Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Splunk Expands Security Intelligence With New App for Enterprise Security

Splunk, the maker of software that helps organizations gather and make use of machine data from a diverse set of sources, today released the latest version of the Splunk App for Enterprise Security.

Splunk, the maker of software that helps organizations gather and make use of machine data from a diverse set of sources, today released the latest version of the Splunk App for Enterprise Security.

The Splunk App for Enterprise Security, now in version 2.4, combined with Splunk Enterprise, creates a security intelligence platform that helps organizations find unknown threats in real time, such as detecting a malicious payload on a host system and its outbound communication, the company said.

Splunk App for Enterprise Security 2.4“Statistical analysis is the new weapon of the security warrior defending against threats that bypass traditional security detection systems,” said Mark Seward, senior director of security and compliance, Splunk. “Companies now understand that hidden in the terabytes of user-generated machine data are abnormal patterns of activity that represent the presence of malware or the behavior of malicious insiders.”

The new version of the Splunk App for Enterprise Security enables statistical analysis of HTTP traffic to help security professionals determine a baseline for what’s normal, and detect outliers and use those events as starting points for security analysis and investigation, Seward said.

(Screenshot of Main Dashboard of Splunk App for Enterprise Security)

Splunk App For Enterprise Security 2.4 Screenshot

Through statistical analysis, the Splunk App for Enterprise Security reveals attacks and threats including:

• Command and control (CNC) instructions embedded in URLs. The Splunk App for Enterprise Security automates the process to watch for outliers in the data.

• Hosts communicating with new malicious websites. Hosts that are talking to domains registered in the past 24-48 hours indicate a likely CNC site. Splunk users can correlate domain registrations and proxy data to monitor this in real time and historically.

• Significant increases in unknown communications. Monitoring proxy data for specific users with the Splunk App for Enterprise Security enables organizations to watch for spikes of unknown communications as an overall trend and by specific users.

• Unusual user agent strings in use. User agents automate the collection of data such as email, but during attacks user agents strings can also facilitate automated victim attacker communications. Splunk customers can monitor and be alerted about user agent anomalies in real time.

• Abnormal amounts of source/destination traffic. Track average amounts of traffic are tracked between source/destination pairs and calculated over user specified time frames. Statistical outliers are visualized in a scatter plot and can be used to start an investigation.

“The future of securing the enterprise relies upon using all available data, not just predetermined bits and pieces of traditional security data. Statistical analysis expands the value of that data. It can help uncover meaningful insight that often goes unrecognized in a mass of raw information,” said Scott Crawford, managing research director, security and risk management, Enterprise Management Associates.

Existing Splunk customers who have purchased the Splunk App for Enterprise Security can download version 2.4 of the Splunk App for Enterprise Security on Splunkbase, the company said.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).