Sponsored By

New SIEM Tools Help SOC Automation

Splunk rolls out new SIEM and orchestration tools at its .conf event.

ORLANDO, FL — Splunk .conf — In a presentation that was part of the keynote address at Splunk's annual .conf gathering, Splunk vice president of security research Mony Merza announced three updates to the company's roster of security-focused analytics products. Splunk Enterprise Security 5.2, Splunk User Behavior Analytics 4.2, and Splunk Phantom 4.1 were premiered to a crowd of more than 8,000 at Disney's Arena.

"What does it take to defend against phishing or malware?" Merza asked. "You have to be able to observe, orient, decide, and act." Splunk's acquisition of Phantom earlier in 2018 allows for the final piece of that list, he said, while Splunk's traditional SIEM technology continues to provide the first three.

The new version of Splunk Enterprise Security includes event sequencing, which groups correlation searches and risk modifiers for threat detection and investigations, and a new Use Case Library, which highly accurate and usable security content tailored to a customer's specific security situation. The Splunk ES Use Case Library provides an automated discovery process for new use cases, including adversary tactics, cloud security, abuse, and ransomware, to help security analysts understand how best to respond.

Phantom 4.1, which integrates the Phantom orchestration and automation functions with Splunk's core functionality, provides new features including clustering support, which aids operational scaling; a new indicator view; and improved onboarding, which dramatically speeds deployment.

Splunk's UBA 4.2 is designed to help analysts with machine learning to help find threats and anomalous user behavior. New features include user feedback learning for better UBA anomaly model-scoring in threat detection; improved data ingestion performance by up to 2x; and single sign-on support.

For more, read here.



Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights