Refined User Experience, New Executive Visibility, and Enhanced Cloud Monitoring with Splunk Enterprise Security 7.0

Just like that, another year has gone by full of remote work, virtual conferences, and lengthy Zoom calls. And, although we were not able to see our fellow Splunkers in person at .conf21 that didn’t stop us from previewing the latest enhancements to Splunk Enterprise Security. And now, it gives us great pleasure to announce that Enterprise Security 7.0 is available!

This latest release is designed to help improve threat detection with advanced security analytics, give executives visibility into the health of the SOC, and showcases an all new user experience.

In Enterprise Security 7.0 we have continued to enhance our Risk Based Alerting (RBA) capabilities to provide a simple and elegant way to detect and respond to advanced threats. RBA helps organizations greatly reduce alert fatigue, and enables security teams to drive faster Mean-Time-to Detect (MTTD) and Mean-Time-to Respond (MTTR). This increased fidelity has resulted in reductions in false positive rates up to 30% and reduces alert volumes by up to 80%. Check out this .conf21 session to see it in action.

Okay, So What’s New with Enterprise Security 7.0?

With Enterprise Security 7.0 we continue to improve upon existing capabilities, while launching new features essential to the modern SOC.

Executive Summary Dashboard

Enterprise Security provides organizations with a tremendous amount of info on how your security program is running. The new Executive Summary Dashboard surfaces key performance indicators that provide insights on the overall health of the SOC and facilitate reporting to CISOs and other senior leaders.

The Executive Summary Dashboard allows you to quickly access the following key insights:

Security Operations Dashboard

Similar to the Executive Summary Dashboard, the Security Operations Dashboard shares key insights but provides deeper analysis capabilities designed for SOC managers and team leads. These deeper insights allow for analysis of assigned notables and analyst workflows, and notable dispositions.

In case you missed it, Enterprise Security 6.6 introduced a dispositions feature of incident review that allowed you to record whether an event was a true positive, false positive, or a benign positive. Now, with 7.0 you can see and report on this data over time, and get a deep dive into exactly which correlation sources contribute to each of the four default disposition types. This will allow your team to decide which correlation rules should be expanded on and which are eligible to be retired.

Check out this demo from .conf21 for a brief overview of the Executive Summary and Security Operations dashboards.

Cloud Security Monitoring Dashboards

Cloud complexity is on the rise and it is consistently challenging to get visibility into your environments, because many security teams are using numerous siloed security products that are not integrated. 75% of cloud infrastructure users are multicloud today, and two years from now 87% are expected to use multiple cloud service providers.

Cloud environments introduce new attack surfaces, such as new data streams, workloads, applications, and more to manage and secure. This increases risk and vulnerabilities. Enterprise Security 7.0 adds five brand new dashboards focused on data from Cloud native data sources to bring visibility across your hybrid environment with cloud security monitoring. These new dashboards are:

Automated Real-Time Content Updates

The Enterprise Security Content Updates app is included with Enterprise Security 7.0. and will proactively notify you when a new update to the Content Updates App is available. Now, you get the latest security content from the Splunk Threat Research Team, as soon as it is available.

Modernized User Experience

Enterprise Security has undergone a large change to the user experience, bringing it in line with other Splunk security products, adopting modern development frameworks and best practices. Also, Splunk Enterprise Security UI now allows you to switch between light and dark modes (Cloud Only), so you can choose what works best for you.

Get Started or Upgrade Today!

Splunk Enterprise Security 7.0 updates are available today in both Cloud and On-Prem environments. So no matter how you Splunk, you now have access to Splunk Enterprise Security 7.0.

To learn more about Splunk Enterprise Security 7.0, check out the recent .conf21 ES 7.0 overview presentation. We also invite you to check out the Splunk Security Analytics Virtual Event to see all the latest and greatest from Splunk for Security!

Thank you, and happy Splunking!

/en_us/blog/fragments/digital-resilience-pays-off
Style
two-column

Related Articles

Back from FiRST Berlin, discover CIRCL Passive SSL
Security
2 Minute Read

Back from FiRST Berlin, discover CIRCL Passive SSL

Phishing – What does it look like in machine data?
Security
2 Minute Read

Phishing – What does it look like in machine data?

Phishing hits a new level of quality
Security
2 Minute Read

Phishing hits a new level of quality

Duqu 2.0 – The cyber war continues on a new level
Security
2 Minute Read

Duqu 2.0 – The cyber war continues on a new level

Monitoring and alerting for activities of expired user accounts
Security
2 Minute Read

Monitoring and alerting for activities of expired user accounts

Using Splunk for Your Vulnerability Management
Security
3 Minute Read

Using Splunk for Your Vulnerability Management

Contextualize your data with threat intelligence information from Project Honey Pot
Security
3 Minute Read

Contextualize your data with threat intelligence information from Project Honey Pot

Updated Keyword App
Security
1 Minute Read

Updated Keyword App

Cisco Security Suite 3.0.2 now includes Cisco IronPort Email Security Appliance (ESA) Data
Security
1 Minute Read

Cisco Security Suite 3.0.2 now includes Cisco IronPort Email Security Appliance (ESA) Data

/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/subscribe-footer