View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 22, 2015

Splunk creates security nerve centre with behaviour analytics

Splunk Enterprise Security 4.0 and Splunk UBA will be available by 31st October.

By CBR Staff Writer

Splunk has introduced a new version of Splunk App for Enterprise Security, in addition to announcing a new cyber attacks detection tool named Splunk User Behavior Analytics (UBA).

The 4.0 version of Splunk App for Enterprise Security is capable of tracing the attackers’ steps through streamlined ad hoc analysis and event sequencing.

The new app has improved breach detection and response, which allows users to tackle multi-stage attacks.

It features ‘Investigator Journal’ that can keep track of ad hoc searches and activities in order to streamline analysis of multi-stage attacks associated with breach detection and response.

The app also includes ‘Investigator Timeline’, which allows individuals to apply the kill chain within the timeline during investigations, with the tool also enabling different security team members to share their perspective of the scenario. This allows for collaboration on investigating incidents, problems and breaches.

In order to make use of Splunk Enterprise Security 4.0, users will require Splunk Cloud or version 6.3 of Splunk Enterprise.

Splunk UBA on the other hand is a new solution that uses machine learning and advanced analytics to detect cyber attacks and insider threats.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Splunk UBA was created with the help of Caspida, a cyber-security and threat detection company that Splunk acquired for $190m in July.

Caspida specialises in machine learning and behavioural analytics and automatically detects and prevents hidden threats in corporate networks.

Splunk Enterprise Security features an Investigator Timeline which helps analysts to place any event, activity or annotation within an investigation timeline to better understand, visualise the attacks.

Investigator Timeline also allows different teams to add events and actions for collaborative investigation of breaches.

Splunk senior vice president Haiyan Song said: "Many customers consider Splunk solutions to be their nerve center for security because they help enable teams to leverage their entire security technology stack and utilise their data to detect, understand and take rapid, coordinated action across the organisation.

"Splunk Enterprise Security lets analysts visually correlate events over time and communicate details of multi-stage attacks. Splunk UBA uses machine learning to help spot the most dangerous offenders – advanced attackers including malicious insiders."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.