Splunk Customers Find Threats Faster with Adaptive Response

Splunk and Partners to Demonstrate New Capabilities at RSA Conference 2017

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced five new members of the Splunk Adaptive Response Initiative. The growing program, initially announced last year, is a best-of-breed security initiative helping organisations better analyse, assess and respond to advanced attacks within their Security Operations Center (SOC). New members integrate security policy management, incident response and endpoint security capabilities and include AlgoSec, Demisto, RedSeal, Resolve Systems and Symantec (Advanced Threat Protection).

Increasingly sophisticated cyber threats like ransomware and attacks on the Internet of Things (IoT) security are disrupting and negatively impacting businesses across the globe. To detect and respond to these threats, businesses often rely upon point security solutions when a communicative multi-vendor environment is required to gain end-to-end threat visibility. The Adaptive Response framework provided by Splunk Enterprise Security (Splunk ES) orchestrates a wide range of security capabilities, enabling point solutions to work better together. One example of this is through ForeScout, a Splunk partner and Adaptive Response member that gives joint customers such as Brown-Forman visibility and control of devices connecting to its network in order to detect threats and execute a response faster than ever before.

“Leveraging the ForeScout Extended Module for Splunk via Adaptive Response, we can increase our holistic data defence and security to minimise the impact of malware and data breaches,” said Clayton Colwell, associate security engineer, Brown-Forman Corporation. “With these bi-directional communications, we anticipate even higher real-time visibility. This will enable us to minimise the time and resources needed to respond to emerging threats.”

Since its launch in 2016, the Adaptive Response Initiative has brought together over 20 industry leading security domains covering a wide range of security technologies, including next-generation firewall (NGFW), endpoint security, threat intelligence, identity management, incident response and more. By working together through Splunk ES, the initiative enables customers to analyse and correlate a wide range of data across their multi-vendor environments. By leveraging Splunk’s Adaptive Response framework, these customers and partners gain insights into all relevant data, helping security analysts discover new ways to gain end-to-end context and improve security posture.

“Digital transformation is forcing organisations to strengthen their security posture through security analytics. While thousands of organisations rely on Splunk to analyse, assess and respond to threats, we cannot fight them alone,” said Haiyan Song, senior vice president of security markets, Splunk. “Security is a team sport. It is more important than ever for industry-leading technologies in our Adaptive Response Initiative to work together and help organisations detect and defend themselves from growing cyber threats. We welcome our new Adaptive Response members and look forward to working with them to satisfy this critical market requirement.”

For more information, visit the Splunk website for a complete list of security technologies involved in the Adaptive Response Initiative.

Splunk Ranked #1 in Worldwide IT Operations Analytics Software Market Share

Second Year in a Row

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced it has been ranked number one in worldwide IT Operations Analytics (ITOA) software market share for 2015 by IDC, a leading provider of global IT research and advice. The IDC report* states that Splunk® software and cloud services claimed the top market share with 28.5 percent. This is IDC’s second study of vendor revenues and market shares in the rapidly growing ITOA software market. For the second year in a row, Splunk holds the greatest share of the market.

According to the IDC report authored by Tim Grieser and Mary Johnston Turner: “The company [Splunk] achieved rapid growth driven by expansion in log management and analysis capabilities. The number of data sources, data volumes, and use cases continued to expand driving increased customer adoption. Splunk has invested in solutions for Hadoop, mobile, real-time wire, and security. Splunk supports pre-packaged content and visualisation for a variety of use cases including IT operations and APM. This is making Splunk-based analytics available to an increasing variety of IT and business users.”

“We have seen rapid adoption of Splunk IT Service Intelligence (ITSI), which helped cement Splunk’s position as the number one market share leader for 2015 in the emerging ITOA market,” said Rick Fitz, senior vice president of IT markets, Splunk. “The latest IDC report is a strong proof point for the success our customers and partners experience with an analytics-driven approach to understanding and responding to complex enterprise environments.”

Splunk Enterprise and Splunk Cloud enable organisations to consolidate silos of machine data and use analytics to improve IT service health, reduce costs, resolve problems faster and drive critical business decisions. Splunk IT Service Intelligence, built on the powerful Splunk platform, is a machine learning-powered monitoring solution that employs analytics to help organisations find root cause faster and lower mean-time-to-resolution by providing unified service visibility, detecting emerging problems, and simplifying incident investigations and workflows.

Visit the Splunk website to learn how customers like Cox Automotive, Cardinal Health, and Surrey Satellite Technology (SSTL) use analytics from Splunk ITSI to gain real-time insights and increase IT operational efficiencies. Learn more about IT Operations Analytics with Splunk Enterprise and Splunk Cloud by visiting the Splunk website.

