A new app released by Splunk may allow for earlier cybersecurity threat detection and allow security professionals to track cyberattackers.
The 3.0 version of Splunk’s Enterprise Security App features new visualizations that may allow for earlier detection of threats, which could reduce the time to incident discovery and response. The app also features support for new data types and models, as well as a new threat intelligence framework.
“The new Splunk App for Enterprise Security helps security professionals connect the dots to catch cyberattackers, watching their every step by enabling customers to monitor all data and see potentially malicious activity patterns,” Splunk Chief Marketing Officer Steve Sommer said. “The new visualizations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers. The threat intelligence framework in the Splunk App for Security delivers something security information and event management systems do not — all threat feeds in a single view with de-duplicated threat information. These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible.”
Splunk Enterprise 6 and the new app are combined in a security intelligence platform that can provide security professionals with advanced analytics in real time.
IDT Corp., a telecommunications and payment services provider that uses the Splunk enterprise security suite, said the software has already helped the company cut its incidence response times.
“One of the biggest improvements in this new version is the new visualizations which make it easier for our security investigators who aren’t Splunk experts to get their hands on all of the data,” Golan Ben-Oni, the chief security officer and senior vice president of network architecture at IDT, said. “The threat intelligence framework is also a welcome addition, as it will allow us to not only view all of our feeds in one place but also eliminate duplicated information on new threats.”