Improving and Enhancing the Security Operations Experience

The origins of Splunk's security journey is a story we are proud of. Why? Because it is about you. Our customer.

Some of you may know that Splunk did not start off in the security space. We were born in an IT environment where our first customers were IT customers, using Splunk to redefine the way they performed log management.

But those customers realized something early on that changed the trajectory of Splunk. They realized that the same data they were ingesting to monitor their IT environment could also be used in the context of security and protect their companies against the toughest cyberthreats. 

We listened to you then and started building security solutions to sit on top of Splunk Enterprise, such as Splunk Enterprise Security (ES), our market-leading security information and event management (SIEM). Fast forward to today, and we’re still listening. Your success is our success and listening to you continues to be our guiding light as we evolve on this security journey. 

You’ve told us that you want Splunk to give you a security operations suite that is in tune with your experiences in the security operations center (SOC). One that is focused on you and your work. You’ve said that you want scalable analytics capabilities, machine learning to be easier, faster and more effective. And you told us that you want the fastest response time possible.

Last week, we talked about our security vision and how we’re delivering on our SOC 2020 vision with the early access beta of Splunk Mission Control. But you don’t have to wait for Splunk Mission Control to become generally available to optimize your security operations now. 

Our product and engineering teams have been hard at work to deliver solutions that work toward improving your day-to-day experiences. We’ve made significant enhancements across our Splunk Security Operations Suite, which includes:

Below are just some of the highlights with each release. 

Introducing Splunk Enterprise Security 6.0

  • Analytics Reporting on Investigations: Now SOC managers can quickly gain visibility into their security team’s investigations with out-of-the-box reports of key security metrics ranging from number of investigations created and closed, oldest unclosed investigations, total time spent on investigations, and more. These metrics are exposed via SPL, so you can easily tailor the reports to the needs of your SOC.
  • Asset and Identity Framework Enhancements: New and improved asset and identity framework delivers greater scalability and performance for massive lookups enabling ease of maintenance as your organization grows. The new extensible fields enables richer context in more ways than ever for faster and more accurate investigations.
  • Splunk Machine Learning Toolkit (MLTK) Integration: New integration with Splunk MLTK ensures you are positioned to benefit from the future of advanced threat and anomaly detection. Enhanced machine learning algorithms delivers improved accuracy, resulting in 10% fewer notable events.

Introducing Splunk User Behavior Analytics 5.0

  • Custom Use Case Framework: Now content developers have the power and flexibility to develop, expand and deploy custom use cases enabling SOC teams to build advanced customized machine learning models for baselining and tracking deviations based on their security environment and use cases. 
  • Device Management: Easily manage known devices and unknown assets discovered by UBA for improved performance.
  • High Availability/Disaster Recovery (HA/DR): Now UBA provides a high availability solution in the event of partial or complete system failures. The HA/DR hot standby mode provides quick recovery in the event of an outage while minimizing data loss and SOC operational disruptions in the event of an outage. 

Introducing Splunk Phantom 4.6

Splunk Phantom 4.6 brings the power of SOAR capabilities straight to your mobile device. You can now access Phantom capabilities from the Splunk Mobile app—allowing you to work smarter, respond faster and strengthen your defenses by: 

  • Reducing mean time to response by addressing security notifications from anywhere at anytime, right from the app.
  • Viewing and triaging events, reviewing security artifacts, and running and viewing playbooks on-the-go—all without opening your laptop.
  • Collaborating with colleagues in real-time from the palm of your hand.

But Wait...There’s More! 

The Splunk Security Operations Suite is augmented with actionable use case content. Content that provides you with tactics, techniques and best practices to use Splunk for Security, no matter where you are on your journey. 

The Splunk Security Research team has been hard at work with the following releases:

  • ES Content Updates 1.0.43 (available to download this week): If you use AWS, GCP or Azure as your cloud infrastructure provider, this update features new content (Cloud Cryptomining Analytic Story) that leverages a cloud infrastructure data model (in beta) to monitor your cloud infrastructure and you can use the data model to write your own detection searches.
  • Splunk Analytic Story Execution App (ASX): This new app allows you to run an Analytic Story end-to-end and all-at-once, so you can gain use case relevant context and better insights across your environment. 
  • Open-Sourced Splunk Security Content: Security is a team sport—so now both Splunk and non-Splunk users can gain value, offer feedback, and build content to share with the broader community.
  • Splunk Attack RangeThis new framework allows analysts and threat hunters like you to create vulnerable instrumented systems in local or cloud environments so that you can simulate attacks and collect data in Splunk—all in a shareable, community-friendly fashion.

And don’t forget, we’ve recently released Splunk Security Essentials 3.0 which features:

  • A major UX Overhaul to help users access what they need more quickly.
  • Detailed UBA and ESCU content so that you can understand what and how those products can benefit you.
  • Thorough integrations with MITRE ATT&CK to help content teams find gaps, help management justify data sources, and help analysts understand why alerts fired.

Phew—I wasn’t joking when I said our teams have been busy! All of these improvements to the Splunk Security Operations Suite are aimed to help you be more productive, efficient and empower you with the right information to make the best decisions possible. 

Get Started Now

The Splunk Security Operations Suite powers tomorrow’s SOC today. By unifying advanced security analytics, machine learning, automation and orchestration technologies, once you make a decision, we provide you with the means to take action at machine speed—so you can turn your attention to the next big threat. 

For more information, check out our solution guide to find out how you can modernize your security operations now.

Need to get hands-on first? No problem. 

  • Try the free seven-day cloud Splunk ES Sandbox to get started in minutes. 
  • Contact us to take advantage of a free cloud-based sandbox trial of Splunk UBA. 
  • Get started with Splunk Phantom by downloading the free community edition.

Contact us to find out how you can benefit from the Splunk Security Operations Suite.

Happy Splunking!

Catch up on all the conversations from #splunkconf19!

Posted by

Show All Tags
Show Less Tags