Skip to main content
Press Release

Splunk Advances Analytics-Driven Security Solutions by Extending User Behavior Analytics into SIEM

Splunk Announces New Versions of Splunk User Behavior Analytics and Splunk Enterprise Security

RSA CONFERENCE 2016, SAN FRANCISCO - March 1, 2016 - Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced major advancements in its security analytics portfolio with new versions of Splunk® User Behavior Analytics 2.2 (UBA) and Splunk Enterprise Security 4.1 (ES). The new capabilities of Splunk UBA and Splunk ES provide customers the best union of machine learning, anomaly detection, context-enhanced correlation and rapid investigation capabilities. Security organizations can respond to prioritized true threats, gain additional visibility across the attack life cycle, and gain better insights into anomalous behavior and malicious activities across their organization. Both Splunk UBA 2.2 and Splunk ES 4.1 will be generally available in April 2016.

“Splunk UBA and Splunk ES play a vital role in helping to redefine the SIEM market. By enhancing Splunk UBA and expanding the ability for Splunk ES to ingest behavioral anomalies detected by Splunk UBA, we can make it easier for our customers to automate many typical SIEM tasks,” said Haiyan Song, senior vice president of security markets, Splunk. “Customers now leverage the power of data science with event-based correlation and ad-hoc searching to gain insight across the entire enterprise and improve security running Splunk UBA or Splunk ES in a standalone or integrated manner.”

“The citizens of San Diego are safer from cyber threats than many municipalities because we invest in the best people and the best software, like Splunk ES, to ensure we can quickly detect, analyze, investigate and respond to threats,” said Gary Hayslip, CISO, City of San Diego. “Splunk ES goes miles beyond traditional SIEMs by arming us with deep investigative and rapid response capabilities. We look forward to learning about and incorporating Splunk’s UBA solution that leverages data science and machine learning to dramatically expand our security capabilities and further secure our networks and infrastructure.”

“Splunk UBA is unique in its data science-driven approach,” said Mark Grimse, vice president of IT, Rambus. “Splunk UBA can automatically help find hidden threats thanks to its advanced use of machine learning. It has given our security analysts a way to stay ahead of and more quickly respond to cyberattacks and insider threats.”

“The ability to share anomalies and threats from Splunk UBA with Splunk Enterprise Security and correlate them as part of the workflow is a differentiator born out of Splunk’s behavioral analytics, which was well ahead of some of its key competitors,” said Scott Crawford, research director, 451 Research. “This integration further demonstrates the flexibility of the Splunk platform and extends the value it provides to customers.”

Machine Learning and Data Science Create New Possibilities for CSIRT and SOC Teams

Splunk UBA 2.2 includes data science and machine learning features that enhance insider threat defense, cyberattack detection and rapid incident investigations. By providing Splunk UBA multi-entity behavior-based anomaly and threat information into Splunk ES, organizations can leverage the power of both products to better detect and respond to threats. The ability to utilize UBA threat and anomaly data in conjunction with other alerts, threat intelligence, data feeds and context from across the organization opens up new capabilities for analysts, CSIRT and SOC teams.

Key product features include:

Organizations can now leverage Splunk UBA machine learning throughout the SIEM workflow

  • Add anomaly-based correlation capabilities to Splunk ES based on the results of Splunk UBA machine learning and statistical modeling.
  • Gain deeper context about anomalies relative to users, devices and applications in Splunk Enterprise and Splunk ES.

Teams can enhance insider threat and cyberattack detection using Splunk UBA

  • Define how threats are triggered from detected anomalies using the new Threat Detection Framework.
  • Increase data access and physical data loss coverage.
  • Improve precision, prioritization and correlation of threats with new data sources.

Rapid investigation of advanced threats using Splunk ES

  • Ingest Splunk UBA anomaly data with context for correlation against other alerts, feeds and data for more in-depth investigations.
  • Prioritize and speed investigations with risk scores added to the centralized incident review view.
  • Expand threat intelligence from social platforms through the addition of Facebook ThreatExchange support.

Splunk Enterprise Security 4.1 requires Splunk Enterprise 6.3 or Splunk Cloud.

Splunk at RSA Conference 2016

Attendees of RSA Conference 2016 can see live demonstrations of pre-release versions of Splunk UBA 2.2 and Splunk ES 4.1 at the Splunk booth #3321. Plan your RSA with Splunk: more information and Splunk’s in-booth theater schedule.

Stephen Fisher, vice president, network planning and security, Integra will present, “Providing First-Rate Security Services with Analytics-Driven Security,” on Wednesday, March 2 from 9:10 AM - 10:00 AM in Room North 132.

Splunk security evangelist Monzy Merza’s presentation, “Cloud Breach - Preparation and Response,” is scheduled for Friday, March 4 from 9:00 AM - 9:50 PM in Room West 3022.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) is the market-leading platform that powers Operational Intelligence. We pioneer innovative, disruptive solutions that make machine data accessible, usable and valuable to everyone. More than 11,000 customers in over 110 countries use Splunk software and cloud services to make business, government and education more efficient, secure and profitable. Join hundreds of thousands of passionate users by trying Splunk solutions for free:

Splunk>, Listen to Your Data, The Engine for Machine Data, Hunk, Splunk Cloud, Splunk Light, SPL and Splunk MINT are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2016 Splunk Inc. All rights reserved.

For more information, please contact:
Media Contact
Tom Stilwell
Splunk Inc.
Investor Contact
Ken Tinsley
Splunk Inc.