Splunk for enterprise security

Recently named a Leader in the 2014 Gartner Magic Quadrant for Security Information and Event Management, Splunk introduces a new risk scoring framework in the Splunk App for Enterprise Security to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data. The app also includes new features to help users connect and visualise data on the fly and introduces guided search to make security analytics more accessible to a broad range of users without requiring knowledge of programming languages or command syntax. Splunk customers who have purchased the app can download version 3.1 of the Splunk App for Enterprise Security on Splunk Apps. New users are encouraged to contact Splunk sales.

Haiyan Song, vice president of security markets, Splunk, will highlight the important role the Splunk App for Enterprise Security plays within analytics-driven security teams in her keynote at RSA Conference Asia Pacific & Japan 2014. Song’s keynote, “The Analytics-enabled Security Operations Center – Best Practices for Improving Incident Response and Breach Investigation,” begins at 9:50 a.m. SGT, Wednesday, July 23 in the Grand Ballroom of the Marina Bay Sands in Singapore. Splunk experts will also be at booth #P2 throughout RSA Conference Asia Pacific & Japan 2014 with hands-on demonstrations of the Splunk App for Enterprise Security, Splunk Enterprise and some of the 150+ security-relevant apps available on Splunk Apps.

“Adapting quickly to new attack techniques is the key for modern cybersecurity warriors, and the new version of the Splunk App for Enterprise Security was built specifically to help organisations remain agile in this dynamic landscape of zero-day and previously unknown attacks,” said Song. “Risk scoring provides prioritisation beyond just event data to help security teams transform security analytics by identifying the most critical threats from the massive streams of data surrounding them. We believe the app will have a profound impact on the threat detection capabilities of organisations around the world.”

“Splunk's Enterprise Security App Version 3.1 represents a great step forward in providing security analytics to more roles across the security team. The addition of risk-based analytics and more in-depth threat intelligence, combined with the ability to connect and visualise disparate data, are extremely valuable and well aligned with the requirements we are hearing from end users,” said David Monahan, security research director, Enterprise Management Associates. “The new Guided UI allows any user to build sophisticated queries without foreknowledge of the Splunk analytics language, advancing the capabilities of every level of user, improving effectiveness and accelerating the ROI gained from Splunk.”

New features in the Splunk App for Enterprise Security focus on delivering risk-based analytics, connecting and visualising disparate data, and enriching security analysis with threat intelligence. Key features include:
· Risk-based Analytics: Enhance decision-making by applying a risk score to any data through a new Risk Scoring Framework. Helps security and IT teams prioritise, triage and be alerted to threats based on risk score, while also exposing contributing factors of the risk score to all relevant teams.
· Visual Investigation: Gain faster, deeper insights across all machine data by giving users the ability to visually discover relationships by creating event swim lanes that organise and correlate all data.
· Guided Search Creation: Simplify complex correlation across disparate data sources by building advanced searches in a guided user interface with little or no knowledge of any programming language or command syntax.
· Domain Name-based Threat Intelligence: Adding onto the integrated Threat Intelligence Framework, which deduplicates and assigns weights to threat intelligence feeds, security teams can now integrate high-fidelity and complex URLs and domain names.