* IDC, Worldwide IT Operations Analytics Software Market Shares, 2015: Special Report (doc #US41663816 August 2016)

Personal Use Dev/Test Licenses for Splunk Enterprise and Splunk Cloud Customers

Given customers the freedom to explore with Splunk 6.5

Want to experiment with new data sources and start new projects? Splunk will soon provide paying customers with individual Development/Test (Dev/Test) licenses of Splunk Enterprise for non-production use.

Splunk will provide paying customers with personalised 50GB, 6-month term Dev/Test licenses for non-production use. These licenses will enable individual users within the organisation to experiment with new data sources, as well as encourage other users in the organisation to try out Splunk in a frictionless manner.

These are personalised licenses that are specific to an individual user within each paid customer account. Each user can only have one active Dev/Test license at a time.

Customers can acquire these licenses starting in early November 2016. The Dev/Test license is not stackable and has certain feature limitations.

Customers should pre-register their interest with Rivium by contacting your Rivium Account Manager and we can provide you with pre-registration details.

Splunk Removes Metered Enforcement in Splunk Enterprise

To optimize customer experience and satisfaction, Splunk Enterprise will no longer shut off search when a customer goes over their licensed data ingestion capacity.

This does not change a customers agreement with Splunk. All aspects of Splunks licensing remain the same: customers will still get license overage warnings and Splunk are retaining the Right to Audit language in the end user license agreement.

In order to enable this functionality, customers will need Splunk Enterprise 6.5 inclusive of a license key with this feature. All new, upgrade, or expansion orders booked on or after September 26, 2016 will receive keys with enforcement turned off. Existing customers can receive this same benefit by upgrading to Enterprise 6.5 and requesting a “no enforcement” key from their Splunk Rep or Splunk Authorized Partner after September 26, 2016.

The disabled enforcement applies to all traditional commercial, MSP, EDU, and Non-Profit licenses. Cloud behavior will not change with this announcement. Hard software enforcement (where we shut down search capabilities) remains on Dev/Test, Free, Developer, Trial and NFR licenses.

Splunk is passionate about customer satisfaction and this will ensure Splunk is available during a customers’ most critical times of need.

For assistance with upgrading your current environment to Splunk 6.5 and to obtain a “no enforcement” key, please contact your Rivium Account Manager.

Splunk Expands Adaptive Response Initiative to Strengthen Enterprise Security

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced the expansion of the Adaptive Response Initiative. The initiative, announced earlier this year, brings together leading vendors, leveraging end-to-end context and automated response to help organizations better combat advanced attacks through a unified defense. Acalvio, Anomali, Cisco, CrowdStrike, DomainTools, ForeScout, Okta, Proofpoint, Qualys, Recorded Future and Symantec have now joined the Splunk initiative, bringing together many new capabilities to enterprise security.

“More and more organizations are embracing Splunk® Enterprise Security (ES) as the nerve center of their Security Operations Center (SOC). It is important that we enable collaborative architectures so our customers can extend analytics-driven decisions across a multi-vendor security technology stack,” said Haiyan Song, senior vice president of security markets, Splunk. “Splunk welcomes the new participants of the Adaptive Response Initiative and is excited to deliver the new framework in Splunk ES. This helps the security industry to work closer together while helping organizations to leverage intelligence and automation to better defend against attacks.”

Advanced cyber adversaries are continuously leveraging new attack methods that span multiple domains, launching devastating attacks that often leave enterprises vulnerable. Despite advancements in security technologies, most solutions are not designed to work together out-of-the-box, making it challenging to coordinate a response. By leveraging adaptive security architecture, the Adaptive Response framework in Splunk ES provides end-to-end context and automated response across twenty of the world’s leading security technologies – enabling customers to quickly detect threats and execute response.

“The pace and variety of today’s cyberattacks combined with a wide range of security tools in the typical enterprise make for a daunting challenge for security professionals. For real visibility and a truly actionable approach, enterprises demand a level of multi-vendor integration across silos and tools that goes beyond the efforts of the past,” said Scott Crawford, research director of Information Security, 451 Research. “The Adaptive Response capabilities in Splunk Enterprise Security provide the centerpiece of a flexible, ecosystem-driven approach to combat advanced attacks through a more coordinated, automated response.”

Splunk Empowers IT, Security and Business Teams with Better Data Decisions from Machine Learning

Machine Learning Capabilities Drive New Versions of Splunk Products

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced new versions of Splunk® Enterprise, Splunk IT Service Intelligence (ITSI), Splunk Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Available on-premises or in the cloud, the newest versions of Splunk solutions leverage machine learning to make it faster and easier to maximize the value machine data can deliver to organizations.

