Splunk Inc., a provider of software for real-time operational intelligence, has announced the general availability of its Enterprise Security Intelligence Solution, consisting of the Splunk App for Enterprise Security 2.0, and Splunk Enterprise 4.3, the company's flagship software for collecting, indexing and harnessing machine data.

 

“While more and more organizations are embracing the power of big data, many are ignoring the security threats that lurk within that information. Customers who use Splunk Enterprise to monitor and analyze machine data to gain insights into their operations in real-time can use the Splunk App for Enterprise Security to monitor, identify, investigate and respond to critical known and unknown security threats,” said Christina Noren, senior vice president of solutions for Splunk.

 

Splunk Enterprise provides visibility into a broad range of IT events including those that are beyond the purview of traditional security solutions, but are increasingly security-relevant.

 

Splunk’s big-data engine enables security professionals to quickly understand unknown threats hidden as patterns in terabytes of normal user-credentialed activities that can mean the presence of advanced malware or a malicious insider.

 

The Splunk App for Enterprise Security provides the out-of-the-box security content that, combined with the core Splunk engine, delivers a next-generation security solution for monitoring known threats, support for forensic investigations, big data analytics to help identify advanced persistent threats, and dashboards for security posture and investigation workflows.

 

“Big data and security analytics have become joined at the hip as of late," said Andrew Hay, senior analyst for 451 Research's Enterprise Security Practice (ESP). “The ‘out-of-the-box’ security content of the new Splunk App for Enterprise Security, combined with the big data analytics capabilities of the Splunk platform, delivers users a SIEM-like experience for massive data sets.”

 

The new Splunk App for Enterprise Security 2.0 builds upon the features of previous product releases, and leverages the Splunk Enterprise software, adding many benefits for security teams and support for risk management, such as real-time event correlation, dashboards, drill-down and drill-across, federated identity monitoring and enhanced incident management.

 

“The Splunk App for Enterprise Security, together with core Splunk and other community-supported apps available through SplunkBase, continue to provide a flexible solution of security metrics and dashboards that support views of our total enterprise risk,” said Dan Frye, associate vice president, Corporate Security CedarCrestone, Inc.