Splunk Everywhere! Analytics-based Security

Watch how Aflac uses Splunk products to fight off targeted attacks, malware infections, and spear phishing using an analytics-based security approach.


Video Transcript


GIRISH BHAT: Analytics-driven security is a risk-based approach which uses full context and intelligence from a wide range of security relevant data sources, empowering the CSO, a SOC director, or an analyst to make the right actionable decision. Aflac, a Fortune 500 company, was experiencing targeted attacks spear phishing attacks, and malware infections. They were looking for a way to accelerate the identification of insider threats and attacks. So they chose Splunk Enterprise Security to be at the heart of its internal threat intelligence system and augmented it with Splunk user behavior analytic solution.

Soon after implementing an automated threat-hunting platform, Aflac continued the adoption and use of Splunk enterprise security for a wide range of use cases. They started using it for incident response, risk scoring, and they also replaced their legacy SIM. Aflac useless Splunk user behavior analytics to identify insider threats, identify malware in their infrastructure and ecosystem, and it's fully integrated with Splunk Enterprise Security for continued investigation and rapid response.

Aflac started off with two security staffers who had zero Splunk experience. They went from zero visibility with no insight into threats within that ecosystem to building a sophisticated threat analytics platform in several weeks. Over a six-month period, the Aflac security team was able to identify and block 2 million connections. Additionally, Aflac automated 90% of their security analytics reporting infrastructure. It saved significant time, and those resources are now being used for more strategic tasks within their organization.