Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Splunk Unveils New Threat Detection, Analytics Offerings

Splunk, a provider of software that helps organizations gather and make use of machine data from a various sources, this week released Splunk Enterprise Security 4.0 (formerly Splunk App for Enterprise Security) and Splunk User Behavior Analytics (UBA) security solutions.

Splunk, a provider of software that helps organizations gather and make use of machine data from a various sources, this week released Splunk Enterprise Security 4.0 (formerly Splunk App for Enterprise Security) and Splunk User Behavior Analytics (UBA) security solutions.

The new Splunk Enterprise Security 4.0 is meant to help organizations track an attacker’s steps through ad hoc analysis, while Splunk UBA offers out-of-the-box capabilities for detection of cyberattacks and insider threats. According to Splunk, Enterprise Security 4.0 (ES) offers improved breach detection and better response to multi-stage attacks, while also offering collaboration capabilities through an extensible analytics framework. The release also offers a series of new features and benefits, such as Investigator Journal, which monitors ad hoc searches and activities to streamline analysis of multi-stage attacks.

Splunk Logo at HQES, which requires Splunk Cloud or version 6.3 of Splunk Enterprise, also comes with Investigator Timeline, which makes it possible to place events, activities and annotations within an investigation timeline for improved understanding and visualization of cause and effect. The features allows different members of a security team to place elements into the timeline to share their perspective of the event when collaborating on incident and breach investigations.

With Enterprise Security Framework, customers, vendors and third parties can extend the ES functionality with new applications that can run within ES. In addition to access to these apps, they also receive access to features such as alert management, risk, threat intelligence, and identity and asset frameworks.

Splunk UBA, which was built using technology gained from its $190 million acquisition of Caspida earlier this year, helps businesses improve breach detection based on machine learning, behavior baseline, and peer group analytics. According to Splunk, the solution was designed to provide security analysts with a kill chain visualization to help them focus on meaningful threats with malicious activities. By getting data into Splunk UBA quickly, organizations can operationalize security and streamline incident response, the company said.

“When critical networks are under assault, every second counts. Splunk security solutions give an edge to security teams by improving attack and breach detection and incident response,” said Haiyan Song, senior vice president of security markets, Splunk. 

“Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilize their data to detect, understand and take rapid, coordinated action across the organization,” she added. 

Both products will be generally available by the end of October this year, the company said.

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.