Splunk's Security Evangelist Joe Goldberg explains how Splunk's big data security analytics protects against advanced persistent threats.
APTs, or advanced persistent threats, are a massive problem. These are the cyber criminals and nation states which run the headlines on a daily basis for stealing confidential data. The bad news is frankly they are winning the cyber war, but there is next-generation security technologies that can help level the playing field. And one of these is a big data security analytics platform such as Splunk. With Splunk, you can index all your machine data and log files, and then once you have all that data within it that's where the fingerprints of advanced persistent threats are going to be.
Splunk can then perform advanced correlations, anomaly detection, or risk scoring that basically connect the dots to see the outliers and patterns that could be advanced persistent threats. Splunk can then alert on this in real time, so security teams can quickly contain and then quickly eliminate the threat. Splunk can also be used for incident investigations, forensics, reporting and advanced visualizations, and also fraud detection.
While there is no silver bullet for APT detection, big data security analytics and Splunk represent a compelling way to change the tide of cyber warfare back in favor of the good guys.