Splunk, GlassHouse Launch Joint Security Management Service

SAN FRANCISCO -- RSA Security Conference 2009 -- Log file search engine vendor Splunk and security services provider GlassHouse Technologies this week unveiled a joint service that's designed to help manage security events across the enterprise.

The Splunk Enterprise Security Suite (ESS) performs many of the same functions as traditional security information and event management (SIEM) tools, but it works more like a search engine, helping IT organizations to go through log and system information to quickly identify the source of an attack or other security event, the companies said.

"Splunk can index logs, events, and activities generated by any application, server, or network device without complex connectors, custom parsers, or expensive database deployments," the companies say. "GlassHouse adds security operations domain knowledge that Splunk ESS users can now leverage to correlate IT data and provide insight into the security posture of their organizations."

GlassHouse, an IT outsourcing firm that already serves about half of the Fortune 1000, will use Splunk in its professional services engagements, helping enterprises to manage security events, collect compliance data, and speed incident response. Essentially, Splunk ESS will allow enterprises to purchase the enterprise event monitoring and correlation capability as a service, and engage the GlassHouse consultants to help track, correlate, and diagnose the origin of security problems.

"If the user already has SIEM, we can work alongside it. But we think SIEM as a technology is limited and brittle," says Michael Baum, chief corporate and business development officer and co-founder of Splunk. "With SIEM, it can take days to search your logs and find what you're looking for. It can take years to get the domain expertise you need to really take advantage of the technology. With Splunk ESS, you can get up and running right away."

Splunk ESS is a collection of security applications that run on top of the search engine, including packaged searches, correlations, reports, dashboards, visualizations, and analysis, the companies say. It includes a security posture overview, compliance reporting, endpoint protection, event monitoring, incident response, log management, network protection, forensics, and user/system access reporting.

"We're trying to disrupt the marketplace," Baum says. "Wherever SIEM is not in place, we think we've got a better alternative. Where SIEM is in place, we may work with it, to help expedite the correlation and search process, or we may replace it."

While Splunk ESS is a managed service, enterprises can test out Splunk for themselves with a free download. With the enterprise version, users pay a fee according to how much data they wish to search -- small organizations may pay only a few thousand dollars a month, while some of Splunk's largest customers, such as MySpace or the Department of State, may pay seven figures, Baum says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message