Splunk, GlassHouse Launch Joint Security Management ServiceSplunk, GlassHouse Launch Joint Security Management Service
Partnership challenges SIEM, uses Splunk search engine to find source of security problems
April 24, 2009
SAN FRANCISCO -- RSA Security Conference 2009 -- Log file search engine vendor Splunk and security services provider GlassHouse Technologies this week unveiled a joint service that's designed to help manage security events across the enterprise.
The Splunk Enterprise Security Suite (ESS) performs many of the same functions as traditional security information and event management (SIEM) tools, but it works more like a search engine, helping IT organizations to go through log and system information to quickly identify the source of an attack or other security event, the companies said.
"Splunk can index logs, events, and activities generated by any application, server, or network device without complex connectors, custom parsers, or expensive database deployments," the companies say. "GlassHouse adds security operations domain knowledge that Splunk ESS users can now leverage to correlate IT data and provide insight into the security posture of their organizations."
GlassHouse, an IT outsourcing firm that already serves about half of the Fortune 1000, will use Splunk in its professional services engagements, helping enterprises to manage security events, collect compliance data, and speed incident response. Essentially, Splunk ESS will allow enterprises to purchase the enterprise event monitoring and correlation capability as a service, and engage the GlassHouse consultants to help track, correlate, and diagnose the origin of security problems.
"If the user already has SIEM, we can work alongside it. But we think SIEM as a technology is limited and brittle," says Michael Baum, chief corporate and business development officer and co-founder of Splunk. "With SIEM, it can take days to search your logs and find what you're looking for. It can take years to get the domain expertise you need to really take advantage of the technology. With Splunk ESS, you can get up and running right away."
Splunk ESS is a collection of security applications that run on top of the search engine, including packaged searches, correlations, reports, dashboards, visualizations, and analysis, the companies say. It includes a security posture overview, compliance reporting, endpoint protection, event monitoring, incident response, log management, network protection, forensics, and user/system access reporting.
"We're trying to disrupt the marketplace," Baum says. "Wherever SIEM is not in place, we think we've got a better alternative. Where SIEM is in place, we may work with it, to help expedite the correlation and search process, or we may replace it."
While Splunk ESS is a managed service, enterprises can test out Splunk for themselves with a free download. With the enterprise version, users pay a fee according to how much data they wish to search -- small organizations may pay only a few thousand dollars a month, while some of Splunk's largest customers, such as MySpace or the Department of State, may pay seven figures, Baum says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
5 Reasons To Move your PKI Deployment to the Cloud