Archive for July, 2014

New Release of Splunk App for Enterprise Security Drives the Analytics-Enabled Security Operations Center

Splunk Executive Showcases Latest Version during Keynote at RSA Conference Asia Pacific & Japan 2014

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced the general availability of version 3.1 of the Splunk® App for Enterprise Security. Recently named a Leader in the 2014 Gartner Magic Quadrant for Security Information and Event Management, Splunk introduces a new risk scoring framework in the Splunk App for Enterprise Security to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data. The app also includes new features to help users connect and visualize data on the fly and introduces guided search to make security analytics more accessible to a broad range of users without requiring knowledge of programming languages or command syntax. Splunk customers who have purchased the app can download version 3.1 of the Splunk App for Enterprise Security on Splunk Apps. New users are encouraged to contact Splunk sales.

Haiyan Song, vice president of security markets, Splunk, will highlight the important role the Splunk App for Enterprise Security plays within analytics-driven security teams in her keynote at RSA Conference Asia Pacific & Japan 2014. Song’s keynote, “The Analytics-enabled Security Operations Center – Best Practices for Improving Incident Response and Breach Investigation,” begins at 9:50 a.m. SGT, Wednesday, July 23 in the Grand Ballroom of the Marina Bay Sands in Singapore. Splunk experts will also be at booth #P2 throughout RSA Conference Asia Pacific & Japan 2014 with hands-on demonstrations of the Splunk App for Enterprise Security, Splunk Enterprise and some of the 150+ security-relevant apps available on Splunk Apps.

“Adapting quickly to new attack techniques is the key for modern cybersecurity warriors, and the new version of the Splunk App for Enterprise Security was built specifically to help organizations remain agile in this dynamic landscape of zero-day and previously unknown attacks,” said Song. “Risk scoring provides prioritization beyond just event data to help security teams transform security analytics by identifying the most critical threats from the massive streams of data surrounding them. We believe the app will have a profound impact on the threat detection capabilities of organizations around the world.”

“Splunk’s Enterprise Security App Version 3.1 represents a great step forward in providing security analytics to more roles across the security team. The addition of risk-based analytics and more in-depth threat intelligence, combined with the ability to connect and visualize disparate data, are extremely valuable and well aligned with the requirements we are hearing from end users,” said David Monahan, security research director, Enterprise Management Associates. “The new Guided UI allows any user to build sophisticated queries without foreknowledge of the Splunk analytics language, advancing the capabilities of every level of user, improving effectiveness and accelerating the ROI gained from Splunk.”

New features in the Splunk App for Enterprise Security focus on delivering risk-based analytics, connecting and visualizing disparate data, and enriching security analysis with threat intelligence. Key features include:
Risk-based Analytics: Enhance decision-making by applying a risk score to any data through a new Risk Scoring Framework. Helps security and IT teams prioritize, triage and be alerted to threats based on risk score, while also exposing contributing factors of the risk score to all relevant teams.

Visual Investigation: Gain faster, deeper insights across all machine data by giving users the ability to visually discover relationships by creating event swim lanes that organize and correlate all data.

Guided Search Creation: Simplify complex correlation across disparate data sources by building advanced searches in a guided user interface with little or no knowledge of any programming language or command syntax.

Domain Name-based Threat Intelligence: Adding onto the integrated Threat Intelligence Framework, which deduplicates and assigns weights to threat intelligence feeds, security teams can now integrate high-fidelity and complex URLs and domain names.

Learn more about the Splunk App for Enterprise Security on the Splunk website. Version 3.1 of the Splunk App for Enterprise Security requires version 6.x of Splunk Enterprise.

Splunk Introduces the Splunk Mobile App

New App for iPhone and iPad Enables Anyone to Use Splunk Enterprise on the Go

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced the release of the Splunk® Mobile App for iPhone and iPad. The Splunk Mobile App gives Splunk Enterprise users a powerful new way to view, interact with and share Splunk Enterprise dashboards and reports, receive real-time alerts and leverage operational intelligence on the go through a fully optimized mobile user experience. Download the Splunk Mobile App for free from the Apple App Store or go to the Splunk website.

