400 products.

Responses were collected during a two-week period. A team of editors reviewed the results to ensure that they legitimately came from Virtualization Review readers. Vendors were excluded from the voting process and were not, in anyway, allowed to solicit votes.