Splunk Advances Analytics-Driven Security Solutions by Extending User Behavior Analytics into SIEM

Print Friendly, PDF & Email

splunk_logo_featureSplunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, announced major advancements in its security analytics portfolio with new versions of Splunk® User Behavior Analytics 2.2 (UBA) and Splunk Enterprise Security 4.1 (ES). The new capabilities of Splunk UBA and Splunk ES provide customers the best union of machine learning, anomaly detection, context-enhanced correlation and rapid investigation capabilities. Security organizations can respond to prioritized true threats, gain additional visibility across the attack life cycle, and gain better insights into anomalous behavior and malicious activities across their organization. Both Splunk UBA 2.2 and Splunk ES 4.1 will be generally available in April 2016.

Splunk UBA and Splunk ES play a vital role in helping to redefine the SIEM market. By enhancing Splunk UBA and expanding the ability for Splunk ES to ingest behavioral anomalies detected by Splunk UBA, we can make it easier for our customers to automate many typical SIEM tasks,” said Haiyan Song, senior vice president of security markets, Splunk. “Customers now leverage the power of data science with event-based correlation and ad-hoc searching to gain insight across the entire enterprise and improve security running Splunk UBA or Splunk ES in a standalone or integrated manner.”

Machine Learning and Data Science Create New Possibilities for CSIRT and SOC Teams

Splunk UBA 2.2 includes data science and machine learning features that enhance insider threat defense, cyberattack detection and rapid incident investigations. By providing Splunk UBA multi-entity behavior-based anomaly and threat information into Splunk ES, organizations can leverage the power of both products to better detect and respond to threats. The ability to utilize UBA threat and anomaly data in conjunction with other alerts, threat intelligence, data feeds and context from across the organization opens up new capabilities for analysts, CSIRT and SOC teams.

The citizens of San Diego are safer from cyber threats than many municipalities because we invest in the best people and the best software, like Splunk ES, to ensure we can quickly detect, analyze, investigate and respond to threats,” said Gary Hayslip, CISO, City of San Diego. “Splunk ES goes miles beyond traditional SIEMs by arming us with deep investigative and rapid response capabilities. We look forward to learning about and incorporating Splunk’s UBA solution that leverages data science and machine learning to dramatically expand our security capabilities and further secure our networks and infrastructure.”

Key product features include:

Organizations can now leverage Splunk UBA machine learning throughout the SIEM workflow

  • Add anomaly-based correlation capabilities to Splunk ES based on the results of Splunk UBA machine learning and statistical modeling.
  • Gain deeper context about anomalies relative to users, devices and applications in Splunk Enterprise and Splunk ES.

Teams can enhance insider threat and cyberattack detection using Splunk UBA

  • Define how threats are triggered from detected anomalies using the new Threat Detection Framework.
  • Increase data access and physical data loss coverage.
  • Improve precision, prioritization and correlation of threats with new data sources.

Rapid investigation of advanced threats using Splunk ES

  • Ingest Splunk UBA anomaly data with context for correlation against other alerts, feeds and data for more in-depth investigations.
  • Prioritize and speed investigations with risk scores added to the centralized incident review view.
  • Expand threat intelligence from social platforms through the addition of Facebook ThreatExchange support.

Splunk Enterprise Security 4.1 requires Splunk Enterprise 6.3 or Splunk Cloud.


Sign up for the free insideBIGDATA newsletter.

Speak Your Mind