New SIEM Tools Help SOC AutomationNew SIEM Tools Help SOC Automation
Splunk rolls out new SIEM and orchestration tools at its .conf event.
February 11, 2018
ORLANDO, FL — Splunk .conf — In a presentation that was part of the keynote address at Splunk's annual .conf gathering, Splunk vice president of security research Mony Merza announced three updates to the company's roster of security-focused analytics products. Splunk Enterprise Security 5.2, Splunk User Behavior Analytics 4.2, and Splunk Phantom 4.1 were premiered to a crowd of more than 8,000 at Disney's Arena.
"What does it take to defend against phishing or malware?" Merza asked. "You have to be able to observe, orient, decide, and act." Splunk's acquisition of Phantom earlier in 2018 allows for the final piece of that list, he said, while Splunk's traditional SIEM technology continues to provide the first three.
The new version of Splunk Enterprise Security includes event sequencing, which groups correlation searches and risk modifiers for threat detection and investigations, and a new Use Case Library, which highly accurate and usable security content tailored to a customer's specific security situation. The Splunk ES Use Case Library provides an automated discovery process for new use cases, including adversary tactics, cloud security, abuse, and ransomware, to help security analysts understand how best to respond.
Phantom 4.1, which integrates the Phantom orchestration and automation functions with Splunk's core functionality, provides new features including clustering support, which aids operational scaling; a new indicator view; and improved onboarding, which dramatically speeds deployment.
Splunk's UBA 4.2 is designed to help analysts with machine learning to help find threats and anomalous user behavior. New features include user feedback learning for better UBA anomaly model-scoring in threat detection; improved data ingestion performance by up to 2x; and single sign-on support.
For more, read here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
5 Reasons To Move your PKI Deployment to the Cloud