Machine learning is bringing big data analytics into a new era, and Splunk is enabling companies to use predictive analytics to help optimize IT, security and business operations. Machine learning is being integrated as a core capability of the Splunk portfolio with packaged or custom algorithms to operationalize machine data in a variety of valuable use cases such as:

Focused Investigation: Identify and resolve IT and security incidents by automatically detecting anomalies and patterns in data.
Intelligent Alerting: Reduce alert fatigue by identifying normal patterns for specific sets of circumstances.
Predictive Actions: Anticipate and react to circumstances such as proactive maintenance that might otherwise disrupt operations or revenue.
Business Optimization: Forecast demand, manage inventory and react to changing conditions through analysis of historical data and models.

“Digital transformation has changed the way that organizations work. The big secret is that all of the change is underpinned by machine data. Machine learning enables organizations to get deeper insights from their machine data and ultimately increases the opportunity our customers can gain from digital transformation,” said Doug Merritt, President and CEO, Splunk. “The enterprise machine data fabric is the foundation for managing and deriving insights from that data at scale – and only Splunk provides the end-to-end analytics platform and ecosystem to support it.”

“At Intuit, we have grown and thrived for over thirty years by constantly transforming and re-inventing ourselves. Splunk has been a key technology in our journey for nearly ten years,” said Brian Ellison, vice president and chief architect at Intuit. “Hundreds of our employees go to Splunk solutions every day for answers and insights into complex IT and business questions. Splunk’s use of machine learning will strengthen its platform and can drive more value for our employees and customers.”

“Splunk supports pre-packaged content and visualizations for a wide variety of use cases, including IT operations, security and business analytics,” said Jason Stamper, data platforms and analytics analyst, 451 Research. “This is making Splunk-based analytics available to an increasing variety of IT and business users. With a broad integration of machine learning, Splunk provides a comprehensive answer to one of the biggest challenges facing modern organizations: how to harness diverse, prevalent and increasingly profuse amounts of data to gain valuable business insights.”

Splunk Cloud and Splunk Enterprise 6.5: New Innovations in Machine Learning and Data Analysis

Splunk Cloud and Splunk Enterprise make it even faster and easier to maximize the value of machine data. Splunk Cloud and Splunk Enterprise 6.5, generally available today, now provide custom machine learning and deliver a totally new user experience for data analysis and preparation, and much more. With Splunk Enterprise 6.5, customers can:

– Harness the power of machine learning with advanced analytics delivered by a rich set of commands and a guided workbench to create custom machine learning models for IT, security and business use cases.
– Simplify data preparation and expand data analysis to a wider range of users with a new intuitive interface and table data views designed for both specialist and occasional users.
– Lower on-premises TCO through tighter integration with Hadoop. Organizations can now roll historical data to Hadoop and utilize hybrid search to analyze all of their data in Splunk.

Download Splunk Enterprise or try Splunk Cloud today. You can learn more about what’s new in Splunk Enterprise 6.5 and Splunk Cloud on the Splunk website.

Splunk ITSI: Simplify Operations, Prioritize Problems and Align IT Through Machine Learning

Splunk ITSI, built on the powerful Splunk Platform, is a machine learning-powered monitoring solution that employs analytics to help organizations find root cause faster and lower mean-time-to-resolution by providing unified service visibility, detecting emerging problems, and simplifying incident investigations and workflows. Splunk ITSI 2.4, generally available today, applies machine learning to event data to help improve productivity across IT and the business. Splunk ITSI can help organizations:

– Improve service operations with pre-built machine learning by baselining normal operational patterns to dynamically adapt thresholds, thereby reducing alert fatigue, improving analysis and increasing reliability.
– Present real-time service insights and drive decision making by prioritizing incidents through event analytics, such as multivariate anomaly detection, supported with business and services context.
– Gain a single view of operations with an intuitive interface that prevents costly customizations through the flexibility, speed and scale of the Splunk platform.

Sign up for a free online sandbox of Splunk ITSI or learn more about Splunk ITSI on the Splunk website.

Splunk ES and Splunk UBA: Advance Analytics-Driven Security with Adaptive Response and Improved Threat Detection

Splunk advances its analytics-driven security vision and security analytics leadership with the new releases of Splunk ES and Splunk UBA. Splunk ES 4.5 provides a common interface for automating retrieval, sharing and response in multi-vendor environments. Splunk UBA 3.0 delivers new machine learning models, additional data sources and content updates of use cases. Splunk security updates help customers:

– Improve detection, investigation and remediation times by centrally automating retrieval, sharing and response through Adaptive Response and analytics-driven decision making in Splunk ES.
– Simplify analysis by understanding the impact of security metrics within a logical or physical Glass Table view in Splunk ES.
– Improve threat detection with use case updates in Splunk UBA, and gain targeted detection by prioritizing outcomes generated by packaged machine learning-based anomaly detection.

