Use Splunk to detect and defeat fraud, theft, and abuse

In case you haven’t heard, an emerging and fast-growing use case for Splunk is using Splunk for anti-fraud, theft, and abuse (which I will just call “fraud”). Many Splunk customers across a wide range of industries Splunk their machine data and log files for a wide range of anti-fraud use cases, including fraud investigations, detection, and analytics/reporting. They also put the event data from other point anti-fraud tools into Splunk and use Splunk to: (1) break down the siloed nature of these point tools to present a more unified view on fraud, and (2) correlate fraud events with other data sources. Splunk’s flexibility enables it to be an anti-fraud solution and/or enhance existing fraud tools.

A few weeks ago, Splunk …

» Continue reading

Splunk Named a Leader in Gartner Magic Quadrant for SIEM…again!

This week Splunk was named a leader in Gartner’s 2014 Magic Quadrant for Security Information and Event Management (SIEM) for the second year in a row. For the MQ, Gartner evaluated Splunk® Enterprise and the  Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here.

We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We now have thousands of security and compliance customers across the world using Splunk for a wide range of use cases including log management, incident investigations, forensics, real-time correlations and alerting, advanced …

» Continue reading

“Best of SIEM” 2013 award from the readers of TechTarget

It’s a great time to be doing product marketing for security here at Splunk. Especially because the security awards & accolades keep on coming :) Just last week we won the “Best of SIEM” 2013 award by the readers of TechTarget’s Information Security magazine and SearchSecurity.com. These awards are especially meaningful because it is you, our customers, who vote on them. You use our software for a wide range of security use cases, get tremendous value out of it, and this is reflected in our Gold award. Thank you!

See the full award here. Some great snippets from the write-up include: “Splunk’s flagship SIEM system, a security tool for machine-generated big data, received top scores across the board.”…….“Splunk indexes ACSII …

» Continue reading

Splunk Named a Leader in Gartner Magic Quadrant for SIEM

Last week, Splunk was named a leader in Gartner’s Magic Quadrant for Security Information and Event Management (SIEM). For the MQ, Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here

We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We are now up to over 2000 global security and compliance customers using for a wide range of use cases including, incident investigations, forensics, reporting and dashboarding, real-time correlations and alerting, advanced threat detection, compliance reporting, fraud detection, and more.

The history …

» Continue reading

Using Splunk for Computer Forensics

I was talking to one of our Sales Engineers, Bert Hayes, the other day about using Splunk for computer forensics. Bert formerly was a Splunk customer at a large university in the southern U.S. where he used Splunk for security….he really knows his stuff in this area. Anyhow, Bert mentioned to me how he used to use Splunk for computer forensics and pointed me to a great blog that he found helpful on the topic. I found the blog post to be a great read and wanted to share it.

The blog is courtesy of Klein & Co, experts in computer forensics. In the posting they detail how to use Splunk to build a computer forensic timeline for analysis.  The …

» Continue reading

Splunk Enterprise Selected Best SIEM Solution in 2013 SC Awards

A few weeks ago I was fortunate to be in the room at the SC Magazine U.S. Awards in San Francisco where Splunk Enterprise was selected the “Best SIEM Solution” in the 2013 SC Magazine U.S. Awards, winning a competitive category containing five other SIEM vendor finalists. It was a Readers Trust Award where SC Magazine readers, experienced IT professionals, cast the votes.

It was quite the honor and all of us at Splunk were very proud to win it. It is quite the feat especially when one considers that Splunk has been in the SIEM space for a much shorter time period than most of the other vendors. In that time period, not only have we caught up to …

» Continue reading

SPLUNK 5 – WHAT IT MEANS FOR SECURITY AND COMPLIANCE USE CASES

Splunk 5 – What it means for security and compliance use cases

As you may have read, today we announced Splunk Enterprise 5.0, a major upgrade to the core Splunk platform. There are many new benefits enabled by this release, but I wanted to call out three benefits to security practitioners looking to improve their security and compliance posture.

Easier to Build and Faster Security/Compliance Reports

Often times for security or compliance use cases, reports are needed that cover very large data sets which might even span TBs a day. This could be an aggregation of firewall, IDS, authentication, or anti-malware log events. Maybe you are using these reports to see how threats are trending with time, or to baseline …

» Continue reading

New SANS DShield App..and other free data sources for security

Quick update in the world of security-related Apps for Splunk. Last week, one of the good folks affiliated with SANS, Bojan Zdrnja, created a cool, free “DShield for Splunk” app and put it up on Splunkbase at:

http://splunk-base.splunk.com/apps/51609/splunk-for-dshield

For those of you unfamiliar with DShield, it is a community-based collaborative firewall log correlation system. It receives logs from volunteers worldwide and uses them to analyze attack trends. It is used as the data collection engine behind the SANS Internet Storm Center (ISC).  Detail on the app is on Bojan’s blog posting at:

https://isc.sans.edu/diary.html?storyid=13591

In his words “The application downloads the DShield data (the published All Sources IPs dump) once per day and indexes it into your local Splunk. Once the …

» Continue reading

Availability of Splunk App for Enterprise Security 2.0

Today we are proud to release the Splunk App for Enterprise Security 2.0, which I’ll call “the App” in this blog. The App acts a next-generation Security and Information Event Manager (SIEM). It excels at identifying and alerting on both known and unknown threats, and doubles as a powerful tool for security investigations and forensics.

The history behind the App is a compelling story. In a nutshell, we really didn’t set out to be a SIEM; our customers made the decision for us. :)

Back when we started shipping code in 2006, our focus was on building a highly-scalable, schema-less, big data platform that could ingest essentially all machine data and then be searched to enable visibility across all of IT …

» Continue reading