Splunk Attack Analyzer Introduces Built-in Translation and Achieves SOC 2 Compliance

We’re excited to share that Splunk Attack Analyzer recently introduced the ability to translate content and achieved SOC 2 Type II certification.

Built-in Translation for Emails and Documents

Phishing emails pose a variety of challenges for SOCs today. Analysts are dealing with an overwhelming amount of potential phishing threats to triage and address each day, and traditional analysis tools often can’t navigate modern evasion and obfuscation techniques that attackers employ throughout the attack chain. As a result, analysts often have to manually collect and analyze intelligence from disparate security tools to understand whether it’s a legitimate threat and — if it is — what exactly the threat actor is trying to accomplish.

This process is made even more arduous if your SOC receives potential phishing threats in languages your analysts aren’t familiar with. For example, employees of multinational enterprises may receive phishing emails that use their local language to target them. If the SOC isn’t familiar with that language, analysts then need to spend even more of their time — and use more tools — to safely translate the content to support the investigation process.

But not anymore! Splunk Attack Analyzer’s automated analysis capabilities now include in-platform translation for emails and documents. When a potential phishing email is submitted to Splunk Attack Analyzer, the solution automatically performs the actions required to fully execute the attack chain, including:

• Automatically extracting the original email
• Analyzing the email for attachments and URLs
• Performing a full attack chain analysis for each of the objects discovered in the email

Analysts can then view screenshots of the extracted email and/or documents, as seen in the image below.

Original email extracted by Splunk Attack Analyzer

But wait…my analysts aren’t familiar with French. Not a problem: now, they can simply click the “View translation” button to see a translated version of the email — without needing to navigate to a separate screen or tool.

Translated email content directly within Splunk Attack Analyzer

With this, analysts can quickly get additional context about the threat without interrupting the process to make time for translation, helping SOCs further accelerate the investigation and response process.

SOC 2 Compliance for Splunk Attack Analyzer

Splunk Attack Analyzer also recently achieved SOC 2 compliance. As explained on Compliance at Splunk, SOC 2 compliance “is designed to provide assurance about the effectiveness of controls in place that is relevant to the security, availability, and confidentiality of the systems where customer data is processed.”

In addition to SOC 2, Splunk Attack Analyzer also maintains SOC 1 and ISO 27001 compliance, which focus on the protection of financial information and information security management systems, respectively.

Get Started with Splunk Attack Analyzer

Splunk Attack Analyzer’s translation feature is now available to all current customers, and additional information and documentation about SOC 2 compliance is accessible from the Customer Trust Portal.

Looking to learn more about Splunk Attack Analyzer? Check out our on-demand webinar Splunk Demo Day: Automating Threat Analysis with Splunk Attack Analyzer for a step-by-step demo of the solution.