Splunk revs up Big Data security

Enhancements help hunt down cyber attackers, vendor says

The Big Data brains at Splunk continue to fine tune the security function in their business intelligence platform, this week rolling out an updated app with better threat detection capabilities.

Improving the ability to, as Splunk puts it, "stalk the cyber attackers", the updated Splunk App for Enterprise Security 3.0 combines with the latest Splunk Enterprise platform to form a real-time, scalable security intelligence platform with advanced security analytics that promises advanced threat detection and a reduction in the time to incident discovery and response.

The enhancements play to Splunk's strengths in collecting large amounts of unstructured data from diverse sources, correlating that information with other business data sets, and analysing the results for patterns and context.

New features include a new threat intelligence framework, support for new data types, data models and pivot interface promise new visualisation capabilities and a reduction in the time it takes to discover and respond to security threats.

The relatively channel-friendly San Francisco-based vendor is one of the few pure-play players in the Big Data space and has found significant success of late with its hyper-focus on tools to corral and analyse streams of machine data from servers, networks, web transactions, mobile devices and the like.

According to Splunk, 6,400 enterprises, government agencies, universities and service providers in some 90 countries use Splunk software for analytics, security, fraud prevention and services optimisation.

The updated Splunk enterprise security app "helps security professionals connect the dots to catch cyber attackers, watching their every step by [monitoring] all data and potentially malicious activity patterns," said Splunk chief marketing officer Steve Sommer.

"The new visualisations enable both Splunk power users and newcomers to perform complex actions needed to find and report on data anomalies and outliers."

Sommer says the Splunk approach to security gives users something typical SIEM systems lack, namely a consolidated and deduplicated window into threat information.

"These new enhancements can create tremendous efficiencies for security teams whose number one goal is to identify and react to threats in as little time as possible," said Sommer.

Specific new features in Splunk App for Enterprise Security 3.0

New visualisations for visually correlating data to identify anomalous behavior and speed security investigations. Unusual patterns can easily be traced to the source data and tagged for subsequent analysis.

Threat intelligence framework allowing subscribers to multiple threat intelligence feeds to organise and deduplicate data to improve the efficiency of security teams.

Data models and pivot interface that allow even inexperienced users to create, save or export new, custom visualisations or reports.

New data types and threat feeds that combine traditional log data, flow data, packet capture data, industrial control system data, external threat intelligence feeds and other business data stores.

A telecommunications and payment services provider, IDT, uses the Splunk Enterprise platform and associated security app as the backbone of its security infrastructure.

IDT's chief security officer Golan Ben-Oni says the system has helped IDT security teams cut incident response times from minutes to seconds, and he expects the new updates will further improve the company's security posture against both internal and external threats.

"One of the biggest improvements in this new version is the new visualisations, which make it easier for our security investigators who aren't Splunk experts to get their hands on all the data," Ben-Oni said.

"The threat intelligence framework is also a welcome addition, as it will allow us to not only view all of our feeds in one place but also eliminate duplicated information on new threats."

In addition to its eponymous flagship on-prem analytics platform, the company offers Splunk Storm, a cloud service that gives Big Data analytics developers and users a way to create, test and run business insight applications in a pay-as-you-go service with no local install or hardware required.

Making things easy for partners who'd like to kick the tires on Big Data in the cloud, Splunk Storm offers the ability to index and store machine data from any source, format, platform, or cloud provider without custom parsers or connectors.

The system, which is hosted on Amazon Web Services, uses Splunk's proprietary search language and a few hundred pre-built commands to query machine data, filter events, and correlate critical business information across the various data and transaction types.

In the security and compliance space, the company also offers Splunk App for PCI Compliance 2.0, an effort to target retailers and the MSPs who serve them with a PCI reporting and analysis application for businesses that want to accept credit cards, but don't want the hassle of a full-blown security and information event management (SIEM) tool.

Splunk App for PCI Compliance provides simple, basic reporting and data analysis sufficient to meet the rigours of the PCI Data Security Standard (DSS), a standard for protecting the personal information of customers and a requirement for accepting credit cards in most situations.

For more US channel news, see www.channelnomics.com