The global economy continues to rapidly digitize, creating oceans of security-relevant data and ever-growing digital footprints. In parallel, a rising volume of cyber criminals executing increasingly sophisticated, automated attacks are challenging Security Operation Centers (SOCs) to keep up with the new attack surface, which lives on premise and in the cloud. Splunk Security solutions allow customers to see the entire threat versus an individual incident.
The Combined Power of Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA) and Splunk Phantom
Splunk’s expanded suite of security solutions announced at .conf18 helps security analysts monitor, visualize, detect, investigate and act on internal and external threats via Splunk’s industry-leading security information and events management (SIEM) platform. Following Splunk’s acquisition of Phantom earlier this year, customers can now also take action on their data via Phantom’s security SOAR technology.
Splunk unveiled a range of new features to its flagship SIEM platform, including new event sequencing, which groups correlation searches and risk modifiers to optimize threat detection and accelerate investigations, and a new Use Case Library, which gives Splunk ES customers ready-to-use, research-driven and actionable security content that is relevant to their security operations. The Splunk ES Use Case Library gives customers an automatic way to discover new use cases, such as adversary tactics, cloud security, abuse or ransomware, to determine how to take action on threats within their own environment.
“Insider threats and external cyberattacks continue to have a costly impact on businesses and consumers alike. To build resiliency, organizations are recognizing that they need an analytics-driven security platform that merges security information and event management (SIEM) and user behavior analytics (UBA) functionality,” said Robert Boyce, managing director, Accenture Security. “Organizations are continuing to digitize rapidly, and clients need to look at threats across their value chain, so they can focus on the right threats, at the right time. Accenture is helping our clients improve cyber resilience by providing deep industry-specific solutions that use Splunk’s Use Case Library in Splunk ES and advanced anomaly scoring in Splunk UBA.”
“If you want to stay secure from today’s cyber threats, data analytics must be at the heart of your security strategy,” said Steve McMaster, director, managed security services, Hurricane Labs. “New Splunk ES features such as Event Sequencing and Use Case Library will provide immediate value in our SOC, helping to find and remediate threats faster. We look forward to expanding our use of Splunk and working with our customers to as they continue to embrace an analytics-driven approach to security.”
Splunk Phantom’s SOAR technology helps customers work smarter and respond faster, aiding SOCs to orchestrate tasks and automate complex workflows. With Splunk Phantom 4.0, customers gain access to a wide range of new features including clustering support, which helps customers scale their operations; a new indicator view, which gives analysts a threat-intelligence-centered way to perform investigations; and improved onboarding, which enables customers to take action with Splunk Phantom within minutes of deployment.
“Data is digital gold for every security team, but if you really want to lead with an analytics-driven approach to security, it’s essential that you can take action on the data you are ingesting,” said Sebastian Goodwin, senior director of cybersecurity, Nutanix. “Splunk Phantom has been a critical component of our SOC, enabling us to automate and orchestrate a response to security threats when we need to. New additions to Splunk Phantom, such as clustering support, will help us continue to scale our SOC and respond to threats - an absolute must as cyber criminals continue to get smarter and faster.”
Nearly half of all security breaches identify malicious insiders or criminal attacks as the root cause for data breaches. Splunk UBA 4.2 further extends the power of Splunk ES, helping analysts leverage machine learning to find internal and external threats and anomalous user behavior. New features in Splunk UBA 4.2 include user feedback learning, which enhances Splunk UBA anomaly model scoring to improve severity and confidence in threat detection; improved data ingestion performance by up to 2x, which strengthens data quality; and new single-sign-on authentication support, which helps SOC teams maintain compliant access controls across their security nerve center.
Splunk Adaptive Operations Framework
Splunk also announced the launch of the Splunk Adaptive Operations Framework (AOF). An evolution of the Splunk Adaptive Response Initiative, enhanced with the flexible API-driven framework from Splunk Phantom, Splunk AOF is the industry’s largest community of innovative security vendors, committed to improving cyber defense and security operations. With Splunk AOF, organizations can leverage Splunk in tandem with over 240 security technologies to ingest structured or unstructured data from any source, drive coordinated decisions supported by analytics and take action across a comprehensive range of technologies in the SOC.