Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Splunk, GlassHouse Launch Joint Security Management Service

Partnership challenges SIEM, uses Splunk search engine to find source of security problems

SAN FRANCISCO -- RSA Security Conference 2009 -- Log file search engine vendor Splunk and security services provider GlassHouse Technologies this week unveiled a joint service that's designed to help manage security events across the enterprise.

The Splunk Enterprise Security Suite (ESS) performs many of the same functions as traditional security information and event management (SIEM) tools, but it works more like a search engine, helping IT organizations to go through log and system information to quickly identify the source of an attack or other security event, the companies said.

"Splunk can index logs, events, and activities generated by any application, server, or network device without complex connectors, custom parsers, or expensive database deployments," the companies say. "GlassHouse adds security operations domain knowledge that Splunk ESS users can now leverage to correlate IT data and provide insight into the security posture of their organizations."

GlassHouse, an IT outsourcing firm that already serves about half of the Fortune 1000, will use Splunk in its professional services engagements, helping enterprises to manage security events, collect compliance data, and speed incident response. Essentially, Splunk ESS will allow enterprises to purchase the enterprise event monitoring and correlation capability as a service, and engage the GlassHouse consultants to help track, correlate, and diagnose the origin of security problems.

"If the user already has SIEM, we can work alongside it. But we think SIEM as a technology is limited and brittle," says Michael Baum, chief corporate and business development officer and co-founder of Splunk. "With SIEM, it can take days to search your logs and find what you're looking for. It can take years to get the domain expertise you need to really take advantage of the technology. With Splunk ESS, you can get up and running right away."

Splunk ESS is a collection of security applications that run on top of the search engine, including packaged searches, correlations, reports, dashboards, visualizations, and analysis, the companies say. It includes a security posture overview, compliance reporting, endpoint protection, event monitoring, incident response, log management, network protection, forensics, and user/system access reporting.

"We're trying to disrupt the marketplace," Baum says. "Wherever SIEM is not in place, we think we've got a better alternative. Where SIEM is in place, we may work with it, to help expedite the correlation and search process, or we may replace it."

While Splunk ESS is a managed service, enterprises can test out Splunk for themselves with a free download. With the enterprise version, users pay a fee according to how much data they wish to search -- small organizations may pay only a few thousand dollars a month, while some of Splunk's largest customers, such as MySpace or the Department of State, may pay seven figures, Baum says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...