Splunk For Security Vs. SIEM: What's the difference between a traditional SIEM and Splunk for Security? Watch this video to learn more.
What's the difference between using a SIEM for security versus Splunk? Think of it this way. There's a boat on a never-ending journey. On the boat are boxes full of customer information, intellectual property, employee information, and much more of your company's valuable data. Above-- weather systems that can churn up menaces in the sea below, which is full of threats.
If you're responsible for the security of the data cargo on this boat, you do several things. You throw a set of hooks on a line attached to a rod and reel over the boat to catch threats in the sea before they get to your precious cargo-- that's a SIEM. You look at wind and weather gauges on the boat to check the weather-- think of that as threat intelligence data. And the hooks at the end of that rod and reel-- your out-of-the-box SIEM rules.
Here's the problem with only focusing on your rod, reel, and hooks. Some of the dangerous fish swimming by-- threats to your data-- don't fit any of the hooks you have put out. In fact, they swim past the hooks and attach themselves to the bottom of the boat looking for cracks in the hull.
There's also a shipmate-- an employee of the company-- who has gone rogue. He tweets that he's dropping some of the data overboard at specific coordinates for a submarine in the know to vacuum up. He also tells the submarine to send up a few scuba divers to drill holes in specific spots in the bottom of the boat causing data to leak.
You don't know anything is amiss. None of your hooks has had a nibble. Your SIEM will only detect what hits those hooks.
Splunk allows a complete sonar perspective of the entire ocean of threats to this data. Tracking movements of specific threats, but also adding context to those threats to protect the business. Employee behavior, online behavior-- all of which might rock your business's boat. Only Splunk can peer into the sea of data looking for threats, bad behaving crew members, and combine external data to help you see coming storms.
Use Splunk as your security sonar for unknown threats. Monitor the odd behaviors of crewmates. Then add in weather station information. You can decide which fish, or submarines, to go after. And that makes your boat of data and your business safer, smarter, and more successful. Splunk-- a security sea change.