While it’s always hard to pick a favorite, if you asked the customers attending .conf24 what new product announcement they were most excited about, the integration of Cisco Talos threat intelligence into Splunk’s security products would likely feature near the top of their list.
Today, we are pleased to announce the general availability of Cisco Talos threat intelligence to all Splunk Attack Analyzer customers globally.
Splunk Attack Analyzer automates analysis of suspected malware and credential phishing threats, such as emails with embedded QR codes, threats behind captchas, lure docs impersonating known brands, and more. Its unique capabilities allow security analysts to:
As a result, Splunk Attack Analyzer helps security analysts better understand active threats, reduce alert volumes, enhance detection efficiency, and accelerate investigations and decision-making for rapid resolution. For example, with Splunk Attack Analyzer, Southern Farm Bureau Life Insurance Company has:
Cisco Talos is a proven and trusted threat intelligence research team comprised of world-class researchers, analysts and engineers with unmatched visibility across the threat landscape, seeing more than 800 billion security events per day, 2000 new malware samples per minute and 2000 domains blocked per second.
Intelligence from Cisco Talos allows Splunk Attack Analyzer to detect net new threats, particularly those that are ephemeral in nature, and might already be taken down before they reach Splunk Attack Analyzer for analysis. Integrating with Cisco Talos allows Splunk Attack Analyzer to leverage Cisco’s rich threat intelligence and enrich URLs discovered in the attack chain with reputation results. Each URL analyzed by Splunk Attack Analyzer receives a threat level and threat category from Cisco Talos.
These capabilities are globally enabled for all Splunk Attack Analyzer customers and do not require any configuration for customers to realize further improvements to their threat detection efficacy.
Integration of Cisco Talos threat intelligence with Splunk Attack Analyzer
Following the announcement at .conf24, several customers had expressed their excitement about this integration. “We're excited to get additional depth of analysis by integrating Talos Threat Intelligence into Splunk Attack Analyzer. This will help us be more confident in automated actions we take and continue to bring the best of Splunk and Cisco together.” says Tony Iacobelli, Sr. Manager of Advanced Threat Response at Splunk.
Ready to automate threat analysis? We’ve got you covered! Visit the Splunk Attack Analyzer webpage or speak to your account manager to learn more.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.