Exponant, a leader in delivering groundbreaking solutions using smart technologies and highly skilled people, and the master reseller in sub-Saharan Africa for Splunk, today announced the general availability of the latter's Enterprise Security Intelligence Solution, consisting of the Splunk App for Enterprise Security 2.0, and Splunk Enterprise 4.3, the company's flagship software for collecting, indexing and harnessing machine data.
"While more and more organisations are embracing the power of big data, many are ignoring the security threats that lurk within that information. Customers who use Splunk Enterprise to monitor and analyse machine data to gain insights into their operations in real-time can use the Splunk App for Enterprise Security to monitor, identify, investigate and respond to critical known and unknown security threats," commented Christina Noren, senior vice-president of solutions for Splunk.
Splunk Enterprise provides visibility into a broad range of IT events, including those that are beyond the purview of traditional security solutions, but are increasingly security-relevant. Splunk's big data engine enables security professionals to quickly understand unknown threats hidden as patterns in terabytes of normal user-credentialed activities that can mean the presence of advanced malware or a malicious insider.
The Splunk App for Enterprise Security provides the out-of-the-box security content that, combined with the core Splunk engine, delivers a next-generation security solution for monitoring known threats, support for forensic investigations, big data analytics to help identify advanced persistent threats, and dashboards for security posture and investigation workflows.
"Big data and security analytics have become joined at the hip as of late," added Andrew Hay, senior analyst for 451 Research's Enterprise Security Practice (ESP). "The out-of-the-box" security content of the new Splunk App for Enterprise Security, combined with the big data analytics capabilities of the Splunk platform, delivers users a security information and event management (SIEM)-like experience for massive data sets."
The new Splunk App for Enterprise Security 2.0 builds on the innovation of previous product releases, and leverages the Splunk Enterprise software, adding many benefits for security teams and support for risk management:
* Real-time event correlation: Searches and alerts drive continuous monitoring of critical assets using dashboards and communications to members of the security team.
* Dashboards: Visualisations of security data support more than 100 security metrics and over 160 reports.
* Drill-down and drill-across: In a single click, users can access raw data quickly for analysis and pivot across the raw data-types to follow an investigation wherever it leads.
* Federated identity monitoring: Correlation of multiple user identities to identify and investigate user activities across the IT infrastructure.
* Enhanced incident management: The ability to reprioritise, reassign and journal security events for quick resolution and incident response.
* Operationalisation of findings: Once a forensic investigation is complete, users can click the 'save' button to continuously monitor and alert for the same condition.
"The Splunk App for Enterprise Security, together with core Splunk and other community supported apps available through SplunkBase, continue to provide a flexible solution of security metrics and dashboards that support views of our total enterprise risk," concluded Dan Frye, associate vice-president, Corporate Security CedarCrestone, a major US-based provider of consulting, technical, and managed services for the deployment, management, and optimisation of next-generation applications and technology.
Share
Splunk
Splunk is the engine for machine data. Splunk software collects, indexes and harnesses the massive machine data continuously generated by the Web sites, applications, servers, networks and mobile devices that power business. Splunk software enables organisations to monitor, search, analyse, visualise and act on massive streams of real-time and historical machine data. More than 3 300 enterprises, universities, government agencies and service providers in more than 75 countries use Splunk Enterprise to gain operational intelligence that deepens business understanding, improves service and uptime, reduces cost and mitigates cyber security risk.
For further information, please contact Wolfgang Selzer; tel. 012 663 0160; fax 012 663 5678; e-mail wolf@exponant.com.
Exponant
Exponant, originally founded in 1998, is a software, services and consulting company that includes a significant focus on monitoring and detection solutions in the areas of security, operations and application management.
In this regard, it is the master reseller in sub-Saharan Africa for Splunk and is a reseller for many global security brands such as AlienVault, Check Point Software Technologies, Guidance Software, Imperva, Palo Alto, TippingPoint, Trend and WebSense.
Although not exclusively focused on any specific markets, it is very strong in the financial, telecommunications, mining and engineering sectors.
Exponant is rated as a level 3 contributor BBBEE company and has customers from both the private and public sectors.
Editorial contacts