Splunk, maker of a popular operational intelligence and real-time analytics platform, announced a key upgrade of its Splunk App for Enterprise Security, which allows users to detect cyber-attacks and zero in on and root out the attackers.
Splunk App for Enterprise Security 3.0 features new visualizations that enable advanced threat detection, reducing the time to incident discovery and response. It also includes a new threat-intelligence framework, support for new data types, data models and pivot interface.
"The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyber attackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns," said Steve Sommer, chief marketing officer at Splunk, in a statement. "The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers."
Moreover, Sommer said the threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not—all threat feeds in a single view with de-duplicated threat information. "These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible," he said.
Splunk officials said threat detection speed and accuracy can be deciding factors in whether an attack becomes a massive data breach or a success story for security teams. To get a grasp on the nature of cyber-attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events. Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale, in real time.
"The Splunk App for Enterprise Security provides the flexibility and customization necessary for an incident responder, security professional or SOC [security operations center] to pull the information they need to the surface quickly," said Adrian Sanabria, senior security analyst at 451 Research, in a statement. "Researching a security incident is stressful enough—being able to identify threats through a simple point-and-click interface and easily create alerts is essential. The Splunk App for Enterprise Security helps the security professional work incidents and perhaps discover the source of an intrusion in as little time as possible."
New visualizations in Splunk App for Enterprise Security 3.0 enable security professionals to visually correlate data to identify anomalous behavior, providing a starting point for security investigations. And once an unusual data pattern for a person, application or system is identified, security personnel can access raw data and can create notable events for investigation and analysis workflows.
In addition, Splunk Enterprise 6 and the Splunk App for Enterprise Security includes a catalog of visualizations as a starting point and developers can create custom visualizations using the programming language of their choice with the Splunk Web framework.
Splunk officials also note that all data is security-relevant, and the Splunk App for Enterprise Security bolsters quick decision making within the context of business activity by supporting traditional log data, flow data, packet capture data, industrial control system data, external threat intelligence feeds and other business data that may be in databases.
As an example, IDT, a telecommunications and payment services provider, is using Splunk Enterprise 6 and the Splunk App for Enterprise Security to cut threat incident response times, Splunk officials said.