Cyber threats are becoming increasingly sophisticated, employing multiple attack vectors and utilizing legitimate ports to exfiltrate sensitive company information. These threats often sit undetected on infected systems for months while modifying, viewing, and stealing your data. And unfortunately, finding them is only part of the battle. To effectively remediate them can require days or weeks of investigation from the security team to trace back through the kill chain to determine the source of the infection, the path it employed, and the actions it took. Of course, this is of concern on multiple fronts; not only does the infection remain for a longer period of time, but the cost of remediation can become significant in its own right.
Similarly, malicious insiders and employees engaged in risky behavior pose significant internal threats to an organization’s intellectual property. Yet detecting these behaviors can be difficult, and fully investigating them can be time-consuming and expensive.
The ability to quickly identify, investigate, and respond to internal and external threats throughout the organization is essential, but it requires the ability to correlate data from internal and external sources, including then integration of next-generation threat intelligence.
In response to this need, today Splunk announced the release of version 3.3 of the Splunk App for Enterprise Security, a security intelligence platform that addresses SIEM (Security Information and Event Management) use cases.
If you’re attending RSA 2015 in San Francisco this week, please stop by the Splunk booth (#3321) for a demo. Learn more about our presence at RSA by reading my Splunk at RSA blog post.
The latest version enables security teams to deliver contextual incident response and rapidly implement new threat detection techniques reducing the time to threat response. The key new features include:
- Context for Threat Intelligence: aggregate, de-duplicate and operationalize threat intelligence from multiple sources by ingesting STIX/TAXII and openIOC formats
- User Activity Monitoring: easily track any identity across your organization using prebuilt forms, and apply identity information to any event data to quickly detect and respond to advanced and insider threats
- Collaboration for Threat Response: deepen security team insights by sending or receiving any visualization, dashboard, key security indicator (KSI) or search
- Optimize Security Analyst Workflow: improve the continuity of security operations teams by automatically assigning notable events based on type or urgency
Splunk customers who have purchased the app can download version 3.3 of the Splunk App for Enterprise Security on Splunkbase on Thursday, April 30. New users can contact Splunk sales. Please visit the Splunk website for more information about Splunk App for Enterprise Security.