Archive for September, 2015

New Splunk Security Solutions Advance as the Nerve Center for Security

Splunk Takes Organizations’ Security Posture to the Next Level with Splunk Enterprise Security 4.0 and Splunk User Behavior Analytics

Splunk Inc, provider of the leading software platform for real-time Operational Intelligence, today announced a leap forward in detecting and responding across the entire lifecycle of modern security attacks. Splunk® Enterprise Security 4.0, formerly named the Splunk App for Enterprise Security, includes major updates to help organizations track attackers’ steps through streamlined ad hoc analyses and event sequencing. Splunk is also announcing Splunk User Behavior Analytics (UBA), a new solution developed from the acquisition of Caspida, Inc. Splunk UBA delivers out-of-the-box capabilities driven by machine learning and advanced analytics to detect cyberattacks and insider threats. Splunk Enterprise Security 4.0 and Splunk UBA will be generally available by October 31, 2015.

“When critical networks are under assault, every second counts. Splunk security solutions give an edge to security teams by improving attack and breach detection and incident response,” said Haiyan Song, senior vice president of security markets, Splunk. “Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilize their data to detect, understand and take rapid, coordinated action across the organization. Splunk Enterprise Security lets analysts visually correlate events over time and communicate details of multi-stage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders – advanced attackers including malicious insiders.”

“Splunk is the trailblazer in security analytics and is continuing its path of innovation with Splunk Enterprise Security and Splunk UBA,” said Robert Herjavec, Founder and CEO, Herjavec Group. “Splunk solutions continue to help us protect our clients from rapidly changing attack techniques. Splunk Enterprise Security 4.0 represents another significant step in how we help our clients tackle multi-stage attacks while Splunk UBA promises to illuminate anomalies using disparate machine data to defend against the most dangerous breaches, those responsible for most of the headlines.”

”Splunk continues to address analytics-driven security through product developments and strategic acquisitions,” said Scott Crawford, research director, 451 Research. “Splunk Enterprise Security is designed to help practitioners conduct more efficient investigations and provides a new open framework that further supports a growing ecosystem of partners. Splunk User Behavior Analytics extends threat detection for customers through data science and machine learning.”

Splunk Enterprise Security Helps Organizations to Detect, Scope and Respond to Advanced Attacks

Splunk Enterprise Security 4.0 (ES) tackles multi-stage attacks with improved breach detection and response as well as improved collaboration through an extensible analytics framework. New features and benefits include:

– Investigator Journal keeps track of ad hoc searches and activities to streamline analysis of multi-stage attacks associated with breach detection and response.
– Investigator Timeline allows individual analysts to place any event, activity or annotation within an investigation timeline to better understand, visualize and communicate the cause-and-effect of events and the details of advanced multi-stage attacks. For example, users could apply the kill chain within the timeline during investigations.
– Investigator Timeline also allows different security team members to place events, actions and annotations into the timeline to share their perspective of the scenario to collaboratively investigate incidents, problems and breaches.
– Enterprise Security Framework allows customers, vendors and third parties to create, access and extend ES functionality with apps that can run within ES and access functionality such as the alert management, risk, threat intelligence, and the identity and asset frameworks.

Splunk Enterprise Security 4.0 requires Splunk Cloud or version 6.3 of Splunk Enterprise.

Splunk UBA Adds a New Layer of Cyber Defense

Building upon technology recently acquired with Splunk’s purchase of Caspida, Inc., Splunk UBA uses machine learning, behavior baseline, peer group analytics and advanced correlations to improve breach detection. Benefits include:

– Improve detection of cyberattacks and insider threats.
– Increase security analysts’ effectiveness by helping them to focus upon meaningful threats with malicious activities using a kill chain visualization.
– Operationalize security by rapidly getting data into Splunk UBA and streamlining incident response by leveraging the proven power of Splunk solutions.

Go to the Splunk website to learn more about Splunk UBA.

Splunk Introduces Splunk IT Service Intelligence

New IT Monitoring and Analytics Solution Delivers Immediate Value to IT with Advanced Analytics and Powerful Visualizations; Available as Software or a Cloud Service

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced Splunk IT Service Intelligence (ITSI). Splunk ITSI builds upon Splunk’s deep product expertise and recognized customer value in IT Operations by introducing a solution that provides breakthrough visibility into the health and key performance indicators of IT services. This new solution delivers a central, unified view of critical IT services and leverages advanced analytics driven by machine learning to highlight anomalies, detect root cause and pinpoint areas of impact. Experience the power and innovation of Splunk solutions and try the Splunk ITSI online sandbox today.

