Splunk makes it easier for its SIEM users to share analytics

Threat information sharing is a weapon that security vendors and enterprises need to do more of to meet the rising amount of cyber threats, say experts. Splunk Inc. will shortly add a new feature to one of its security applications that allow more sharing of analytics with other users of its platform.

The announcement was one of several the company made Tuesday at its annual user group conference in Las Vegas.

The extensible analytics and collaboration capability will be part of the new Splunk Enterprise Security 4.0 (formerly Splunk App for Enterprise Security, a security information and event management solution), to be released Oct. 31

It “opens up the platform so anyone can built content for it” and with one click can be shared with others using SES, Monzy Merza, the company’s chief security evangelist, said in an interview.

So an analyst — or a Splunk partner — who creates a dashboard, correlation search, a summary, or a KPI can share it by selecting appropriate boxes in the suite’s Content Management page, then click an export button which creates a package that can be transmitted. The person receiving the package only has to click a button to install.

The capability will let SES users “extend their ability to disrupt breaches and defend themselves better,” Merza said.

There are also two other new features in SES 4.0:

–Investigator Timeline, for helping security analysts as they piece together the history of an event. They often have to assemble facts by scribbling notes on paper, in Excel spreadsheets while keeping several tabs open in a browser. “Its hard to keep context, hard to maintain that broader view of where I’m headed,” Merza said.

The Timeline allows security users to add any event to the chronology being assembled with a click;

–Investigator Journal, which tracks an analysts’ actions — what he saw onscreen, what he typed. It’s a capability for auditors, corporate counsel or human resources who might want to know how analyst came to a conclusion and see if proper procedures were followed, Merza explained. The analyst can use the record as a teaching instrument for others.

SES runs on top of Splunk Cloud or Splunk Enterprise 6.3, which analyzes data generated from networks, servers and applications, and is priced separately.

Also on Tuesday the company announced a new version Splunk User Behavior Analytics (UBA), an application that came from its US$190 million purchase of Caspida in July, which will enhance SES 4.0.

The existing version of UBA uses machine learning to look at spot changes in employee online behavior. The new version integrates with Splunk Enterprise Security 4.0 so alerts go into SES.

That will improve detection of cyberattacks and insider threats, Splunk [Nasdaq: SPLK] says.

The new version will also be released Oct. 31

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now