Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Splunk Updates Enterprise Security App to Improve to Incident Detection and Response

Splunk, a San Francisco, California-based provider of software that helps organizations gather and make use of machine data from a diverse set of sources, today announced a new version of the Splunk App for Enterprise Security.

Splunk, a San Francisco, California-based provider of software that helps organizations gather and make use of machine data from a diverse set of sources, today announced a new version of the Splunk App for Enterprise Security.

Now in Version 3.0, the Splunk App for Enterprise Security offers new visualizations that enable advanced threat detection, resulting in a significant reduction in the time to incident discovery and response, the company said.

Additionally, the App includes a new threat intelligence framework, support for new data types and threat feeds, data models and pivot interface.

Splunk for Security

“In order to know and understand attacks as they unfold, organizations must collect any data that may be security relevant and correlate it with business data that can provide context for security events,” the company said in an announcement. “Splunk Enterprise 6 and the Splunk App for Enterprise Security 3.0 combine to form a security intelligence platform that can support advanced security analytics at scale for even the largest IT environments, in real time.”

For enterprises that subscribe to threat intelligence feeds, Spunk can organize and de-duplicate the data to make it more useful to security teams, instead of just viewing the data like many SIEM solutions.

“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” said Steve Sommer, chief marketing officer, Splunk. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”

“Researching a security incident is stressful enough – being able to identify threats through a simple point-and-click interface and easily create alerts is essential,” added Adrian Sanabria, senior security analyst, 451 Research. “The Splunk App for Enterprise Security helps the security professional work incidents and perhaps discover the source of an intrusion in as little time as possible.”

“Splunk software already helped IDT security teams cut incident response times from minutes to seconds, and the new version of the Splunk App for Enterprise Security will further improve our security posture for internal and external threats,” said Golan Ben-Oni, chief security officer and senior vice president of network architecture, IDT. “One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data.”

Version 3 of the Splunk App for Enterprise security requires version 6 of Splunk Enterprise. Splunk customers who have purchased the Splunk App for Enterprise Security can download version 3.0 of the Splunk App for Enterprise Security on Splunk Apps.

Splunk says that more than 6,400 customers use its software, including government agencies, universities and service providers in over 90 countries.

More information on the Splunk App for Enterprise Security 3.0 is available here.

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...