informa
Quick Hits

New SIEM Tools Help SOC Automation

Splunk rolls out new SIEM and orchestration tools at its .conf event.

ORLANDO, FL — Splunk .conf — In a presentation that was part of the keynote address at Splunk's annual .conf gathering, Splunk vice president of security research Mony Merza announced three updates to the company's roster of security-focused analytics products. Splunk Enterprise Security 5.2, Splunk User Behavior Analytics 4.2, and Splunk Phantom 4.1 were premiered to a crowd of more than 8,000 at Disney's Arena.

"What does it take to defend against phishing or malware?" Merza asked. "You have to be able to observe, orient, decide, and act." Splunk's acquisition of Phantom earlier in 2018 allows for the final piece of that list, he said, while Splunk's traditional SIEM technology continues to provide the first three.

The new version of Splunk Enterprise Security includes event sequencing, which groups correlation searches and risk modifiers for threat detection and investigations, and a new Use Case Library, which highly accurate and usable security content tailored to a customer's specific security situation. The Splunk ES Use Case Library provides an automated discovery process for new use cases, including adversary tactics, cloud security, abuse, and ransomware, to help security analysts understand how best to respond.

Phantom 4.1, which integrates the Phantom orchestration and automation functions with Splunk's core functionality, provides new features including clustering support, which aids operational scaling; a new indicator view; and improved onboarding, which dramatically speeds deployment.

Splunk's UBA 4.2 is designed to help analysts with machine learning to help find threats and anomalous user behavior. New features include user feedback learning for better UBA anomaly model-scoring in threat detection; improved data ingestion performance by up to 2x; and single sign-on support.

For more, read here.

BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Recommended Reading: