A Framework for Adaptive Security Architectures

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains. Splunk is addressing these gaps by extending its adaptive response framework to Splunk Enterprise Security, adding a common interface for automating retrieval, sharing, and response in multi-vendor environments. Adaptive Response Initiative participants are collaborating to address the challenges of complex cyber threats by:

  • Enabling a multi-vendor adaptive security architecture
  • Extracting new insights from existing security architectures
  • Improving investigations with more context from key security and IT domains
Get Started
  • Demo
    Splunk Adaptive Response
  • Tech Brief Using Splunk Adaptive Response

Designed for Heterogeneous Security Architectures

 

Adaptive Response Diagram

Splunk Enterprise Security includes a common framework for interacting with data and invoking actions. The Adaptive Response framework enables security teams to quickly and confidently apply changes to the environment. Splunk Enterprise Security can automate the response as well, enabling the security infrastructure to adapt to the attacker using a range of actions appropriate to each domain.

Adaptive Response is designed for heterogeneous security architectures. By leveraging the Splunk-led Adaptive Response Initiative, customers can benefit from best practices derived from leading vendors who are collaborating to address modern cyber threat challenges.

Frequently Asked Questions

Q: How does Adaptive Response Address Market Needs?

A: Adaptive Response is needed to help IT security teams improve how information from a layered defense is analyzed, how additional information and security context is retrieved from different security technologies, and how a range of actions are applied in any given security domain. The initiative aims to help security analysts -- from hunters to less skilled security staff -- better handle threats by reducing the time it takes to make decisions and take action when responding and adapting to threats. 

Q: How Did the Initiative Come About?

A: The need for the initiative was driven by customers who use Adaptive Response principles to launch coordinated threat responses from Splunk. Partners embraced the idea of Splunk as the "security nerve center," and Splunk worked individually with these partners to develop Adaptive Response capabilities. This resulted in the initiative, which brings each of these individual efforts together and draws attention to the collective effort. The initiative brings together vendors from different security domains in order to bring the benefits of collective intelligence to customers' security architectures.

Q: Why Is Splunk Leading the Initiative?

A: To overcome the challenges associated with bridging multiple security domains, the Splunk Adaptive Response Initiative uses Splunk software as the security nerve center. Customers have successfully implemented Adaptive Response capabilities for many years, and Splunk technology and partnerships are foundational to accomplish the mission of the initiative.

Q: What Companies Are Part of the Initiative?

A: The Adaptive Response Initiative consists of leading security domain vendors: Acalvio, AlgoSecAnomali, AWS, BAH, Blue Coat + Symantec, Carbon Black, Cisco, Corvil, CrowdStrike, CyberArk, Cylance, DemistoDomainTools, ForeScout, Fortinet, Gigamon, Illumio, Okta, OpenDNS, Palo Alto Networks, Phantom, Proofpoint, Qualys, Recorded Future, RedSeal, Resilient, Resolve Systems, Sailpoint, Signal Sciences, Splunk, Swimlane, Tanium, ThreatConnect, Walkoff (NSA), and Ziften.

Q: Can Technology Solution Providers Join the Initiative?

A: Yes, the initiative is designed to bring together best-of-breed technologies to ensure the best context and response action is available to customers. Any Splunk partner can take advantage of the Adaptive Response Initiative as well as out-of-box integration work if they want.


To join the Adaptive Response Initiative, contact the Splunk Adaptive Response team directly at adaptive-response@splunk.com.

Q: How Do I Buy or Get the Adaptive Response Functionality?

A: Adaptive Response is available as part of Splunk Enterprise Security. Learn more about Splunk Enterprise Security.