Exponant, a leader in delivering groundbreaking solutions using smart technologies and highly skilled people and the master reseller in sub-Saharan Africa for Splunk, today announced the general availability of the latter's Enterprise Security Intelligence Solution, consisting of the Splunk App for Enterprise Security 2.0, and Splunk Enterprise 4.3, the company's flagship software for collecting, indexing and harnessing machine data.
“While more and more organisations are embracing the power of big data, many are ignoring the security threats that lurk within that information. Customers who use Splunk Enterprise to monitor and analyse machine data to gain insights into their operations in real-time can use the Splunk App for Enterprise Security to monitor, identify, investigate and respond to critical known and unknown security threats,” commented Christina Noren, senior VP of solutions for Splunk.
Splunk Enterprise provides visibility into a broad range of IT events, including those that are beyond the purview of traditional security solutions, but are increasingly security-relevant. Splunk's big-data engine enables security professionals to quickly understand unknown threats hidden as patterns in terabytes of normal user-credentialed activities that can mean the presence of advanced malware or a malicious insider.
The Splunk App for Enterprise Security provides the out-of-the-box security content that, combined with the core Splunk engine, delivers a next-generation security solution for monitoring known threats, support for forensic investigations, big data analytics to help identify advanced persistent threats, and dashboards for security posture and investigation workflows.
“Big data and security analytics have become joined at the hip as of late,” added Andrew Hay, senior analyst for 451 Research's Enterprise Security Practice (ESP). “The 'out-of-the-box' security content of the new Splunk App for Enterprise Security, combined with the big data analytics capabilities of the Splunk platform, delivers users a Security Information and Event Management (SIEM)-like experience for massive datasets.”
The new Splunk App for Enterprise Security 2.0 builds on the innovation of previous product releases, and leverages the Splunk Enterprise software, adding many benefits for security teams and support for risk management:
* Real-time Event Correlation: Searches and alerts drive continuous monitoring of critical assets using dashboards and communications to members of the security team.
* Dashboards: Visualisations of security data support more than 100 security metrics and over 160 reports.
* Drill-down and drill-across: In a single click, users can access raw data quickly for analysis and pivot across the raw data-types to follow an investigation wherever it leads.
* Federated Identity Monitoring: Correlation of multiple user identities to identify and investigate user activities across the IT infrastructure.
* Enhanced incident management: The ability to reprioritise, reassign and journal security events for quick resolution and incident response.
* Operationalisation of findings: Once a forensic investigation is complete, users can click the 'save' button to continuously monitor and alert for the same condition.
“The Splunk App for Enterprise Security, together with core Splunk and other community-supported apps available through SplunkBase, continue to provide a flexible solution of security metrics and dashboards that support views of our total enterprise risk,” concluded Dan Frye, associate VP, Corporate Security CedarCrestone, a major US-based provider of consulting, technical and managed services for the deployment, management and optimisation of next-generation applications and technology.
Splunk will be demonstrable at the ITWeb Security Summit that will take place at the Sandton Convention Centre between 15 and 17 May. The Summit's theme is “Reinventing information security: When trusted technologies have failed”, and will feature presentations relating to trust and the need to reassess the standard approaches to IT security. For further information on this summit, click here.
Share