HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 12 MINUTES AGO.
You are here: Home / Applications / Splunk 3.1 for Faster Threat Detection
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Next-Gen Splunk Serves Up Faster Threat Detection
Next-Gen Splunk Serves Up Faster Threat Detection
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
05
2014



When it comes to real-time operational intelligence, Splunk is vying for market leadership. The company just rolled out version 3.1 of the Splunk App for Enterprise Security, complete with a new risk scoring framework that promises faster threat detection and containment.

Beyond allowing you to assign risks scores to any data, the app also lets you connect and visualize data on the fly. Then there’s the guided search feature that lets more users access security analytics without any knowledge of programming languages or command syntax.

Haiyan Song, Vice President of Security Markets at Splunk, said adapting quickly to new attack techniques is the key for modern cybersecurity warriors. The new version of the Splunk App for Enterprise Security, he explained, was built to help organizations stay agile in a dynamic landscape of zero-day and previously unknown attacks.

“Risk scoring provides prioritization beyond just event data to help security teams transform security analytics by identifying the most critical threats from the massive streams of data surrounding them,” Song said. “We believe the app will have a profound impact on the threat detection capabilities of organizations around the world.”

A Great Step Forward

One of the key new features in Splunk 3.1 is risk-based analytics, which promises to beef up decision-making capabilities by applying a risk score to any data so security and IT teams can prioritize, triage and receive alerts about threats based on risk score. Meanwhile, the visual investigation feature sets the stage for faster, deeper insights across all machine data with new capabilities that let companies visually discover relationships through event swim lanes that organize and correlate data.

The new version of the app also lets users simplify complex correlation across disparate data sources with advanced searches in a guided user interface that requires no programming language knowledge. Finally, there’s domain name-based threat intelligence, which deduplicates and assigns weights to threat intelligence feeds.

David Monahan, Security Research Director at Enterprise Management Associates, said Splunk's Enterprise Security App Version 3.1 represents a great step forward in providing security analytics to more roles across the security team.

“The addition of risk-based analytics and more in-depth threat intelligence, combined with the ability to connect and visualize disparate data, are extremely valuable and well aligned with the requirements we are hearing from end users,” said Monahan. “The new guided UI allows any user to build sophisticated queries without foreknowledge of the Splunk analytics language, advancing the capabilities of every level of user, improving effectiveness and accelerating the ROI gained from Splunk.”

Deciding Where To Start

We turned to Javvad Malik, a senior analyst at 451 Research, to get his take on the Splunk app. Fundamentally, he explained, Splunk's approach treats all IT logs and events as inputs and stores them at scale.

This enables companies "to undertake monitoring, forensics, investigations, etcetera,” Malik said. “The biggest challenge for most is deciding where to start from -- which is where the Splunk App for Enterprise Security comes into the picture to specifically assist security teams to leverage Splunk [technology].”

So far as the current release, he called it “pretty much in line” with what has emerged in response to market demand. Gathering data is one thing, he noted, making it usable and separating the news from the noise is another.

“However, even once meaningful data is separated, it needs to be risk assessed and scored,” Malik concluded. “This is where the security analytics capabilities of Splunk appear to be maturing very well and shows Splunk takes the time to research the market needs and develop its product in that direction.”

Tell Us What You Think
Comment:

Name:

K Basu:
Posted: 2014-08-11 @ 9:48am PT
Super good, a great step forward.

Ed.:
Posted: 2014-08-08 @ 8:31am PT
@Splunk User: Thanks for checking. The article is accurately talking about the general availability of version 3.1 of the Splunk App for Enterprise Security. However, as Splunk notes in their announcement, "Version 3.1 of the Splunk App for Enterprise Security requires version 6.x of Splunk Enterprise." Hence the confusion.

Here's a link to the announcement for further details:
http://www.splunk.com/view/SP-CAAAM8A

Splunk User:
Posted: 2014-08-08 @ 4:46am PT
Don't you mean 6.1? Splunk 3 was released 5 years ago...

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN APPLICATIONS
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

ENTERPRISE HARDWARE SPOTLIGHT
Chinese computer maker Lenovo got creative with the marketing campaign around its Yoga 3 Pro. Lenovo hired the Upright Citizens Brigade, a comic troupe, to help drum up visibility for its new device.

MOBILE TECHNOLOGY SPOTLIGHT
In its bid for the wearables market, Sony is reportedly developing a watch made out of electronic paper for release as soon as next year. The e-paper watch will emphasize style over tech innovations.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.