“The Splunk Mobile App has been designed to provide our users with an incredible experience when accessing Splunk Enterprise from their iPhone or iPad,” said Sanjay Mehta, vice president of product marketing, Splunk. “Splunk deployments have become increasingly critical for our users, who now can benefit from the universal access and collaboration provided by the Splunk Mobile App. It seamlessly and securely puts operational intelligence at our customers’ fingertips, whenever and wherever they need it.”

“The Splunk Mobile App allows us to enhance the value of our Splunk Enterprise deployment by breaking down barriers to data access,” said Ant Lefebvre, senior systems engineer, Middlesex Hospital. “The ability to query Splunk dashboards and receive alerts from an iPad or iPhone gives our mobile users a very intuitive user experience with complex data.”

With the Splunk Mobile App users can:
– Conveniently access and query their machine data.
– Easily view, annotate and share dashboards and reports.
– Receive real-time alert notifications.
– Export dashboards and reports as PDF files for offline viewing.

The Splunk Mobile App is available for free on the iPhone and iPad from the Apple App Store at https://itunes.apple.com/us/app/splunk-mobile-app/id848652190?ls=1&mt=8.

The app requires Splunk Enterprise 5.x or above and the Splunk Enterprise Mobile Access Server.

To learn more about Splunk Enterprise, please visit http://www.splunk.com/6.

Splunk Named a Leader in Gartner 2014 Magic Quadrant for SIEM

Splunk Security Intelligence Platform Powers the Analytics-enabled Security Operations Center

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced that it has been named a leader in Gartner’s 2014 Magic Quadrant* for Security Information and Event Management (SIEM). Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security, award-winning products used for security by thousands of organizations around the world.

As the report outlines, “We continue to see large companies that are re-evaluating SIEM vendors to replace SIEM technology associated with partial, marginal or failed deployments,” according to Gartner report authors Kelly Kavanagh, principal research analyst, Mark Nicolett, managing vice president, and Oliver Rochford, research director. “The greatest area of unmet need is effective targeted attack and breach detection. Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition of behavior profiling and better analytics. Most companies expand their initial SIEM deployments over a three-year period to include more event sources and greater use of real-time monitoring.”

“We believe Splunk’s position as a leader in the Magic Quadrant for SIEM reinforces the trend we are seeing that an analytics-enabled Security Operations Center (SOC) is essential and more effective at detecting and responding to today’s cyberthreats. Analytics provide the SOC and security team a holistic view by collecting, monitoring and analyzing all the data in an organization with rich enterprise and global threat context,” said Haiyan Song, vice president of security markets, Splunk. “Splunk customers are continuously transforming their operations by giving their SOC and security teams situational awareness and, more importantly, the ability to investigate and make determinations fast, which means more decisive and timely actions against attacks, advanced persistent threats, insider threats and other operational issues.”

Targeted, advanced attacks and insider threats can be detected and resolved using analytics of diverse data sets, but this data is challenging to bring into traditional SIEM deployments. Organizations use Splunk Enterprise and the Splunk App for Enterprise Security to create a security intelligence platform that leverages analytics to help find known and unknown, advanced threats. The Splunk App for Enterprise Security includes visualizations to identify anomalous behavior, a threat intelligence framework to organize and de-duplicate threat feed data and data models and a pivot interface to enable the fast creation of analytics. More than 175 security and compliance-specific apps are also available to help security teams quickly gain insights from industry-leading products from vendors including Cisco Systems, FireEye, Palo Alto Networks and more.

Gartner defines the SIEM Leaders quadrant as being, “composed of vendors that provide products that are a good functional match to general market requirements, have been the most successful in building an installed base and revenue stream within the SIEM market, and have a relatively high viability rating (due to SIEM revenue or SIEM revenue in combination with revenue from other sources). In addition to providing technology that is a good match to current customer requirements, Leaders also show evidence of superior vision and execution for anticipated requirements. They typically have relatively high market share and/or strong revenue growth, and have demonstrated positive customer feedback for effective SIEM capabilities and related service and support.”