Splunk’s Application for Enterprise Security Comes of Age

/in , /by

Splunk’s recently announced version 3.0 of its popular Splunk Application for Enterprise Security has come of age, delivering powerful functionality with a slick user experience.

ES_Security_Posture

The application is built on a robust framework that allows an enterprise to customise with visualisations, data and rules that are most important to their business.

2013 was a good year for the Splunk App for Enterprise Security where, among other accolades, it was voted ‘Best SIEM Solution’ at the prestigious SC Magazine Awards in the US. Version 3.0 continues the advancement and represents a fairly major leap forward from previous iterations. The app takes advantage of powerful new functionality provided by the recent Splunk 6.0 release. Data models, report acceleration and the new JavaScript based development framework have been used to full effect.

This newest iteration has been tested to to scale to mulitple terabytes per day, which will appease even the largest Splunk enterprise customers. Additionally customers are no longer stuck with out-of-the-box pre-canned reports and dashboards, as the new version is built on a framework that allows for complete customisation, without destroying the underlying application.

New innovations in the application include:

  • Over 100 threat metric widgets, that users can view and position as they see fit
  • A threat intelligence data framework, with 10 open source intelligence feeds and the ability to add more
  • Tight integration with network flow data and Bro IDS packet data
  • Threat Vector Analysis for assets and identities, that allows for interactive visualisation of threats
  • Predictive analytics visualisations

When compared with the competition, the Splunk app for enterprise security has a number of advantages. Some traditional SIEM players have been slow to respond to the big data movement and have been working hard to play catch up. Many have bolted-on or retrofitted big data technologies to their product suites, but this has somewhat left them with FrankenSIEMs – disjointed products, requiring the customer to jump from one app to another in a very clunky way. In contrast, the Splunk App for Enterprise Security offers a very smooth, flexible and powerful user experience. Additionally the underlying data in Splunk can be leveraged for many other use cases, such as operational and application intelligence – a major efficiency benefit given the size of these data sets.

Overall, release 3.0 of the Splunk App for Enterprise Security is a fairly radical refresh, that ups the game and demonstrates Splunk’s commitment to advancing big data security intelligence. The flexibility and customisation options are second to none and thanks to Splunk 6.0, the issues that affected past releases have been addressed.

For more information and a demo of this solution, please contact us.

Looking to expedite your success with Splunk? Click here to view our Splunk service offerings.

© Copyright Discovered Intelligence Inc., 2014. Do More with your Big Data™. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

You might also like
FloCon 2019 and the Data Challenges Faced by Security Teams
Aura Asset IntelligenceIntroducing Aura Asset Intelligence
Aura Asset IntelligenceHow to Secure and Harden Splunk Enterprise
Aura Asset IntelligenceHow to Create a Splunk KV Store State Table or Lookup in 10 Simple Steps