Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Splunk Updates Enterprise Security App to Improve to Incident Detection and Response

Splunk, a San Francisco, California-based provider of software that helps organizations gather and make use of machine data from a diverse set of sources, today announced a new version of the Splunk App for Enterprise Security.

Splunk, a San Francisco, California-based provider of software that helps organizations gather and make use of machine data from a diverse set of sources, today announced a new version of the Splunk App for Enterprise Security.

Now in Version 3.0, the Splunk App for Enterprise Security offers new visualizations that enable advanced threat detection, resulting in a significant reduction in the time to incident discovery and response, the company said.

Additionally, the App includes a new threat intelligence framework, support for new data types and threat feeds, data models and pivot interface.

Splunk for Security

“In order to know and understand attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events,” the company said in an announcement. “Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale for even the largest IT environments, in real time.”

For enterprises that subscribe to threat intelligence feeds, Spunk can organize and de-duplicate the data to make it more useful to security teams, instead of just viewing the data like many SIEM solutions.

“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” said Steve Sommer, chief marketing officer, Splunk. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”

“Researching a security incident is stressful enough – being able to identify threats through a simple point-and-click interface and easily create alerts is essential,” added Adrian Sanabria, senior security analyst, 451 Research. “The Splunk App for Enterprise Security helps the security professional work incidents and perhaps discover the source of an intrusion in as little time as possible.”

“Splunk software already helped IDT security teams cut incident response times from minutes to seconds, and the new version of the Splunk App for Enterprise Security will further improve our security posture for internal and external threats,” said Golan Ben-Oni, chief security officer and senior vice president of network architecture, IDT. “One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data.”

Advertisement. Scroll to continue reading.

Version 3 of the Splunk App for Enterprise security requires version 6 of Splunk Enterprise. Splunk customers who have purchased the Splunk App for Enterprise Security can download version 3.0 of the Splunk App for Enterprise Security on Splunk Apps.

Splunk says that more than 6,400 customers use its software, including government agencies, universities and service providers in over 90 countries.

More information on the Splunk App for Enterprise Security 3.0 is available here.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.