Use the Fusion of Analytics Tradecraft With Dynamic Content to Transform Security Operations

We are pleased to announce the availability of premium content as a service for Splunk Enterprise Security (ES) to help accelerate the detection, investigation and response to security challenges.

Today, we are introducing the general availability of Splunk ES Content Update, an analytics tradecraft-based content service which provides guidance on how to detect threats, where to investigate and how to navigate the decision-making process to take better follow-on actions.

Additionally, Booz Allen Cyber4Sight for Splunk curated threat intelligence service that gives analysts greater power to detect and manage threats is now generally available.

Satellite Radio With Premium Channels

This new content service is analogous to satellite radio service, such as SiriusXM (available in the U.S.), where you buy a digital radio and subscribe to a subscription service. SiriusXM service (Splunk ES) includes several channels and you can sign up for additional premium channels (new offers) based on your listening preferences.

Over the past several years, our customers have been consolidating many security functions and using Splunk ES as their security analytics platform. These new offers augment the platform capability of Splunk ES by providing additional analytics capabilities to address a wide range of vulnerabilities, advanced threat detection and incident response challenges.

Why Now?  

The threat landscape is dynamic and existing security solutions require frequent updates to keep up with the threats. Often, security analysts need to know the “how” as much as they need to know the “what” about threats and risks to their environment. Analysts and investigators lack understanding of the threat landscape and the broad skills needed to get the context needed to identify real threats.

Identifying and developing analytics to investigate and remediate threats takes time and requires deep security expertise as well analytics development knowledge. Existing security tools used for threat response require detailed experience to stitch the story together to understand the full scope of attacks.

Splunk ES Content Update

This expands the use cases that Splunk ES customers can solve by the use of Analytics Stories that address Advanced Malware and Vulnerability challenges. By using Splunk, and if you have enough time and the right skills, you can potentially develop solutions such as the new offers on your own. However, developing analytics stories such as the ones included in Splunk ES Content Update requires many years of deep domain expertise and development experience.

Splunk ES Content Update includes a library of Analytics Stories that enables overburdened analysts and investigators to expedite their response to threats. Customers with security operations at all maturity levels can use the Analytic Stories feature to work smarter.

The subscription service enables Splunk domain experts and researchers to continuously improve the effectiveness of the solution independent of periodic software updates, making it possible for customers to proactively stay current.  

Available for free to all Splunk ES customers for the first year, you can download Splunk ES Content Update now. The Splunk ES Content Update will have a regular cadence of updates to help you address ongoing and time sensitive problems and threats faster.

Booz Allen Cyber4Sight for Splunk

Booz Allen Cyber4Sight for Splunk integrates threat intelligence generated by Booz Allen’s Cyber4Sight Managed Security Service directly into Splunk Enterprise Security.  

Cyber4Sight® goes beyond arbitrary risk scores and provides analysts with context, connecting indicators to the threat-actor and the intent behind the threat. It provides:

  • The combination of analytics-driven security of Splunk with the human-curated threat intelligence from Booz Allen
  • Integrated intelligence service gives threat hunters greater power to detect and manage threats
  • Intelligence monitoring and full-text reports from over 170,000 targeted sources from the open and closed internet

Cyber4Sight for Splunk can be downloaded today and is available on a subscription basis to eligible Splunk ES customers. Contact your Splunk sales representative for details.

We Look Forward to Continuing This Conversation

If you're joining us for our annual customer conference .conf2017 this week, you'll be able to attend sessions and learn more about both Splunk ES Content Update and Cyber4Sight for Splunk.

Ping me if you have any questions. Hope to hear from you!

Girish Bhat
Director, Security Product Marketing

Follow all the conversations coming out of #splunkconf17!

Girish Bhat

Posted by