Splunk, a San Francisco, California-based provider of software that helps organizations gather and make use of machine data from a diverse set of sources, today announced a new version of the Splunk App for Enterprise Security.
Now in Version 3.0, the Splunk App for Enterprise Security offers new visualizations that enable advanced threat detection, resulting in a significant reduction in the time to incident discovery and response, the company said.
Additionally, the App includes a new threat intelligence framework, support for new data types and threat feeds, data models and pivot interface.
“In order to know and understand attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events,” the company said in an announcement. “Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale for even the largest IT environments, in real time.”
For enterprises that subscribe to threat intelligence feeds, Spunk can organize and de-duplicate the data to make it more useful to security teams, instead of just viewing the data like many SIEM solutions.
“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” said Steve Sommer, chief marketing officer, Splunk. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”
“Researching a security incident is stressful enough – being able to identify threats through a simple point-and-click interface and easily create alerts is essential,” added Adrian Sanabria, senior security analyst, 451 Research. “The Splunk App for Enterprise Security helps the security professional work incidents and perhaps discover the source of an intrusion in as little time as possible.”
“Splunk software already helped IDT security teams cut incident response times from minutes to seconds, and the new version of the Splunk App for Enterprise Security will further improve our security posture for internal and external threats,” said Golan Ben-Oni, chief security officer and senior vice president of network architecture, IDT. “One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data.”
Version 3 of the Splunk App for Enterprise security requires version 6 of Splunk Enterprise. Splunk customers who have purchased the Splunk App for Enterprise Security can download version 3.0 of the Splunk App for Enterprise Security on Splunk Apps.
Splunk says that more than 6,400 customers use its software, including government agencies, universities and service providers in over 90 countries.
More information on the Splunk App for Enterprise Security 3.0 is available here.