Splunk Buys Caspida for $190M, Adds Security Analytics

Machine data analytics provider Splunk bought Caspida to add machine learning and behavioral analytics to its security analytics portfolio.

Engineering pay

Splunk, which provides a platform for analyzing machine-generated data, announced it has acquired Caspida, which offers machine learning and behavioral analytics solutions.

The deal is worth $190 million, with Splunk acquiring the outstanding stock of Caspida and paying with approximately $127 million in cash and $63 million in restricted Splunk securities.

Splunk officials said the combination of Splunk and Caspida technology enhances security by combining breach response technology with breach detection solutions. Recent high-profile breaches show virtually all attacks happen with compromised credentials, and automated detection leveraging machine learning is the future for detecting known and unknown threats from insider and external attackers, Splunk said.

Splunk customers now have out-of-the-box user behavioral analytics to help detect, respond to and mitigate threats. The combination of Splunk's machine data platform with Caspida software will provide a comprehensive security analytics solution, the companies said.

"Splunk built its reputation in security by enabling customers to more effectively respond to breaches," Haiyan Song, senior vice president of security markets at Splunk, said in a statement. "With this acquisition, our customers can now also better detect advanced threats—the breaches that are becoming more complex and severe with each passing day. With Caspida, Splunk accelerates its focus on solving advanced threats—both external and from insiders—by shining a light on those who are wrongfully using valid credentials to freely and unpredictably exploit systems they have accessed. By addressing the entire lifecycle of known and unknown advanced threats, and by providing a platform to detect, respond to and automate actions, Splunk has further reinforced its position as the security nerve center."

Key capabilities of the combination of the Splunk and Caspida solutions include the ability to detect advanced, hidden and insider threats using data science. The combination also enhances the ability to improve threat detection with targeted incident response and helps increase security operations center (SOC) efficiency.

With the out-of-the-box data science that comes from the combined Splunk and Caspida technology, users get continuous threat and anomaly detection that applies multi-domain analysis using machine learning. The combined offering also uncovers hidden breaches and new attacks out-of-the-box without extensive customization.

In addition, the combination of Splunk and Caspida solutions provides threat activities relative to the kill chain with supporting evidence to enable targeted remediation. It also detects multi-domain (user, device and traffic applications) anomalies, and streamlines threat review and incident resolution.

To enhance SOC efficiency, the combined Splunk/Caspida offering will score and highlight the most important threats and anomalies to minimize alert fatigue. It also will detect and provide insights on threats and suspicious activities to complement and extend threat intelligence.

Splunk officials maintain that attacks with trusted access are often not detected by existing security approaches. Whether gaining access through compromised systems or tapping existing privileges to conduct malicious activities, attackers often do not need to deploy additional malware. These activities are dynamic, and attackers will find ways to evade traditional security technologies.

Moreover, even if detected, security analysts must find supporting evidence, often using a kill chain methodology to identify the progression of activities from intrusion to lateral movement to exfiltration. Caspida uses data science and machine-learning algorithms to detect advanced threats and malicious insiders—presenting a meaningful set of threats for SOC analysts and incident responders.

"We founded Caspida with a vision of applying data science to help solve the most pressing cyber-security challenges—advanced threats and insider threats," Muddu Sudhakar, CEO of Caspida, said in a statement. "By analyzing machine data and using data science to detect meaningful anomalous behavior of users, devices and entities, Caspida has solved a problem that previously required significant manpower and expensive, do-it-yourself toolsets."

Meanwhile, Dave Conte, chief financial officer at Splunk, said he expects Caspida to begin paying off by next year. "Operationally, we plan to spend this year integrating the technology and expect it to contribute to top line revenues next year," he said.