Splunk ES 4.5 and Splunk UBA 3.0 will be generally available by October 31. Learn more about Splunk ES and Splunk UBA on the Splunk website.

Splunk Named a Leader in 2016 Gartner Magic Quadrant for SIEM

Splunk Positioned Furthest in Completeness of Vision in Security Information and Event Management (SIEM) Category

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced it has been named a leader in Gartner’s 2016 Magic Quadrant for Security Information and Event Management (SIEM)* for the fourth straight year. Splunk is positioned as having the furthest completeness of vision in the Leaders quadrant. Gartner evaluated the Splunk security portfolio, including Splunk® Enterprise and Splunk Enterprise Security (ES). To view the report, go to the Splunk website.

“The need for early targeted attack detection and response is driving the expansion of new and existing SIEM deployments. Advanced users seek SIEM with advanced profiling, analytics and response features,” write Gartner report authors Kelly Kavanagh, principal research analyst, Toby Bussa, research director and Oliver Rochford, research director.

“After being named a leader in the Gartner Magic Quadrant for SIEM for four years running, Splunk is honored to now be positioned furthest for completeness of vision,” said Haiyan Song, senior vice president of security markets, Splunk. “We believe this industry-leading position is a reflection of the market fully embracing an analytics-driven approach to security, a testament to the strength of our security platform and the success our customers have achieved. As we continue to introduce new capabilities such as Adaptive Response, we will further strengthen the security posture of Splunk ES as the nerve center for security operations.”

To protect against advanced threats coming from motivated attackers, many modern enterprises are using Splunk as the nerve center of their Security Operations Center (SOC), and are complementing it with the addition of Splunk User Behavior Analytics (UBA) to automatically detect cyber attacks and insider threats. This expanded analytics-driven approach helps organizations to accelerate the analysis, detection and response to threats.

Splunk Wins Top Security Award at 2016 Computerworld Hong Kong Awards

Splunk Enterprise Security Named Best Security Information and Event Management Product

Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced that Splunk® Enterprise Security (ES) has been named the inaugural winner for best Security Information and Event Management (SIEM) product at the 2016 Computerworld Hong Kong Awards. The award recognizes software that provides real-time analysis of security alerts from network devices and applications.

“We are honored to be recognized by Computerworld Hong Kong and security professionals as the leader in SIEM,” said Haiyan Song, senior vice president of security markets, Splunk. “This award reflects our commitment to build products that help our customers gain end-to-end visibility into their data. By embracing a scalable and flexible SIEM solution, customers can use Splunk software as a nerve center for security and gain valuable insights through an analytics-driven security platform.”

Splunk solutions help identify threats and alerts in real time, enabling security teams to quickly contain, analyze and recover from threats. In addition to SIEM capabilities, Splunk solutions can be used for a wide range of IT operations use cases that touch security and compliance. These capabilities enable fast time-to-value and a strong ROI.

The Computerworld Hong Kong Awards, now in their 14th year, recognize the territory’s leading technology products, services and providers by giving IT users the opportunity to nominate and vote. For more information and a detailed list of categories and winners, please visit

Splunk Enterprise Selected as CDM Data Integration Solution for 25 Federal Civilian Government Agencies

Splunk Included in Five CDM Phase 1 Task Order Awards

Splunk Inc. (NASDAQ: SPLK), the leading software platform for real-time Operational Intelligence, today announced that Splunk® Enterprise will be used at the 25 largest civilian Departments and Agencies (D/As) covering 97 percent of the federal civilian government workforce. Splunk was included in task order awards 2A-2E under Phase 1 of the Department of Homeland Security (DHS) Continuous Diagnostic and Mitigation (CDM) Program, which is managed on DHS’s behalf by the General Services Administration (GSA) Federal Systems Integration and Management Center (FEDSIM). The integrators that won these awards are Knowledge Consulting Group, Booz Allen Hamilton, Northrop Grumman Corporation, and Hewlett-Packard Enterprise.

“Splunk is thrilled to be a part of the CDM program awards and to see Splunk Enterprise brought in as the core data integration tool to support federal civilian agencies,” said Kevin Davis, vice president of public sector, Splunk. “Federal organizations today are challenged more than ever with protecting their networks and data. The CDM mission is to help agencies navigate this challenge and reinforce cybersecurity defense capabilities. We are pleased to support this Phase 1 effort, and hope to be a part of CDM Phase 2 and Phase 3 awards over the next year.”

