Solera Networks, a provider of network forensics solutions, has released a new app enabling customers using its Solera DS Appliance to integrate security alerts coming from the popular Splunk platform.
Announced at the Black Hat conference in Washington DC earlier this week, the Solera DeepSee™ App for Splunk enables in-depth root cause analysis and investigation into any security alert managed through the Splunk platform. The free download adds an “investigate” button to quickly pivot users from any event to a Solera DS Appliance.
Splunk is operational intelligence software used to monitor, report and analyze live streaming IT data. Earlier this week Splunk announced that it added over 900 new customers in 2010, bringing the total to over 2,300 customers in 74 countries.
Splunk provides the ability to manage event data from a wide array of network security devices, including firewalls, intrusion detection/prevention (IDS/IPS) systems, servers, web gateways, and other network and security devices. With Splunk, system administrators and security professionals can navigate and search through log files, alerts, and other “meta data” describing the network event. The integration with Solera DeepSee allows these professionals to start from a high-level description in Splunk and drill down to a full-fidelity transcript and reconstruction of the network at the time of the event.
Solera DS Appliances enable IT teams to classify, store, and recreate every packet of network data that crosses the network, currently at speeds up to 10Gbps across physical and virtual networks.
“This integration with Splunk is a major move forward in our ability to combat and blunt the effects of the types of threats we are seeing today,” said Steve Shillingford, President and CEO of Solera Networks. “Splunk collects all the event data from the network and the integration allows you to then pivot from that data to the actual network traffic that is recorded, indexed and classified on Solera DS Appliances. From there you then investigate the events with the depth and clarity provided by Solera DeepSee. The root cause and scope of the event is identified, actual evidence and artifacts are uncovered, and time to remediation is drastically reduced.”
The new Solera DeepSee App for Splunk is free and available on Splunkbase for download and works with any of the Solera DS Appliances, including the Solera DS Virtual Appliance.
