Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Splunk introduces App for Enterprise Security 3.0
SECURITY

Splunk introduces App for Enterprise Security 3.0 

“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” said Steve Sommer, chief marketing officer, Splunk. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management (SIEM) systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”

The Splunk App for Enterprise Security 3.0 requires v6 of Splunk Enterprise, software that analyzes data generated by IT systems and technology infrastructure. It allows IT professionals to monitor and assess information such as customer clickstreams and transactions, network activity and call records. Splunk Enterprise also allows IT staff to troubleshoot problems and investigate security threats in minutes to maintain service quality and avoid outages. The software also provides real time visibility into customer experience, transactions and behaviour.

Splunk’s newest version of its app for enterprise security includes several new features. There are new visualizations that allow IT professionals to correlate data that identifies anomalous behaviour. After the user diagnoses an unusual pattern for a person, application or system, he or she is never more than three clicks away from the raw data. The user can create an event for investigation and analysis workflows.

A threat intelligence framework allows organizations that subscribe to threat intelligence feeds to organize and de-duplicate the data. Most SIEM products let users view the data. The ability to organize and de-duplicate information empowers security professionals to act quickly to stop threats.

Data models and a pivot interface gives anyone the ability to create, save or export new, custom visualizations or reports. Users do not need to have any knowledge of Splunk’s processing language or have extensive experience. Splunk Enterprise 6 and the newest version of the enterprise security app include a large catalog of visualizations. Developers can create custom visualization with whatever programming language they like with the web framework.

Splunk’s App for Enterprise Security 3.0 also supports new data types and threat feeds. The company believes that all data is relevant to security. The application uses traditional log data, flow data, packet capture data, industrial control system data, external threat intelligence feeds and other information contained in databases.

Related posts