Splunk Showcases Security Intelligence Solutions
Applications have a wide range of use cases, including investigating incidents, detecting advanced threats and improving security and compliance posture
July 30, 2013
PRESS RELEASE
Splunk Inc. (NASDAQ: SPLK), the leading software platform for real-time operational intelligence, today announced more than 20 security-related demonstrations of Splunk® software will be on display at Black Hat USA 2013, some of which are being publicly shown for the first time. The applications have a wide range of use cases including investigating incidents, detecting advanced threats and improving security and compliance posture. Black Hat USA will take place July 27-August 1 at Caesars Palace in Las Vegas. Splunk security experts will run live product demonstrations at the expo on July 31 and August 1 starting at 10 a.m. PDT daily.
"The nature of security threats is changing. Cyberattacks are often in stealth mode and more difficult to detect and investigate with traditional security tools," said Tim Mather, chief information security officer and vice president of security and compliance markets, Splunk. "Splunk software enables security professionals to efficiently detect and investigate security threats by allowing security teams to index and search through massive amounts of data. All data is now security-relevant, including security and non-security sources as well as threat intelligence feeds. Splunk is proud to showcase the latest software solutions relevant to the security threats organizations face today at one of the premier security events in the world."
Splunk collaborates with a wide range of leading security vendors to make available more than 70 Splunk apps related to security on our community website Splunkbase. The Splunk software being publicly showcased at Black Hat USA 2013 in booth #320 include:
Splunk App for Enterprise Security -- This app provides out-of-the-box security content that delivers a next-generation, SIEM-like security intelligence platform that helps organizations detect known and unknown threats, perform incident investigations and report on high-level security risk. Among the many pre-built searches, reports and dashboards are visualizations that enable statistical analysis of machine data. Version 2.4 makes it easier to locate outliers and anomalies that might be advanced threats.
NetFlow for Splunk powered by NetFlow Integrator -- This app allows organizations to index NetFlow data in Splunk Enterprise for security or network monitoring use cases. It does this by leveraging the app and NetFlow Logic's NetFlow Integrator to convert binary NetFlow into a human-readable, syslog format that is then indexed in Splunk software. The app also contains pre-built reports and dashboards to more easily visualize network flows that may be security threats. New in version 3.1 is enhanced support for NetFlow V9 and new visualizations.
Splunk Integration with the Norse IPViking feed -- Norse uses a global network of sensors to identify risky or malicious IP addresses, uncover more information around these IP addresses and assign them a risk score. Norse then makes this information available through their live IPViking threat intelligence feed. The proof-of-concept integration being shown enables Splunk users to automatically or manually apply the IPViking threat intelligence feed to data in Splunk in order to identify high-risk network and endpoint activity associated with malicious IPs or to add more contextual information to an IP address to facilitate a security investigation. High-risk activity that could be identified or blocked includes external IPs attempting DDoS attacks or acting as CnC servers.
Splunk App for Palo Alto Networks -- The Splunk App for Palo Alto Networks ingests the context-rich machine data from Palo Alto Networks next-generation firewalls to enable organizations to analyze risk, improve security posture and compliance and address a number of additional operational and regulatory concerns. The app contains pre-built searches, reports and dashboards to visualize a wide range of Palo Alto Networks data including application and user, intrusion prevention system (IPS), antivirus and content filtering events. New in version 3.3 are visualizations that show events from Wildfire, Palo Alto Networks' technology for detecting advanced persistent threats (APTs).
For the latest Splunk security solutions, please visit the security section of the Splunk website. For more information about Black Hat USA 2013, please go to http://www.blackhat.com/us-13/.
Register now for .conf2013, the 4th Annual Splunk Worldwide Users' Conference, featuring more than 100 sessions by Splunk customers, partners, experts and employees. .conf2013 is being held September 30-October 3 at The Cosmopolitan in Las Vegas.
About Splunk Inc.
Splunk Inc. (NASDAQ: SPLK) provides the engine for machine data&trade. Splunk® software collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks, sensors and mobile devices that power business. Splunk software enables organizations to monitor, search, analyze, visualize and act on massive streams of real-time and historical machine data. 5,600 enterprises, universities, government agencies and service providers in over 90 countries use Splunk Enterprise to gain Operational Intelligence that deepens business and customer understanding, improves service and uptime, reduces cost and mitigates cybersecurity risk. Splunk Storm®, a cloud-based subscription service, is used by organizations developing and running applications in the cloud.
To learn more, please visit www.splunk.com/company.
You May Also Like