“With Splunk ITSI, we wanted to build on how customers were already using the Splunk platform for IT troubleshooting and monitoring and deliver a complete solution for IT professionals,” said Rick Fitz, senior vice president of IT markets, Splunk. “IT teams now have an innovative data-driven approach to more effectively manage the new world of hybrid, cloud and software-defined everything in the data center. Splunk ITSI is in a class of its own because it provides both high-level monitoring and deep-dive troubleshooting and analytics in one solution, available as either software or a cloud service.”

“Traditionally, the end-to-end performance of systems and apps supporting digital strategies is difficult for the business team to monitor against SLAs and KPIs they have established without bolting this view together with a variety of products,” according to Maureen Fleming, vice president of BPM and middleware research, IDC. “Being able to track, monitor and produce a business view of performance from a single offering is critical in today’s world of technology-enabled innovation.”

Splunk Customers Unlock Insights On Business-Critical Services

More than a dozen Splunk customers have run Splunk ITSI over several months in production environments. Splunk ITSI customers report having greater insight into their IT services, less downtime and disruption to their customers, and improved service levels.

“AdvancedMD has more than 13,000 daily global users who initiate claims, and Splunk IT Service Intelligence enables us to both know there is a problem at a high level and also see the depths of all of these interactions and fix issues immediately,” said Tyler Germer, director of information technology, AdvancedMD. “Splunk IT Service Intelligence was delivering insights days after installing, instead of the months it can take with legacy monitoring solutions. Splunk ITSI helps us ensure that the claims service stays up and running at all times.”

“Splunk IT Service Intelligence gives us the actionable insights we need to keep our business-critical services running smoothly and it was up and running in days instead of months,” said Daniel Nye, chief technology officer, Surrey Satellite Technology. “By mapping KPIs to critical service components, we have discovered and resolved problems that we did not know we had. For example, by identifying a previously undetected issue with our document management system, we have significantly sped up the document checkout process, delivering real-time savings to the business.”

“Splunk IT Service Intelligence gives Vodafone a real-time understanding of how our services are performing overall and at the more granular level,” said Andre Casper, solution owner operational analytics, Vodafone. “We have KPIs mapped to critical service components and can provide relevant insights to stakeholders across the business, including management, service owners and the security team. The glass table visualizations in Splunk ITSI make it quick and easy to identify and resolve any issues, preventing any impact on our users. Now we can be much more proactive about our services.”

Read more about Vodafone’s success with Splunk ITSI in the Vodafone case study on the Splunk website.

Empowering IT to Uncover and Act on Data-Driven Intelligence

Splunk ITSI is a patented, enterprise-class monitoring and analytics solution that provides new levels of visibility into the health and key performance indicators of IT services. Built on the powerful Splunk platform, Splunk ITSI scales to collect and index terabytes of real-time and historical events and metrics, across multi-datacenter and cloud-based infrastructures. Splunk IT Service Intelligence:

– Delivers a central, unified view of critical IT services for powerful, data-driven monitoring.
– Maps critical services with KPIs to easily pinpoint what matters most.
– Utilizes advanced analytics powered by machine learning to highlight anomalies, detect root cause and pinpoint areas of impact.
– Supports drill down into the data for rapid issue investigation and resolution.

Learn more about Splunk ITSI or sign up for an online sandbox trial on the Splunk website.

Splunk Continues Innovation with Splunk MINT, Splunk Light and Hunk Updates

Splunk Kicks Off Day Two of .conf2015: 6th Annual Splunk Worldwide Users’ Conference with Major Mobile, Cloud and Big Data Enhancements

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced updates to several products including Splunk MINT™, Splunk Light™ and Hunk®.

“At .conf2015, we are showcasing innovations across our entire portfolio of software and cloud solutions, and Hunk, Splunk Light and Splunk MINT are important pillars of our customers’ overall data strategy,” said Shay Mowlem, vice president product management and product marketing, Splunk. “Splunk MINT and Hunk help organizations gain value from two of the fastest-growing sources of data, mobile data and historical data in Hadoop. Small IT teams can also now utilize Splunk Light as a cloud service.”

Hunk: Splunk Analytics for Hadoop

Hunk 6.3 is a full-featured, integrated analytics platform used to interactively explore, analyze and visualize big data in Hadoop and Amazon S3. Go to the Hunk page on the Splunk website to download the Hunk sandbox or to sign up for a free trial. Benefits include:

– Drive down total cost of ownership for Splunk users who can archive historical data from Splunk Enterprise to HDFS and Amazon S3 on commodity hardware for low-cost long-term storage and use Hunk to perform analytics on the historical data transferred to Hadoop.
– Splunk users can leverage the advanced analytics and visualization capabilities they know and love in Splunk Enterprise on the data stored in Hadoop without needing to learn a new solution.
– Analyze data transferred from Splunk Enterprise to Hadoop using third-party Hadoop tools such as Hive and Pig without needing to transform or replicate data.

