This week Splunk was named a leader in Gartner’s 2014 Magic Quadrant for Security Information and Event Management (SIEM) for the second year in a row. For the MQ, Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here.
We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We now have thousands of security and compliance customers across the world using Splunk for a wide range of use cases including log management, incident investigations, forensics, real-time correlations and alerting, advanced threat and anomaly detection, analytics and reporting, compliance, fraud detection, and much more.
Hundreds of you abandoned traditional SIEMs in favor of Splunk. Some of the reasons why were captured succinctly in the Gartner MQ. In Gartner’s words:
- “We continue to see large companies that are re-evaluating SIEM vendors to replace SIEM technology associated with partial, marginal or failed deployments…”
- “The greatest area of unmet need is effective targeted attack and breach detection. Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization”….”The situation can be improved with stronger threat intelligence, the addition of behavior profiling and better analytics…”
- “Scalability is a major consideration with SIEM deployments. For an SIEM technology to meet the requirements for a given deployment, it must be able to collect, process, store and analyze all security-relevant events. Events that need to be monitored in real time have to be collected and processed in real time”……….”Scalability also includes access to the data for analytics and reporting — even during peak event periods — with ad hoc query response times that do not preclude the use of an iterative approach for incident investigation. Query performance needs to hold up, even as the event store grows over time.”
Splunk is the opposite of these weaknesses and limitations, and this is why we have delighted our customers.
- Our customers see fast time-to-value and significant deployment success. We hear constantly from our customers that within minutes of the initial installation (even with our free, trial version here) they were able to get data into Splunk, search through the data to find events of interest, and turn raw data into useful reports. And since we scale out horizontally, the Splunk deployment can be done in phases to help ensure deployment success– no massive upfront, overly complex architecture required. Expand as you go.
- With Splunk, customers have drastically improved their ability to quickly detect advanced threats and breaches. Our customers put all their security-relevant data into Splunk and then write advanced searches and correlations to connect the dots to detect the minute fingerprints of APTs or sophisticated malicious insiders. They use Splunk’s ability to create baselines and then apply statistics to the baseline to spot deviations that are standard deviations off the norm. These outliers may be advanced threats. Also, customers know that external threat intelligence feeds are easy to hook up to Splunk to help them automatically sift through millions of IPs or domains to see if internal employees are visiting known, bad sites, or if known, bad, external IPs are trying to breach their perimeter. Our Splunk App for Enterprise Security ships with over a dozen free, third-party threat intelligence feeds.
- Scalability and speed is something Splunk handles extremely well with our flat-file datastore and our distributed architecture and search. Our largest customers index over 100TB a day! We can index all of an organization’s machine data and log files, whether it be from non-security products (custom apps, databases, help desk records, NetFlow, physical badge data, hypervisors, etc) or security products. This ability to index non-security machine data is crucial because as we know, the APTs of today are not signature-based and thus often evade detection from point security products…the APT fingerprints are in the non-security machine data. Lastly, since Splunk does not use a datastore/database with a fixed schema, we can index all your original data and make it available for searching, alerting, and reporting….all in real-time and at peak loads!
So thank you again to our happy security and compliance customers. We built this platform to make your job easier and to make your organizations more secure. And we share this award with you!
Again, to read the Gartner report, please register here