Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Splunk Unveils New Threat Detection, Analytics Offerings

Splunk, a provider of software that helps organizations gather and make use of machine data from a various sources, this week released Splunk Enterprise Security 4.0 (formerly Splunk App for Enterprise Security) and Splunk User Behavior Analytics (UBA) security solutions.

Splunk, a provider of software that helps organizations gather and make use of machine data from a various sources, this week released Splunk Enterprise Security 4.0 (formerly Splunk App for Enterprise Security) and Splunk User Behavior Analytics (UBA) security solutions.

The new Splunk Enterprise Security 4.0 is meant to help organizations track an attacker’s steps through ad hoc analysis, while Splunk UBA offers out-of-the-box capabilities for detection of cyberattacks and insider threats. According to Splunk, Enterprise Security 4.0 (ES) offers improved breach detection and better response to multi-stage attacks, while also offering collaboration capabilities through an extensible analytics framework. The release also offers a series of new features and benefits, such as Investigator Journal, which monitors ad hoc searches and activities to streamline analysis of multi-stage attacks.

Splunk Logo at HQES, which requires Splunk Cloud or version 6.3 of Splunk Enterprise, also comes with Investigator Timeline, which makes it possible to place events, activities and annotations within an investigation timeline for improved understanding and visualization of cause and effect. The features allows different members of a security team to place elements into the timeline to share their perspective of the event when collaborating on incident and breach investigations.

With Enterprise Security Framework, customers, vendors and third parties can extend the ES functionality with new applications that can run within ES. In addition to access to these apps, they also receive access to features such as alert management, risk, threat intelligence, and identity and asset frameworks.

Splunk UBA, which was built using technology gained from its $190 million acquisition of Caspida earlier this year, helps businesses improve breach detection based on machine learning, behavior baseline, and peer group analytics. According to Splunk, the solution was designed to provide security analysts with a kill chain visualization to help them focus on meaningful threats with malicious activities. By getting data into Splunk UBA quickly, organizations can operationalize security and streamline incident response, the company said.

“When critical networks are under assault, every second counts. Splunk security solutions give an edge to security teams by improving attack and breach detection and incident response,” said Haiyan Song, senior vice president of security markets, Splunk. 

“Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilize their data to detect, understand and take rapid, coordinated action across the organization,” she added. 

Both products will be generally available by the end of October this year, the company said.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.