Splunk has introduced a new version of Splunk App for Enterprise Security, in addition to announcing a new cyber attacks detection tool named Splunk User Behavior Analytics (UBA).
The 4.0 version of Splunk App for Enterprise Security is capable of tracing the attackers’ steps through streamlined ad hoc analysis and event sequencing.
The new app has improved breach detection and response, which allows users to tackle multi-stage attacks.
It features ‘Investigator Journal’ that can keep track of ad hoc searches and activities in order to streamline analysis of multi-stage attacks associated with breach detection and response.
The app also includes ‘Investigator Timeline’, which allows individuals to apply the kill chain within the timeline during investigations, with the tool also enabling different security team members to share their perspective of the scenario. This allows for collaboration on investigating incidents, problems and breaches.
In order to make use of Splunk Enterprise Security 4.0, users will require Splunk Cloud or version 6.3 of Splunk Enterprise.
Splunk UBA on the other hand is a new solution that uses machine learning and advanced analytics to detect cyber attacks and insider threats.
Splunk UBA was created with the help of Caspida, a cyber-security and threat detection company that Splunk acquired for $190m in July.
Caspida specialises in machine learning and behavioural analytics and automatically detects and prevents hidden threats in corporate networks.
Splunk Enterprise Security features an Investigator Timeline which helps analysts to place any event, activity or annotation within an investigation timeline to better understand, visualise the attacks.
Investigator Timeline also allows different teams to add events and actions for collaborative investigation of breaches.
Splunk senior vice president Haiyan Song said: "Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilise their data to detect, understand and take rapid, coordinated action across the organisation.
"Splunk Enterprise Security lets analysts visually correlate events over time and communicate details of multi-stage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders – advanced attackers including malicious insiders."