Archive for July, 2015

Splunk Named a Leader in 2015 Gartner Magic Quadrant for SIEM

Splunk Is the Only Company to Improve on Completeness of Vision

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced it has been named a leader in Gartner’s 2015 Magic Quadrant for Security Information and Event Management (SIEM)* for the third straight year. Splunk was the only vendor to improve its completeness of vision from last year’s results. Gartner evaluated the Splunk security portfolio, including Splunk® Enterprise and the Splunk App for Enterprise Security , used by thousands of organizations around the world. To view the report, go to: http://www.splunk.com/goto/SIEM_MQ.

According to Gartner report authors Kelly Kavanagh, principal research analyst, and Oliver Rochford, research director, “The greatest area of unmet need is effective targeted attack and breach detection. Organizations are failing at early breach detection, with more than 92 percent of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition of behavior profiling and better analytics.”

“Splunk is the only security provider to improve on completeness of vision in the Gartner 2015 SIEM Magic Quadrant which we believe serves as the latest evidence that Splunk remains at the forefront of solving advanced and emerging SIEM use cases,” said Haiyan Song, senior vice president of security markets, Splunk. “Splunk is growing well beyond the SIEM market rate, as an increasing number of companies recognize the value of taking an analytics-driven approach to security with Splunk as the nerve center. And with our recent acquisition of Caspida, Splunk is adding machine learning-based user behavioral analytics and extending our analytics-enabled SIEM to better detect advanced and insider threats.”

To protect against advanced threats, a growing number of organizations are using Splunk security analytics to augment, replace and go beyond their legacy SIEM deployments. Splunk security solutions help organizations improve the detection, response and recovery from advanced threats by providing them with broad security intelligence from data that is collected across IT, the business and the cloud.
To view the report, go to: http://www.splunk.com/goto/SIEM_MQ.

Register now for .conf2015, the 6th Annual Splunk Worldwide Users’ Conference, featuring more than 150 sessions by 4,000 plus Splunk customers, partners, experts and employees. .conf2015 is being held September 21-24, 2015 at MGM Grand in Las Vegas.

Gartner, Magic Quadrant for Security Information and Event Management, Kelly Kavanagh, Oliver Rochford, July 20, 2015. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose .

Splunk Acquires Caspida

Extends Security Analytics Leadership by Adding Behavioral Analytics to Better Detect Advanced and Insider Threats

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced it has acquired Caspida, Inc., a leading innovator in machine learning and behavioral analytics. Under the terms of the agreement, Splunk has acquired all of the outstanding stock of Caspida for an aggregate purchase price of approximately $190 million, including approximately $127 million in cash and $63 million in restricted Splunk securities.

imgres

The combination of Splunk® and Caspida™ technology revolutionizes the security market by unifying world-class breach response with breach detection. Recent high-profile breaches show virtually all attacks happen with compromised credentials, and automated detection leveraging machine learning is the future for detecting known and unknown threats from insider and external attackers. Splunk customers now have out-of-the-box user behavioral analytics to help detect, respond to and mitigate these threats. This combination of Splunk’s leading machine data platform with Caspida software provides the most comprehensive security analytics solution available today.

“Splunk built its reputation in security by enabling customers to more effectively respond to breaches. With this acquisition, our customers can now also better detect advanced threats – the breaches that are becoming more complex and severe with each passing day,” said Haiyan Song, senior vice president of security markets, Splunk. “With Caspida, Splunk accelerates its focus on solving advanced threats – both external and from insiders – by shining a light on those who are wrongfully using valid credentials to freely and unpredictably exploit systems they have accessed. By addressing the entire lifecycle of known and unknown advanced threats, and by providing a platform to detect, respond to, and automate actions, Splunk has further reinforced its position as the security nerve center.”

Attacks with trusted access are often not detected by existing security approaches. Whether gaining access through compromised accounts/systems or leveraging existing privileges to conduct malicious activities, attackers often do not need to deploy additional malware. These activities are dynamic and attackers will find ways to evade traditional security technologies. Even if detected, security analysts must find supporting evidence, often using a kill chain methodology to identify the progression of activities from intrusion to lateral movement to exfiltration. Caspida has innovated the use of data science and machine-learning algorithms to detect advanced threats and malicious insiders – presenting the most meaningful set of threats for SOC analysts and incident responders.

“We founded Caspida with a vision of applying data science to help solve the most pressing cybersecurity challenges – advanced threats and insider threats,” said Muddu Sudhakar, CEO, Caspida. “By analyzing machine data and using data science to detect meaningful anomalous behavior of users, devices and entities, Caspida has solved a problem that previously required significant manpower and expensive, do-it-yourself toolsets. We are very excited to join the Splunk family and deliver new detection capabilities to customers.”

Key capabilities of the combination of the Splunk and Caspida solutions include the ability to:

Detect Advanced, Hidden and Insider Threats Out-of-the-Box Using Data Science
– Continuous threat and anomaly detection that applies multi-domain analysis using machine learning.
– Uncovers hidden breaches and new attacks out-of-the-box without extensive customization.

Improve Threat Detection with Targeted Incident Response
– Provides threat activities relative to the kill chain with supporting evidence to enable targeted remediation.
– Detects multi-domain (user, device and traffic applications) anomalies and streamlines threat review and incident resolution.

Dramatically Increase SOC Efficiency
– Scores and highlights the most important threats and anomalies to minimize alert fatigue.
– Detects and provides insights on threats and suspicious activities to complement and extend threat intelligence.

Learn More: http://www.splunk.com/en_us/investor-relations/acquisitions/caspida.html