Use Analytics-Driven Decision Making and Automation to Improve Threat Detection and Operational Efficiency

SCL-Splunk-conf2016-Badge-4_fb-1200x627Today, we announced major advancements to our security analytics portfolio with a new version of Splunk Enterprise Security 4.5 (ES), which introduces significant innovations to Splunk ES.

Enterprise Security (ES) 4.5 includes Adaptive Response, which helps extend security architecture beyond legacy preventative technologies, and events-based monitoring to use connected intelligence for security operations to gain full visibility and responsiveness across the entire security ecosystem. The new release introduces Glass Tables, which expands the visual analytics capabilities of Splunk ES.

Meeting the growing needs of CISOs adopting automation and orchestration

Many Splunk security customers already use automation to eliminate routine tasks in order to accelerate detection and streamline their response times. A recent survey conducted by 451 Research reveals that 57% of enterprises are already taking actions to automate and orchestrate incident response (IR) processes while another 42% are currently automating/orchestrating IR processes, plan to automate/orchestrate IR processes, or are interested in automating/orchestrating IR processes sometime in the future.

Extend Analytics-driven Decisions and Automation with Adaptive Response

Splunk Adaptive Response is a common interface for automating retrieval, sharing, and responses in multi-vendor environments to help automate and optimize threat detection and remediation.


It provides the ability to register and configure automated or assisted response actions enabling you to effectively leverage your existing your security products, Firewall, IDS/IPS, Endpoint, Threat Intelligence, Incident Response, Identity, with Splunk ES as your central security intelligence platform.

You can use UI wizards and dashboards for specifying the nature of actions, categorizing actions, receive feedback on status of actions and results across a wide range set of entities.


The visibility into the capabilities and actions of each Adaptive Response Entity (Firewall, IDS/IPS, Endpoint, etc.) helps Splunk customers to view the list of actions available, select appropriate actions, deploy and manage the Entities and their actions in ways best suited to their environment, deployment and security operations. Analysts can automate actions or individually review response actions so that they can quickly gather more context or take appropriate actions across a multi-vendor security ecosystem.

Enhance Analytics With Glass Table Views

Glass Tables help you to create custom visualizations that reflect your workflows, topology, detect, investigate and respond sequences with dashboards, summary views with relevant context to suit your needs.


Glass Tables includes a visual analytics framework that uses key security metrics to create custom visualizations. Glass Tables has two modes, viz., Edit mode and View mode. The Glass Tables edit mode provides a intuitive visual editor, where you can create and modify visualizations, including security metrics searches based on data models and correlation searches. The Glass Tables View mode lets you see any visualization, which includes search results for security metrics based on data models and ad hoc searches.


You can better understand the impact of security metrics with logical or physical Glass Table views that are relevant to your environment. You can create persona-based views, for example Tier 1 or 2 SOC Analyst, etc., that are specific to your organization to accelerate investigation and remediation.

You can use the intuitive user interface with pre-built visuals to create views that will help you to assess the full impact of key metrics from Access, DNS, Identity, Email, IDS, Licensing, Malware, Notable, Performance, Risk, SSL, Threat Activity, Traffic, UBA, Updates, Vulnerability and Web data.

You can leverage custom or existing images as the background for dashboards that can be used by specific teams or across teams for collaboration. Glass Tables are the perfect complement to the existing rich set of Splunk ES user interface components such as dashboard, panel, sparkline, swimlanes, etc.

Updated 10/12/16: Splunk ES 4.5 is now generally available.

Contact us to find out how customers are already reducing investigation and remediation times by automating decisions or by using human-assisted decisions.

Girish Bhat
Director, Security Product Marketing

Follow all the conversations coming out of #splunkconf16!

Girish Bhat

Posted by