In this series about the characteristics of an analytics-driven security operations center (SOC), we previously discussed how Splunk Enterprise Security (ES) maps to the adaptive security architecture and threat intelligence capabilities of an analytics-driven SOC.
This week, will talk about advanced analytics and how it leads to a successful security operations center. Gartner defines advanced analytics as:
...the analysis of all kinds of data using sophisticated quantitative methods (such as statistics, machine learning, descriptive and predictive data mining, and simulation and optimization) to produce insights that traditional approaches to intelligence—such as query and reporting—are unlikely to discover.
In the context of security operations, advanced analytics capabilities can support a variety of different processes and tasks, including threat and vulnerability management, advanced threat detection, incident prioritization, and hunting and investigating. Behavioral analytics, for example, can be used to detect suspicious behavior without requiring prior knowledge of technical indicators of compromise (IOCs), and attack path modelling can be used to predict the potential path an attacker can take to escalate privileges.
Splunk Enterprise Security (ES) is an analytics-driven SIEM solution that helps SOC teams gain insights to quickly detect and respond to internal and external attacks, simplify threat management, minimize risk, and gain organization-wide visibility and security intelligence. The solution enables continuous monitoring, incident response and SOC operations. Splunk ES also helps SOC operations teams map to the five essential capabilities defined by Gartner.
For security operations, advanced analytics is the foundation that enables capabilities such as threat and vulnerability management, incident prioritization, advanced threat detection, and threat hunting and investigating.
The Splunk platform provides advanced analytics through machine learning techniques to identify anomalies and patterns that can speed investigations and discovery. This pre-built, use-case specific type of machine learning helps spot trends and outliers and can remove the “noise” generated by the massive number of events in your data. The Splunk Machine Learning Toolkit and Splunk User Behavior Analytics seamlessly deliver the power of machine learning through advanced analytics.
Heartland Jiffy Lube Protects Brand Reputation, Secures Data With Splunk Platform
Heartland Jiffy Lube is the nation’s largest franchisee of quick-lube retail service stores. It needed a cybersecurity platform to protect its brand and its most important resource—its data.
Since deploying Splunk ES and Splunk User Behavior Analytics as its analytics-driven SIEM platform, Heartland Jiffy Lube has seen benefits including:
- Realized time to value by implementing a SIEM and insider threat protection solution in only three weeks
- Gained platform to drive innovation with 25 percent less total cost of ownership
- Established real-time security investigations and insider threat protection
Heartland Jiffy Lube's new security program includes building a SOC, security policies and procedures and PCI compliance. With the Splunk platform, Heartland Jiffy Lube now has end-to-end visibility into its security posture and potential threats to the enterprise. The team can see a full breakdown of critical daily events to prioritize management and resolve issues quickly.
One important alert informed Heartland Jiffy Lube's security team that tens of thousands of DNS inquiries were generated at corporate headquarters by a few domains.
The team was able to quickly triangulate the threat and take a device of the network to avoid data exfiltration that could have harmed not only the bottom line, but more importantly, the brand. Want to know more about Heartland Jiffy Lube? Read the full case study.
Learn more about how organizations are using Splunk ES to drive their analytics-driven SOCs in our customer e-book, "Data Secrets Revealed: A Collection of Security Customer Stories." Want to see how Splunk ES maps to essential capabilities of an analytics-driven SOC? Check out our free whitepaper on the Five Essential Capabilities of an Analytics-Driven SOC.