New Splunk Security Solutions Advance as the Nerve Center for Security
- By : Editor
- In : News
- Comments : Comments Off on New Splunk Security Solutions Advance as the Nerve Center for Security
Splunk Takes Organizations’ Security Posture to the Next Level with Splunk Enterprise Security 4.0 and Splunk User Behavior Analytics
Splunk Inc, provider of the leading software platform for real-time Operational Intelligence, today announced a leap forward in detecting and responding across the entire lifecycle of modern security attacks. Splunk® Enterprise Security 4.0, formerly named the Splunk App for Enterprise Security, includes major updates to help organizations track attackers’ steps through streamlined ad hoc analyses and event sequencing. Splunk is also announcing Splunk User Behavior Analytics (UBA), a new solution developed from the acquisition of Caspida, Inc. Splunk UBA delivers out-of-the-box capabilities driven by machine learning and advanced analytics to detect cyberattacks and insider threats. Splunk Enterprise Security 4.0 and Splunk UBA will be generally available by October 31, 2015.
“When critical networks are under assault, every second counts. Splunk security solutions give an edge to security teams by improving attack and breach detection and incident response,” said Haiyan Song, senior vice president of security markets, Splunk. “Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilize their data to detect, understand and take rapid, coordinated action across the organization. Splunk Enterprise Security lets analysts visually correlate events over time and communicate details of multi-stage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders – advanced attackers including malicious insiders.”
“Splunk is the trailblazer in security analytics and is continuing its path of innovation with Splunk Enterprise Security and Splunk UBA,” said Robert Herjavec, Founder and CEO, Herjavec Group. “Splunk solutions continue to help us protect our clients from rapidly changing attack techniques. Splunk Enterprise Security 4.0 represents another significant step in how we help our clients tackle multi-stage attacks while Splunk UBA promises to illuminate anomalies using disparate machine data to defend against the most dangerous breaches, those responsible for most of the headlines.”
”Splunk continues to address analytics-driven security through product developments and strategic acquisitions,” said Scott Crawford, research director, 451 Research. “Splunk Enterprise Security is designed to help practitioners conduct more efficient investigations and provides a new open framework that further supports a growing ecosystem of partners. Splunk User Behavior Analytics extends threat detection for customers through data science and machine learning.”
Splunk Enterprise Security Helps Organizations to Detect, Scope and Respond to Advanced Attacks
Splunk Enterprise Security 4.0 (ES) tackles multi-stage attacks with improved breach detection and response as well as improved collaboration through an extensible analytics framework. New features and benefits include:
– Investigator Journal keeps track of ad hoc searches and activities to streamline analysis of multi-stage attacks associated with breach detection and response.
– Investigator Timeline allows individual analysts to place any event, activity or annotation within an investigation timeline to better understand, visualize and communicate the cause-and-effect of events and the details of advanced multi-stage attacks. For example, users could apply the kill chain within the timeline during investigations.
– Investigator Timeline also allows different security team members to place events, actions and annotations into the timeline to share their perspective of the scenario to collaboratively investigate incidents, problems and breaches.
– Enterprise Security Framework allows customers, vendors and third parties to create, access and extend ES functionality with apps that can run within ES and access functionality such as the alert management, risk, threat intelligence, and the identity and asset frameworks.
Splunk Enterprise Security 4.0 requires Splunk Cloud or version 6.3 of Splunk Enterprise.
Splunk UBA Adds a New Layer of Cyber Defense
Building upon technology recently acquired with Splunk’s purchase of Caspida, Inc., Splunk UBA uses machine learning, behavior baseline, peer group analytics and advanced correlations to improve breach detection. Benefits include:
– Improve detection of cyberattacks and insider threats.
– Increase security analysts’ effectiveness by helping them to focus upon meaningful threats with malicious activities using a kill chain visualization.
– Operationalize security by rapidly getting data into Splunk UBA and streamlining incident response by leveraging the proven power of Splunk solutions.
Go to the Splunk website to learn more about Splunk UBA.