Splunk Upgrades App for Enterprise Security

By Darryl K. Taft  |  Posted 2014-01-21 Print this article Print

"Splunk software already helped IDT security teams cut incident response times from minutes to seconds, and the new version of the Splunk App for Enterprise Security will further improve our security posture for internal and external threats," said Golan Ben-Oni, chief security officer and senior vice president of network architecture at IDT, in a statement. "One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data. The threat intelligence framework is also a welcome addition, as it will allow us to not only view all of our feeds in one place but also eliminate duplicated information on new threats."

Version 3 of the Splunk App for Enterprise security requires version 6 of Splunk Enterprise. Splunk customers who have purchased the Splunk App for Enterprise Security can download version 3.0 of the Splunk App for Enterprise Security on Splunk Apps.

At its Splunk Worldwide Users’ Conference in October, Splunk said eight of the world's top 10 telecommunications companies use Splunk software to manage security-related searches and to secure and troubleshoot global telecom networks when there are blips in service.

In December, Splunk announced that IDT was expanding its use of Splunk Enterprise 6 to become the company’s core operational intelligence platform across its entire organization. IDT originally selected Splunk Enterprise in 2009 to manage security-related searches and later introduced Splunk software to IT and engineering teams where Splunk is now used around the clock for securing and troubleshooting the company’s global telecom network.

However, last month, Splunk announced that IDT was replacing its legacy database technology and custom applications with Splunk Enterprise to centralize and gain visibility across huge volumes of machine data. The new features in Splunk Enterprise 6 support IDT’s plan to visualize and share business analytical insights with marketing and business teams.

"Splunk is a strategic part of our IT and business infrastructure because Splunk Enterprise is a key driver of the continuous innovation happening at IDT," Ben-Oni said in a statement. "Using Splunk Enterprise, we have vastly improved our security posture and responsiveness while also increasing our network’s effectiveness. Our business and marketing teams now eagerly anticipate the ability to visualize and report on business-related machine data, which we think will help us discover new market opportunities and revenue. The new features of Splunk Enterprise 6 that make it easier for business users to be hands on with Splunk software are a huge help in this endeavor."

IDT is expanding its use of Splunk Enterprise to gain visibility across the company’s networks, servers, applications and call detail records (CDRs), which will give the telecom company’s business executives and marketers real-time insights into the usage patterns and trends connected to their telecommunications products and services, company officials said.

Moreover, Splunk software is already being used to help IDT in IT operations, where IDT reports the mean time to resolve IT incidents improved by more than 20 minutes per incident as overall network uptime dramatically increased. IDT is using several Splunk apps including the Splunk App for Enterprise Security, Splunk App for PCI ComplianceSplunk App for Palo Alto NetworksSplunk App for Unix, and Splunk App for Microsoft Windows.

"Eight of the world’s top ten telecommunications companies use Splunk software because of the value it delivers to the business, and IDT’s broad adoption of the platform is a prime example of how to gain visibility into machine data generated inside a complex telecom infrastructure," said Vishal Rao, Splunk’s vice president of the Americas, in a statement. "IDT proves how effective Splunk software is at helping improve operations, accelerate innovation and mitigate risk."

Meanwhile, Splunk is not alone in using analytics to assist in rooting out cyber attacks and electronic fraud. SAS also is addressing the problem via SAS Analytics.

At a SAS Premier Business Leadership Series event in Orlando last October, SAS highlighted how financial institutions lack the ammunition to properly combat cyber-threats and how SAS is applying analytics to prevent and detect attacks.

"Though cyber-security is clearly a cross-industry issue, financial institutions are leading a trend toward convergence of fraud and cyber-crime prevention technology and operations in support of a holistic approach to cyber-security," said Stu Bradley, director of security intelligence Solutions at SAS. "This strategy will require new capabilities, not least to fill gaps in the technology marketplace as part of solving the biggest data challenges to date, and in proactively using better analytics to make real-time, risk-based decisions."


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel