Splunk Enterprise (SIEM): Why Splunk For Security?

The complexity and frequency of cyber attacks is making every company rethink the tools, systems and processes they use for combating advanced threats.


Video Transcript

When thinking about cyber threats, there are four types of data that the cybersecurity professional needs to think about. Log data, all the human-to-machine and machine-to-machine interactions. Threat intelligence data, the perspective of others, what's happening outside of my environment.

Contextual data, the kind of data that would validate that this is or is not a problem. Gene entered via the southwest door. Bill is on vacation this week. William is a VP. Jim is not a technical user. Binary data, the bits and bytes inside the packets of data being transmitted.

The absence of any of these leaves a hole in the security person's thought process. Sometimes the amount of data can be overwhelming. Sometimes we need to remember certain pieces of information for a long time.

So we've got to take in a variety of highly variable data types from a wide variety of data sources and at volumes and velocities which are tough to handle. Then we have to turn this data into information we can use to identify advanced unknown threats.

We need a single big data system. Well, the security practitioner's brain is the wrong place to put this data. We don't pay them to store data. We pay them to use their creativity in combating security threats.

Let's put all that data into Splunk instead and let the security person use their creativity to ask questions of their data and let Splunk help the security practitioner identify fraud, insider threats, and other anomalous behaviors.

Was Jim on vacation when, six months ago, he sent an email from his desktop to Joe that had an infected attachment that was sending information to an IP address on my threat list? And how many times has this happened?

When asked questions, Splunk returns the information as a table or a graphic that lets the security professional view the information in the context of other data in a particular time frame. They can then pick out suspicious event patterns and build a security story from available data.

It looks like bill's machine has a suspicious pattern of logins to a variety of hosts and is attacking them in a number of different ways.

They can share what they found and view all supporting log data chronologically.

Understanding security requires that we free the security person from having to manage collectors and connectors that perform upfront normalization. This way of thinking about security makes the security person smarter by allowing them to gather and view all data as security-relevant and see that data in as much context as possible.

You can do this by making Splunk your big data security intelligence platform for any security use case. Download Splunk today to empower your security team to think creatively about security threats.