“We conducted an exhaustive evaluation of the best combination of technologies and services to meet the Phase 1 goals for DHS,” said Matthew Brown, vice president, cyber security services, Knowledge Consulting Group (now a wholly owned subsidiary of ManTech International Corporation). “As a cybersecurity leader, we immediately saw the value Splunk’s platform would offer to the CDM program. We are excited to work with Splunk to collaboratively support DHS and provide comprehensive, enterprise-wide capabilities to monitor its networks.”

“Government agencies today face an abundance of emerging threats. Our objective for CDM Task Orders 2B and 2D is to provide best-of-breed solutions to help civilian agencies proactively identify and mitigate vulnerabilities,” said Brad Medairy, senior vice president, Strategic Innovation Group, Booz Allen Hamilton. “Splunk Enterprise is an innovative machine data platform that will help improve agencies’ real-time monitoring capabilities and provide insights that would otherwise go unnoticed.”

Splunk Enterprise will help agencies aggregate, correlate, and analyze terabytes of CDM data and enable them to create a Master Device Record (MDR). A MDR compiles the data from an agency’s hardware, software and configuration management, and vulnerability management tools and brings it into a single, holistic view to provide full visibility into network activities and endpoint behaviors. Additionally, Splunk Enterprise will fully integrate endpoint, user behavior, and event management data and provide an enterprise view for leaders to monitor critical networks, systems and assets.

Phase 2 of the CDM program is focused on user privileges and behavior, while Phase 3 will aim to address event management, incident response and boundary protection.

For more information about how the Splunk analytics platform supports the Federal CDM program, read about it on Splunk Blogs and visit the Splunk website to learn more about how Splunk can make a difference to federal civilian agencies.

Splunk Enterprise Security 4.1 and Splunk User Behavior Analytics 2.2 Now Generally Available

New Versions of Splunk Enterprise Security and Splunk User Behavior Analytics Strengthen Analytics-driven Security

Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced the general availability of Splunk® Enterprise Security 4.1 (ES) and Splunk User Behavior Analytics 2.2 (UBA). Together, Splunk ES and Splunk UBA provide customers with better machine learning, anomaly detection, context-enhanced correlation and rapid investigation capabilities. By extending user behavior analytics functionality into SIEM, Splunk continues to advance analytics-driven security solutions. Contact Splunk to purchase Splunk ES and Splunk UBA.

“We’re excited about these advanced capabilities that optimize how organizations detect, investigate and respond to threats,” said Haiyan Song, senior vice president of security markets, Splunk. “Customers now gain insights across the entire enterprise and take action more quickly by leveraging the combined power of machine learning, anomaly detection, correlation and ad-hoc investigation in an integrated solution.”

Organizations Can Now Leverage Splunk UBA Machine Learning Throughout the SIEM Workflow

Splunk UBA anomaly, threat and user context data are now available in Splunk ES. This integration includes the ability to:

  • Enhance detection and visibility of malicious attackers and insiders’ activities by combining and correlating behavioral analytics with data from enterprise and security technologies, such as threat intelligence, IPS and DLP.
  • Gain deeper context about anomalies relative to users, devices and applications in Splunk Enterprise and Splunk ES.

Splunk UBA Enhances Insider Threat and Cyberattack Detection Capabilities

Splunk UBA uses unsupervised machine learning and data science to enhance insider threat defense and cyberattack detection. New features and benefits delivered in UBA 2.2 include the ability to:

  • Define how threats are triggered from detected anomalies using the new Threat Detection Framework.
  • Increase data access and physical data loss coverage.
  • Improve precision, prioritization and correlation of threats with new data sources.

Learn more about Splunk UBA on the Splunk website. Splunk UBA can be run standalone or integrated with Splunk ES.

Splunk ES Powers Rapid Investigation of Advanced Threats

Splunk ES uses all machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information to gain organization-wide visibility and security intelligence. New features and benefits of ES 4.1 include the ability to:

  • Ingest Splunk UBA anomaly data with context for correlation against other alerts, feeds and data for more in-depth investigations.
  • Prioritize and speed investigations with risk scores added to the centralized incident review view.
  • Expand threat intelligence through the addition of Splunk Add-on for Facebook ThreatExchange.

Learn more about Splunk ES on the Splunk website. Splunk ES 4.1 requires Splunk Enterprise 6.3 or Splunk Cloud. Splunk ES can be run standalone or integrated with Splunk UBA.