Splunk Light

Splunk Light is now available as a cloud service, starting at just $90 per month, and delivers the power of Splunk to small IT environments. This full-featured log search and analysis solution makes harnessing machine data even more accessible to small IT environments by eliminating the time and expense of server purchasing, setup and maintenance. Try the free trial of Splunk Light as a cloud service. Benefits include:

– Gain real-time log search and analysis for tactical troubleshooting by collecting, indexing, monitoring, searching, alerting and analyzing any log data in real time from one place.
– Priced for small IT environments, with access to global support and a passionate community of users.
– Easily upgrade to the full Splunk Enterprise or Splunk Cloud for seamless transition to the platform for real-time Operational Intelligence.

Splunk MINT

Splunk MINT runs as an application on top of Splunk Enterprise and now, Splunk Cloud, to deliver enhanced Operational Intelligence with mobile data for developers, operations and product management. Splunk MINT delivers Mobile Intelligence to improve the mobile app user experience. Learn more about Splunk MINT on the Splunk website. Benefits include:

– More developer insight with Stacktrace graphs and screen tracking that offers real-time insight into how users are engaging your app and how many users are affected by performance problems.
– Detailed user analytics including events, screen tracking and user flows that provide powerful feedback to Splunk MINT users.
– Additional mobile app support for hybrid mobile applications that integrate HTML5 web browsers with native mobile OS capabilities.

Splunk Accelerates Momentum in Industrial Data and Internet of Things

New Product Capabilities, Customer Success and Growth in Partner Ecosystem Fuel Continued Expansion into Growing, New Market

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced accelerated momentum in Industrial Data and Internet of Things (IoT). The trend is driven by Splunk’s continued investment in its products and partner ecosystem as well as the creativity of customers and the flexibility to deploy Splunk IoT solutions as software, cloud services or in a hybrid environment. Customers are using Splunk® solutions to collect and correlate data from control systems, sensors, mobile devices and IT systems for a variety of Industrial Data and IoT use cases. These use cases include operational efficiency, predictive maintenance, industrial cybersecurity and asset analytics.

“It has been great to see the success our manufacturing teams are achieving with Splunk solutions,” said Saul Llamas, manufacturing test engineering manager, Zebra Technologies. “Our teams have been able to bring value to their own operations by using Splunk Enterprise and its powerful data collection, analytics and visualization capabilities to improve manufacturing quality, customer experience and ultimately our products.”

New Splunk Enterprise 6.3 features and community and partner apps further expand the applicability of Splunk solutions for Industrial and IoT use cases. New features include the HTTP event collector to collect IoT data at scale, new customer alert actions to trigger custom data-driven actions in third-party applications and the Machine Learning Toolkit and Showcase (preview) for advanced analytics. Splunk also has a wide-ranging ecosystem of partners in the Internet of Things including Bluvision, Carvoyant, Citrix Octoblu, CQCloud, DGLogik, Falkonry, Kepware, N3N, Wizcore and Xively by LogMeIn, all of which are demonstrating technology or solutions at .conf2015.

“From trains, planes and automobiles to manufacturing floors, our customers are leading the way with their innovative use of Splunk solutions for Industrial Data and Internet of Things,” said Snehal Antani, chief technology officer, Splunk. “The Internet of Things transforms the way organizations leverage machine data and gain insights from it. The product investments that we have made along with our growing IoT ecosystem will further expand Splunk’s role in these use cases and accelerate the value realized from Splunk solutions.”

For more information about using Splunk for Industrial Data and the Internet of Things, visit the Internet of Things solution page of the Splunk website.

Sydney’s Splunk User Group

When: Wednesday, 16 September 2015
Time: 5.00pm-7.00pm
Location : Level 1 @ Angel Hotel, 125 Pitt Street, Sydney

The next meet up for the Sydney Splunk User Group is coming up.

Get along to the meet up and hear how a leading ISP uses Splunk to ingest machine data from telco systems and provide business information to various business teams.

Here’s the agenda:

5:00 PM Welcome & Networking
5:30 PM ISP use case
6:00 PM Q & A
6:30 PM Close – Pizza/Beer

Click the link to join the Sydney Splunk User Group, and RSVP to this event:

http://www.meetup.com/Splunk-Meetups/events/225002318/

Looking forward to seeing you there.

Canberra Splunk User Group Meetup

When: Thursday, 17 September 2015
Time: 4.30pm-6.30pm

The next meet up for the Canberra Splunk User Group is coming up.

At this meet up we will hear from Ashley Hartage, Senior Network Security Engineer at Verizon Enterprise Solutions. Ashley will be presenting on using SNMP for polling devices to track signature updates and versions.

Click the link to join the Canberra Splunk User Group, and RSVP to this event:

https://usergroups.splunk.com/group/canberra-splunk-user-group.html

Looking forward to seeing you there.