Archive for April, 2016

Splunk Enterprise Security 4.1 and Splunk User Behavior Analytics 2.2 Now Generally Available

New Versions of Splunk Enterprise Security and Splunk User Behavior Analytics Strengthen Analytics-driven Security

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced the general availability of Splunk® Enterprise Security 4.1 (ES) and Splunk User Behavior Analytics 2.2 (UBA). Together, Splunk ES and Splunk UBA provide customers with better machine learning, anomaly detection, context-enhanced correlation and rapid investigation capabilities. By extending user behavior analytics functionality into SIEM, Splunk continues to advance analytics-driven security solutions. Contact Splunk to purchase Splunk ES and Splunk UBA.

“We’re excited about these advanced capabilities that optimize how organizations detect, investigate and respond to threats,” said Haiyan Song, senior vice president of security markets, Splunk. “Customers now gain insights across the entire enterprise and take action more quickly by leveraging the combined power of machine learning, anomaly detection, correlation and ad-hoc investigation in an integrated solution.”

Organizations Can Now Leverage Splunk UBA Machine Learning Throughout the SIEM Workflow

Splunk UBA anomaly, threat and user context data are now available in Splunk ES. This integration includes the ability to:

  • Enhance detection and visibility of malicious attackers and insiders’ activities by combining and correlating behavioral analytics with data from enterprise and security technologies, such as threat intelligence, IPS and DLP.
  • Gain deeper context about anomalies relative to users, devices and applications in Splunk Enterprise and Splunk ES.

Splunk UBA Enhances Insider Threat and Cyberattack Detection Capabilities

Splunk UBA uses unsupervised machine learning and data science to enhance insider threat defense and cyberattack detection. New features and benefits delivered in UBA 2.2 include the ability to:

  • Define how threats are triggered from detected anomalies using the new Threat Detection Framework.
  • Increase data access and physical data loss coverage.
  • Improve precision, prioritization and correlation of threats with new data sources.

Learn more about Splunk UBA on the Splunk website. Splunk UBA can be run standalone or integrated with Splunk ES.

Splunk ES Powers Rapid Investigation of Advanced Threats

Splunk ES uses all machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information to gain organization-wide visibility and security intelligence. New features and benefits of ES 4.1 include the ability to:

  • Ingest Splunk UBA anomaly data with context for correlation against other alerts, feeds and data for more in-depth investigations.
  • Prioritize and speed investigations with risk scores added to the centralized incident review view.
  • Expand threat intelligence through the addition of Splunk Add-on for Facebook ThreatExchange.

Learn more about Splunk ES on the Splunk website. Splunk ES 4.1 requires Splunk Enterprise 6.3 or Splunk Cloud. Splunk ES can be run standalone or integrated with Splunk UBA.

New Splunk Enterprise Drives Down the Cost of Big Data Analytics

Reduces Historical Data Storage Costs Over 40 Percent; Splunk Cloud and Splunk Enterprise Introduce New Interactive Visualizations, Analytics and Cloud Apps

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced the general availability (GA) of Splunk® Enterprise 6.4 and a new Splunk Cloud release. Splunk Enterprise customers can now drive down the cost of big data analytics by reducing the storage costs of historical data by 40 percent to 80 percent whether deployed on-premises or in the cloud. Both Splunk Cloud and Splunk Enterprise include new interactive visualizations and an open library on Splunkbase where customers and partners can develop and share their custom visualizations. Other new features in both platforms include enhanced big data analytics, improved query performance, platform security and management improvements. Additionally, new cloud analytics apps are now available for Akamai Content Delivery Network (CDN) services, Amazon Web Services (AWS) and ServiceNow. Go to the Splunk website to download Splunk Enterprise 6.4 or to sign up for Splunk Cloud.

As more and more organizations collect, analyze and retain data at an astounding rate, storage is increasingly becoming the most expensive aspect of data analytics. Long-term data retention is becoming a critical issue as companies grapple with regulatory compliance, security investigations and the need to better understand long-term business trends.

“Splunk is passionate about making big data analytics more affordable for organizations of every size. Reducing the cost of historical data retention and analysis is a major part of delivering that value to our customers,” said Shay Mowlem, vice president of product marketing and management, Splunk. “Splunk Enterprise customers can now reduce storage costs for historical data by up to 80 percent for on-premises, cloud and hybrid deployments. We are also engineering long-term data archiving functionality into Splunk Cloud, which we expect to deliver later this year.”

“For many organizations, data retention costs are the single biggest factor driving analytics TCO. Splunk Enterprise addresses this problem with the new storage optimizations for historical data,” said Jason Stamper, analyst, 451 Research. “The new visualizations, analysis enhancements and storage cost reductions support Splunk’s vision for cost-effective machine data analytics and platform strategy.”

“We are pleased Splunk is continuing to focus on innovating its platform to provide better visualization options and lower cost of ownership,” said Ed Bailey, enterprise architect, TransUnion. “The previous version of Splunk Enterprise doubled our performance, and now the new storage optimization abilities in Splunk Enterprise 6.4 can significantly lower our storage costs. We have compared costs to other solutions including open source and Splunk has a lower total cost of ownership.”

“We rely on Splunk Enterprise for real-time visibility into key business metrics such as order volume, value and completion rates to provide the smoothest possible customer experience,” said Andre Pietsch, product manager, Otto Group. “The new visualization library and developer framework in Splunk Enterprise 6.4 will make it even easier to create custom visualizations specific to our needs, especially around transaction monitoring. Ultimately, we will be able to make critical business decisions even faster.”

Customers benefit from several features in the new releases:

Lower Cost of Long-term Data Storage (Splunk Enterprise Only)

  • Cut historical data storage costs with Splunk Enterprise by 40-80 percent, whether deployed on-premises, in the cloud or in a hybrid environment.
  • Enables users to selectively optimize the cost/performance of queries on their historical data.

Interactive Visualizations and Enhanced Analytics

  • Leverage portfolio of new pre-built visualizations and a new visualization library on Splunkbase.
  • Easily create or customize visualizations using the new developer framework.
  • Improved query performance and flexible data sampling options.
  • Enhanced predictive analytics: More accurately forecast trends and predict missing values.

Platform Security and Management

  • New views in Splunk management console provide deeper visibility into Splunk system event collection and health.
  • Additional support for web single sign-on for OKTA, Azure Active Directory and Active Directory Federation Services (ADFS).
  • Increase management flexibility and security using delegated administration roles.

Operational Intelligence for Cloud Services

  • Monitor and analyze the real-time performance, availability and security of the Akamai CDN service with the Splunk App for Akamai.
  • Ensure security, efficiency and cost management of an AWS environment with the new version of the Splunk App for AWS.
  • Track incidents, changes and event management processes in ServiceNow with the updated Splunk App for ServiceNow.