Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Splunk, GlassHouse Launch Joint Security Management Service

Partnership challenges SIEM, uses Splunk search engine to find source of security problems

SAN FRANCISCO -- RSA Security Conference 2009 -- Log file search engine vendor Splunk and security services provider GlassHouse Technologies this week unveiled a joint service that's designed to help manage security events across the enterprise.

The Splunk Enterprise Security Suite (ESS) performs many of the same functions as traditional security information and event management (SIEM) tools, but it works more like a search engine, helping IT organizations to go through log and system information to quickly identify the source of an attack or other security event, the companies said.

"Splunk can index logs, events, and activities generated by any application, server, or network device without complex connectors, custom parsers, or expensive database deployments," the companies say. "GlassHouse adds security operations domain knowledge that Splunk ESS users can now leverage to correlate IT data and provide insight into the security posture of their organizations."

GlassHouse, an IT outsourcing firm that already serves about half of the Fortune 1000, will use Splunk in its professional services engagements, helping enterprises to manage security events, collect compliance data, and speed incident response. Essentially, Splunk ESS will allow enterprises to purchase the enterprise event monitoring and correlation capability as a service, and engage the GlassHouse consultants to help track, correlate, and diagnose the origin of security problems.

"If the user already has SIEM, we can work alongside it. But we think SIEM as a technology is limited and brittle," says Michael Baum, chief corporate and business development officer and co-founder of Splunk. "With SIEM, it can take days to search your logs and find what you're looking for. It can take years to get the domain expertise you need to really take advantage of the technology. With Splunk ESS, you can get up and running right away."

Splunk ESS is a collection of security applications that run on top of the search engine, including packaged searches, correlations, reports, dashboards, visualizations, and analysis, the companies say. It includes a security posture overview, compliance reporting, endpoint protection, event monitoring, incident response, log management, network protection, forensics, and user/system access reporting.

"We're trying to disrupt the marketplace," Baum says. "Wherever SIEM is not in place, we think we've got a better alternative. Where SIEM is in place, we may work with it, to help expedite the correlation and search process, or we may replace it."

While Splunk ESS is a managed service, enterprises can test out Splunk for themselves with a free download. With the enterprise version, users pay a fee according to how much data they wish to search -- small organizations may pay only a few thousand dollars a month, while some of Splunk's largest customers, such as MySpace or the Department of State, may pay seven figures, Baum says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...