Last week, Splunk was named a leader in Gartner’s Magic Quadrant for Security Information and Event Management (SIEM). For the MQ, Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To get a free copy of the Gartner report, please register here

We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We are now up to over 2000 global security and compliance customers using for a wide range of use cases including, incident investigations, forensics, reporting and dashboarding, real-time correlations and alerting, advanced threat detection, compliance…

I was talking to one of our Sales Engineers, Bert Hayes, the other day about using Splunk for computer forensics. Bert formerly was a Splunk customer at a large university in the southern U.S. where he used Splunk for security….he really knows his stuff in this area. Anyhow, Bert mentioned to me how he used to use Splunk for computer forensics and pointed me to a great blog that he found helpful on the topic. I found the blog post to be a great read and wanted to share it.

The blog is courtesy of Klein & Co, experts in computer forensics. In the posting they detail how to use Splunk to build a computer forensic timeline for analysis.  The…

A few weeks ago I was fortunate to be in the room at the SC Magazine U.S. Awards in San Francisco where Splunk Enterprise was selected the “Best SIEM Solution” in the 2013 SC Magazine U.S. Awards, winning a competitive category containing five other SIEM vendor finalists. It was a Readers Trust Award where SC Magazine readers, experienced IT professionals, cast the votes.

It was quite the honor and all of us at Splunk were very proud to win it. It is quite the feat especially when one considers that Splunk has been in the SIEM space for a much shorter time period than most of the other vendors. In that time period, not only have we caught up to…

Splunk 5 – What it means for security and compliance use cases

As you may have read, today we announced Splunk Enterprise 5.0, a major upgrade to the core Splunk platform. There are many new benefits enabled by this release, but I wanted to call out three benefits to security practitioners looking to improve their security and compliance posture.

Easier to Build and Faster Security/Compliance Reports

Often times for security or compliance use cases, reports are needed that cover very large data sets which might even span TBs a day. This could be an aggregation of firewall, IDS, authentication, or anti-malware log events. Maybe you are using these reports to see how threats are trending with time, or to baseline…

Quick update in the world of security-related Apps for Splunk. Last week, one of the good folks affiliated with SANS, Bojan Zdrnja, created a cool, free “DShield for Splunk” app and put it up on Splunkbase at:

http://splunk-base.splunk.com/apps/51609/splunk-for-dshield

For those of you unfamiliar with DShield, it is a community-based collaborative firewall log correlation system. It receives logs from volunteers worldwide and uses them to analyze attack trends. It is used as the data collection engine behind the SANS Internet Storm Center (ISC).  Detail on the app is on Bojan’s blog posting at:

https://isc.sans.edu/diary.html?storyid=13591

In his words “The application downloads the DShield data (the published All Sources IPs dump) once per day and indexes it into your local Splunk. Once the…

Today we are proud to release the Splunk App for Enterprise Security 2.0, which I’ll call “the App” in this blog. The App acts a next-generation Security and Information Event Manager (SIEM). It excels at identifying and alerting on both known and unknown threats, and doubles as a powerful tool for security investigations and forensics.

The history behind the App is a compelling story. In a nutshell, we really didn’t set out to be a SIEM; our customers made the decision for us.

Back when we started shipping code in 2006, our focus was on building a highly-scalable, schema-less, big data platform that could ingest essentially all machine data and then be searched…