Splunk, a provider of software that helps organizations gather and make use of machine data from a diverse set of sources, has released the latest version of the Splunk App for Enterprise Security.
Now in Version 3.1, the company has introduced a new risk scoring framework to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data.
The app also includes new features to help users connect and visualize data on the fly and introduces guided search to make security analytics more accessible to a broad range of users without requiring knowledge of programming languages or command syntax, San Francisco, California-based Splunk said.
Key features in version 3.1 of the Splunk App for Enterprise Security include:
• Risk-based Analytics: Enhance decision-making by applying a risk score to any data through a new Risk Scoring Framework. Helps security and IT teams prioritize, triage and be alerted to threats based on risk score, while also exposing contributing factors of the risk score to all relevant teams.
• Visual Investigation: Gain faster, deeper insights across all machine data by giving users the ability to visually discover relationships by creating event swim lanes that organize and correlate all data.
• Guided Search Creation: Simplify complex correlation across disparate data sources by building advanced searches in a guided user interface with little or no knowledge of any programming language or command syntax.
• Domain Name-based Threat Intelligence: Adding onto the integrated Threat Intelligence Framework, which deduplicates and assigns weights to threat intelligence feeds, security teams can now integrate high-fidelity and complex URLs and domain names.
“Adapting quickly to new attack techniques is the key for modern cybersecurity warriors, and the new version of the Splunk App for Enterprise Security was built specifically to help organizations remain agile in this dynamic landscape of zero-day and previously unknown attacks,” said Haiyan Song, vice president of security markets at Splunk. “Risk scoring provides prioritization beyond just event data to help security teams transform security analytics by identifying the most critical threats from the massive streams of data surrounding them. We believe the app will have a profound impact on the threat detection capabilities of organizations around the world.”
Version 3.1 of the Splunk App for Enterprise Security requires version 6.x of Splunk Enterprise and existing Splunk customers who have purchased the app can download version 3.1 of the Splunk App for Enterprise Security on Splunk Apps.
According to Splunk, more than 7,400 customers use its software, including government agencies, universities and service providers in over 90 countries.