Archive for October, 2015

Splunk Enterprise Security 4.0, Splunk UBA and the Splunk App for PCI Compliance 3.0 Now Generally Available

Splunk Enterprise Security and Splunk UBA Are a Leap Forward in Detecting and Responding Throughout the Lifecycle of Security Attacks

Splunk Inc, provider of the leading software platform for real-time Operational Intelligence, today announced the general availability of Splunk Enterprise Security 4.0 (ES), Splunk User Behavior Analytics (UBA) and the Splunk App for PCI Compliance 3.0. Splunk® ES includes major updates to help organizations track attackers’ actions with streamlined ad hoc analyses and event sequencing. Splunk UBA delivers out-of-the-box capabilities driven by machine learning and advanced analytics to help detect cyberattacks and insider threats. The Splunk App for PCI Compliance helps organizations verify their compliance to the Payment Card Industry Data Security Standards (PCI DSS).

“Splunk is the nerve center for security, enabling our customers to detect, understand and take rapid, coordinated action across the organization,” said Haiyan Song, senior vice president of security markets, Splunk. “Splunk Enterprise Security lets analysts visually correlate events over time and better communicate details of multi-stage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders. Together, they create a powerful defense that is further strengthened by hundreds of security apps available to Splunk customers on Splunkbase.”

Splunk ES Helps Organizations Detect, Scope and Respond to Advanced Attacks

Splunk ES 4.0 tackles multi-stage attacks with improved breach detection and response as well as improved collaboration through an extensible analytics framework. New features and benefits include:

– Investigator Journal keeps track of ad hoc searches and activities to streamline analysis of multi-stage attacks associated with breach detection and response.
– Investigator Timeline allows individual analysts to place any event, activity or annotation within a visual timeline to better understand and communicate the cause and effect of events and the details of advanced multi-stage attacks.
– Investigator Timeline also allows different security team members to place events, actions and annotations onto the visual timeline to share their analysis and understanding of the scenario to collaboratively investigate incidents, problems and breaches.
– Enterprise Security Framework allows customers, vendors and third parties to create, access and extend ES functionality with their own apps that can run within ES and utilize features such as the alert management, risk scoring, threat intelligence, and identity and asset frameworks.

Learn more about Splunk ES 4.0 on the Splunk website. Splunk ES 4.0 requires Splunk Cloud or Splunk Enterprise version 6.3.x.

Splunk UBA Adds a New Layer of Defense

Splunk UBA uses unsupervised machine learning, multi-entity behavior baselines, peer group analytics and advanced correlations to improve detection of cyber-attacks and insider threats. Benefits include:

– Helps detect anomalous behavior by users, devices and other entities within the enterprise, and then discover and combine patterns of anomalies into specific, actionable threats.
– Increases security analysts’ effectiveness by helping them to focus upon meaningful threats and malicious activities using kill chain visualizations.
– Operationalizes security through integration with the larger family of Splunk products, including rapid analysis of data from Splunk Enterprise and automatic creation of alerts in Splunk ES 4.0 for easy to manage incident response.

Learn more about Splunk UBA on the Splunk website.

Splunk App for PCI Compliance Measures the Effectiveness of PCI

Splunk App for PCI Compliance 3.0 is designed to help organizations verify their PCI compliance posture by reviewing and measuring the effectiveness and status of their technical controls. It can also identify and prioritize any control areas that need attention and lets organizations quickly address auditor requirements. Features include:

– New reports and searches covering the PCI DSS 3.1 standard.
– Updated user interface and additional technology add-ons.
– Built on the Enterprise Security Framework to take advantage of the alert management, risk scoring, threat intelligence, and identity and asset frameworks.

Learn more about the Splunk App for PCI Compliance on Splunkbase.

New Splunk App for AWS Announced at AWS re:Invent 2015

Splunk and FINRA to Present How Organizations Gain End-to-End Visibility in Large-Scale AWS Environments

AWS re:Invent 2015 and SAN FRANCISCO – October 6, 2015 – Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced the new release of the Splunk App for AWS at AWS re:Invent 2015. The new version of the app transforms AWS CloudTrail, AWS Config, Amazon CloudWatch, and now Amazon Virtual Private Cloud (Amazon VPC) Flow Logs into easy-to-use dashboards that provide comprehensive security, compliance and operational insights into Amazon Web Services (AWS) environments.

“The new Splunk® App for AWS provides leading enterprises with additional visibility and security as they move mission critical workloads to the cloud with confidence,” said Marc Olesen, senior vice president of cloud solutions, Splunk. “As they efficiently and productively deploy and manage AWS environments, enterprises benefit from end-to-end visibility and the ability to monitor user activity, resource changes, topology and network traffic flows. We are excited to show organizations how this can be done with Splunk cloud solutions at AWS re:Invent 2015.”

“Splunk is an excellent example of a company that leverages rapid, continuous innovation to the benefit of AWS customers,” said Terry Wise, vice president of channels and alliances, Amazon Web Services. “With the Splunk App for AWS, customers can further simplify their operational and security intelligence by centralizing their machine data into easy-to-use dashboards.”

“The Splunk App for AWS succeeded in providing us an effortless click through experience in configuring and monitoring all our AWS logs. Using the Splunk App for AWS we are able to visualize and represent our data in a way that makes sense to developers, system administrators and security professionals in one easy to manage interface. The new VPC Flow logging is an exciting and new added bonus that finally gives us insight into intra-VPC and inter-VPC traffic patterns,” said Nathan J Gibson, product privacy and security lead, ADT.