Data analytics provider Splunk is forging ahead with expanding its security capabilities, thanks in part to the July acquisition of behavioral analytics vendor Caspida for $190 million. In a video interview with eWEEK, Muddu Sudhakar, former CEO of Caspida, and Haiyan Song, senior vice president of security markets at Splunk, provide some insight into how the Caspida and Splunk technologies work together
Song said that Splunk was looking for capabilities that make use of machine learning and data science to do more automated analysis. It found those capabilities in Caspida.
“A lot of attacks happen based on compromised credentials,” Song said. “So behavioral analytics based on users and based on entities is very important.”
In order to do behavioral analysis, there needs to be access to data, and that’s an area where Splunk excels, said Sudhakar, who is now vice president and general manager of security at Splunk. Data sources collected by Splunk include ActiveDirectory, firewall, file system and end-point logs.
“We have an integration using Splunk’s REST APIs to fetch data and analyze it,” Sudhakar said.
From a data analytics perspective, the Caspida technology makes use of big data tools, including elements from the Hadoop ecosystem. To help enable real-time analysis, technologies such as Apache Spark are part of the mix. Sudhakar explained that part of Caspida’s “secret sauce” is how it handles the analytics. To that end, Caspida built its own data engineering platform and its own data science platform for real-time data processing.
Splunk is currently gearing up for its user conference set to kick off on September 19 in Las Vegas. Song noted that Splunk plans on making additional announcements related to security at the user conference.
“It’s around how do we streamline the integration piece with data coming in,” Song said.
She added that there are also some ideas around threat scoring and unifying information.
Watch the full video interview with Sudhakar and Song below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.