Splunk Unveils New Threat Detection, Analytics Offerings

Splunk, a provider of software that helps organizations gather and make use of machine data from a various sources, this week released Splunk Enterprise Security 4.0 (formerly Splunk App for Enterprise Security) and Splunk User Behavior Analytics (UBA) security solutions.

The new Splunk Enterprise Security 4.0 is meant to help organizations track an attacker’s steps through ad hoc analysis, while Splunk UBA offers out-of-the-box capabilities for detection of cyberattacks and insider threats. According to Splunk, Enterprise Security 4.0 (ES) offers improved breach detection and better response to multi-stage attacks, while also offering collaboration capabilities through an extensible analytics framework. The release also offers a series of new features and benefits, such as Investigator Journal, which monitors ad hoc searches and activities to streamline analysis of multi-stage attacks.

ES, which requires Splunk Cloud or version 6.3 of Splunk Enterprise, also comes with Investigator Timeline, which makes it possible to place events, activities and annotations within an investigation timeline for improved understanding and visualization of cause and effect. The features allows different members of a security team to place elements into the timeline to share their perspective of the event when collaborating on incident and breach investigations.

With Enterprise Security Framework, customers, vendors and third parties can extend the ES functionality with new applications that can run within ES. In addition to access to these apps, they also receive access to features such as alert management, risk, threat intelligence, and identity and asset frameworks.

Splunk UBA, which was built using technology gained from its $190 million acquisition of Caspida earlier this year, helps businesses improve breach detection based on machine learning, behavior baseline, and peer group analytics. According to Splunk, the solution was designed to provide security analysts with a kill chain visualization to help them focus on meaningful threats with malicious activities. By getting data into Splunk UBA quickly, organizations can operationalize security and streamline incident response, the company said.

“When critical networks are under assault, every second counts. Splunk security solutions give an edge to security teams by improving attack and breach detection and incident response,” said Haiyan Song, senior vice president of security markets, Splunk. 

“Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilize their data to detect, understand and take rapid, coordinated action across the organization,” she added.