CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Splunk App for Enterprise Security Gets New Features

Splunk, a provider of software that helps organizations gather and make use of machine data from a diverse set of sources, has released the latest version of the Splunk App for Enterprise Security.

Now in Version 3.1, the company has introduced a new risk scoring framework to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data.

Splunk, a provider of software that helps organizations gather and make use of machine data from a diverse set of sources, has released the latest version of the Splunk App for Enterprise Security.

Now in Version 3.1, the company has introduced a new risk scoring framework to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data.

The app also includes new features to help users connect and visualize data on the fly and introduces guided search to make security analytics more accessible to a broad range of users without requiring knowledge of programming languages or command syntax, San Francisco, California-based Splunk said.

Key features in version 3.1 of the Splunk App for Enterprise Security include:

Risk-based Analytics: Enhance decision-making by applying a risk score to any data through a new Risk Scoring Framework. Helps security and IT teams prioritize, triage and be alerted to threats based on risk score, while also exposing contributing factors of the risk score to all relevant teams.

Visual Investigation: Gain faster, deeper insights across all machine data by giving users the ability to visually discover relationships by creating event swim lanes that organize and correlate all data.

Guided Search Creation: Simplify complex correlation across disparate data sources by building advanced searches in a guided user interface with little or no knowledge of any programming language or command syntax.

Domain Name-based Threat Intelligence: Adding onto the integrated Threat Intelligence Framework, which deduplicates and assigns weights to threat intelligence feeds, security teams can now integrate high-fidelity and complex URLs and domain names.

Advertisement. Scroll to continue reading.

“Adapting quickly to new attack techniques is the key for modern cybersecurity warriors, and the new version of the Splunk App for Enterprise Security was built specifically to help organizations remain agile in this dynamic landscape of zero-day and previously unknown attacks,” said Haiyan Song, vice president of security markets at Splunk. “Risk scoring provides prioritization beyond just event data to help security teams transform security analytics by identifying the most critical threats from the massive streams of data surrounding them. We believe the app will have a profound impact on the threat detection capabilities of organizations around the world.”

Version 3.1 of the Splunk App for Enterprise Security requires version 6.x of Splunk Enterprise and existing Splunk customers who have purchased the app can download version 3.1 of the Splunk App for Enterprise Security on Splunk Apps.

According to Splunk, more than 7,400 customers use its software, including government agencies, universities and service providers in over 90 countries.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.