Adaptive Response: A Level Deeper for Continued Customer Success
Over the past three or four years, we’ve been hearing more and more about analytics-driven security at RSA. Years ago, when Splunk first introduced the concept to the marketplace, we were living in a world where security practitioners were still focusing on prevention, rather than detection. Since then, advanced cyber adversaries have forced security analysts to change the way they think about posture. Security analysts no longer buy into the idea that there is a silver bullet for security, and vendors acknowledge that security is a team sport. With this shift in mindset comes a change in strategy, where end-to-end context and cross-vendor analytics are emphasized to better detect and respond to threats in real time. Detection is now king.…
Splunk and Cisco Umbrella: See what you’ve been missing…
The following is a guest post by Rachel Ackerly, product marketing manager, Cisco Umbrella.
Do you have eyes in the back of your head? (Unless you’re my mother, there is a good chance you don’t.) Many security products claim to provide visibility into what’s happening on your network, but how many actually deliver on that promise?
So how do you see what’s happening on the internet, beyond your perimeter? Isn’t that the question security professionals have been struggling with as the world becomes more mobile? Your employees connect to the internet from many different locations and devices. VPN is no longer necessary to get work done, they use Software-as-a-Service (SaaS) apps. But that leaves users more vulnerable to threats, …
Day in the Life of a Security Analyst (Part 1)
Over the next three months, the Splunk Security team will be looking at the emerging role and hero of the Security Operations Center (SOC): the security analyst. This role has drastically changed over the past 10 years, and we will observe how a changing threat landscape and advancing technology have redefined what it means to be a security analyst.
We’re publishing our first post to coincide with Data Privacy Day, an annual, international effort aimed at creating awareness about the importance of privacy and protecting personal information. In this post, I speak with Splunk Security Analyst and Researcher, Kathy Wang, to discuss life as a security analyst in the early 2000’s.
Take me back 10 years. How did you…
Splunk User Behavior Analytics snags CRN’s 2016 Products of The Year Finalist Ranking» Continue reading
Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM
New Webinar — register now:
Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM
In the Gartner 2016 Critical Capabilities for Security Information and Event Management (SIEM) report, Splunk scored the highest in all three use cases*: Basic Security Monitoring, Advanced Threat Detection and Forensics and Incident Response
In this report, each capability is then weighted in terms of its relative importance for specific product/service use cases.
SIEM technologies provide a set of common core capabilities that are needed for all basic security monitoring use cases. Other SIEM capabilities are more critical for the advanced threat detection or incident response and management use cases.
The eight critical capabilities used in the 2016 report to determine scores …
Use Analytics-Driven Decision Making and Automation to Improve Threat Detection and Operational Efficiency
Today, we announced major advancements to our security analytics portfolio with a new version of Splunk Enterprise Security 4.5 (ES), which introduces significant innovations to Splunk ES.
Enterprise Security (ES) 4.5 includes Adaptive Response, which helps extend security architecture beyond legacy preventative technologies, and events-based monitoring to use connected intelligence for security operations to gain full visibility and responsiveness across the entire security ecosystem. The new release introduces Glass Tables, which expands the visual analytics capabilities of Splunk ES.
Meeting the growing needs of CISOs adopting automation and orchestration
Many Splunk security customers already use automation to eliminate routine tasks in order to accelerate detection and streamline their response times. A recent survey conducted by 451 Research reveals that 57% …
Introducing Splunk UBA 3.0
Splunk User Behavior Analytics 3.0 (UBA) introduces significant advancements to Splunk UBA and drives Splunk’s Security Analytics to the next level. This is evident with Gartner placing Splunk in the leader’s quadrant and positioning Splunk furthest overall for completeness of vision.
Splunk UBA 3.0 makes an architectural shift by decoupling platform from content, thereby, providing customers with an ability to update detection footprint with zero downtime and without the hassle of upgrading the entire platform. Content includes the following: machine learning models, threat models, anomaly classifications, data sources, and intelligence. The goal for this architectural shift is two-fold – improve operational efficiency and keep up with the ever-changing threat landscape by delivering regular updates.
Model, Models and Lots of Machine…
#splunkconf16 preview: Automation, Machine Learning, Incident Response and Hunting are dominant themes for .conf2016
It is that special time of the year for the Security Markets team at Splunk as we are few weeks away from .conf2016, Splunk’s annual user conference!
The security track has over 40 learning sessions and numerous hands-on activities.
It will be an incredible four days to interact with our passionate users, CISOs, CIOs, business leaders and learn about the innovative ways in which Splunk users solve their security needs.
You will hear how Splunk customers such as Accenture, Bloomberg, CAA, Aflac, Workday, CERT-EU, MITRE, Sony, Capital Group, Bechtel, Republic Services and more use Splunk to solve their security needs.
This year, we have more than twenty customer led security sessions where you can learn how our customers use …
Adapting Your Security Strategy in the Ever-Changing Threatscape
The modern threat landscape is constantly changing. How can an organization maintain mission and business focus in the presence of an evolving adversary? If we take a business centric approach, technology leaders will tell you that the organizations security posture and capability should evolve to maintain parity with mission and business priorities.
Balancing the demands of the changing threat with demands of the changing business can sometimes appear incompatible. Of course one can’t simply overhaul the security infrastructure every time there is a new class of threats. Ransomware is getting quite a few headlines these days, but that doesn’t mean some of the traditional problems of rogue devices gaining access to your network are going away.
To combat the ever …
Collaboration is the Key to Government Innovation
I recently participated in a panel while attending the Bloomberg RE/BOOT event in Washington, D.C. The focus of the panel was how to improve partnerships between government and industry. We started by discussing how industry can better partner with government agencies to strengthen cybersecurity in the United States. At Splunk, we solve problems by viewing the overall security solution from an ecosystem lens. Splunk technologies are just one part of that ecosystem. To address challenges in a government environment, we see our operational intelligence platform as the foundation that serves as the nerve center of the security operations ecosystem. No single solution or technology can solve every government problem, but together, industry technology leaders can partner with agencies to tackle …