LAS VEGAS: Splunk has announced two products to boost security through the use of big data analytics, and track hackers and user behaviour across a company's IT infrastructure.
Revealed at Splunk's .conf conference in Las Vegas, Splunk Enterprise Security 4.0 is a reworking of the company's Splunk App for Enterprise Security. The latest version has been stuffed with updates to enable ad-hoc analysis of cyber threats affecting an enterprise's IT network.
Security 4.0 sports an Investigator Timeline feature, which lets analysts track any event or activity during an attack investigation via a timeline to better figure out and communicate the cause and impact of security beaches and multi-stage attacks.
Splunk said that this allows analysts to apply the ‘kill chain' methodology, which tracks the different stages of a cyber attack from reconnaissance to weaponisation and execution of code.
The Investigator Timeline also lets analysts and researchers place events, actions and annotations into the timeline to share their views on the attack scenarios and work together on investigating breaches and security incidents.
In a keynote speech, Splunk chief security evangelist Monzy Merza said the Investigator Timeline allows security researchers to dig deeper into events and logs without losing the core of their investigation.
"As you continue the investigation you might want to dive down into another dashboard and try to build more context from another page, and if you find something interesting there you can add that information to the investigation as well without losing context, he explained.
"Now you can communicate, now you can see what happened first, what happened next, without having to open tens of tabs, or take notes, or copy-paste Excel sheets."
The new Investigator Journal can then be used to keep track of the searches and activities carried out during the analysis of multi-stage attacks linked with network breach detection and response activity.
The addition of the Enterprise Security Framework to Security 4.0 enables software suppliers and third-party developers to build on the security package by adding apps that can access its functionality, such as threat intelligence and identity frameworks.
Splunk also revealed User Behavior Analytics (UBA), which stems out of its acquisition of security firm Caspida.
Splunk UBA uses machine learning and other analytics techniques to detect cyber attacks and threats from within an IT network.
The product has been designed to help security analysts focus on meaningful threats and malicious activities happening across IT infrastructure by using a visualisation of the kill chain methodology.
"Splunk UBA is literally a technological leap that brings in data science and machine learning to the cyber security fight," said Merza, noting how Splunk offers insight into both real-time and long-term internal security threats.
It is no surprise that Splunk is building out its security portfolio, particularly given how big data analytics are being heralded as the future of cyber security.
Splunk also announced the latest version of its operational intelligence platform at .conf, aimed at collecting and analysing IoT data, while luxury smartphone brand Vertu outlined how the firm is using Splunk's operational data analysis services to overhaul Android software testing for its premium handsets.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal