Splunk Upgrades App for Enterprise Security
Splunk's latest App for Enterprise Security features new visualizations to help security staff track cyber attackers.Splunk, maker of a popular operational intelligence and real-time analytics platform, announced a key upgrade of its Splunk App for Enterprise Security, which allows users to detect cyber-attacks and zero in on and root out the attackers. Splunk App for Enterprise Security 3.0 features new visualizations that enable advanced threat detection, reducing the time to incident discovery and response. It also includes a new threat-intelligence framework, support for new data types, data models and pivot interface. "The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyber attackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns," said Steve Sommer, chief marketing officer at Splunk, in a statement. "The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers." Moreover, Sommer said the threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not—all threat feeds in a single view with de-duplicated threat information. "These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible," he said.
Splunk officials said threat detection speed and accuracy can be deciding factors in whether an attack becomes a massive data breach or a success story for security teams. To get a grasp on the nature of cyber-attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events. Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale, in real time.