Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Splunk, GlassHouse Launch Joint Security Management Service

Partnership challenges SIEM, uses Splunk search engine to find source of security problems

SAN FRANCISCO -- RSA Security Conference 2009 -- Log file search engine vendor Splunk and security services provider GlassHouse Technologies this week unveiled a joint service that's designed to help manage security events across the enterprise.

The Splunk Enterprise Security Suite (ESS) performs many of the same functions as traditional security information and event management (SIEM) tools, but it works more like a search engine, helping IT organizations to go through log and system information to quickly identify the source of an attack or other security event, the companies said.

"Splunk can index logs, events, and activities generated by any application, server, or network device without complex connectors, custom parsers, or expensive database deployments," the companies say. "GlassHouse adds security operations domain knowledge that Splunk ESS users can now leverage to correlate IT data and provide insight into the security posture of their organizations."

GlassHouse, an IT outsourcing firm that already serves about half of the Fortune 1000, will use Splunk in its professional services engagements, helping enterprises to manage security events, collect compliance data, and speed incident response. Essentially, Splunk ESS will allow enterprises to purchase the enterprise event monitoring and correlation capability as a service, and engage the GlassHouse consultants to help track, correlate, and diagnose the origin of security problems.

"If the user already has SIEM, we can work alongside it. But we think SIEM as a technology is limited and brittle," says Michael Baum, chief corporate and business development officer and co-founder of Splunk. "With SIEM, it can take days to search your logs and find what you're looking for. It can take years to get the domain expertise you need to really take advantage of the technology. With Splunk ESS, you can get up and running right away."

Splunk ESS is a collection of security applications that run on top of the search engine, including packaged searches, correlations, reports, dashboards, visualizations, and analysis, the companies say. It includes a security posture overview, compliance reporting, endpoint protection, event monitoring, incident response, log management, network protection, forensics, and user/system access reporting.

"We're trying to disrupt the marketplace," Baum says. "Wherever SIEM is not in place, we think we've got a better alternative. Where SIEM is in place, we may work with it, to help expedite the correlation and search process, or we may replace it."

While Splunk ESS is a managed service, enterprises can test out Splunk for themselves with a free download. With the enterprise version, users pay a fee according to how much data they wish to search -- small organizations may pay only a few thousand dollars a month, while some of Splunk's largest customers, such as MySpace or the Department of State, may pay seven figures, Baum says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-18
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
PUBLISHED: 2021-05-18
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
PUBLISHED: 2021-05-18
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
PUBLISHED: 2021-05-18
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
PUBLISHED: 2021-05-18
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage