Splunk’s security innovations boost threat detection and response
Splunk announced new security innovations aimed at bolstering threat detection and security operations across multiple data sources.
These advancements include Splunk Enterprise 8.0, which empowers security teams to proactively manage and mitigate risks effectively, and a new Federated Analytics feature, which analyzes data directly where it’s stored for threat hunting and frequent threat detection.
As organizations face increasingly sophisticated security challenges, a unified threat detection, investigation, and response (TDIR) solution is crucial to power the Security Operations Center (SOC) of the future.
Splunk’s latest offerings address this need by fortifying foundational elements, delivering comprehensive security visibility, accurate threat detection, and streamlined workflows for rapid response, ultimately saving time with cost-effective solutions.
Splunk Enterprise Security 8.0
Now with Mission Control natively integrated, Splunk Enterprise Security 8.0 simplifies how security analysts detect, investigate and respond to threats from one modern interface for additional operational efficiency and speed.
With standardized terminology and unified automation via Splunk SOAR, Splunk Enterprise Security 8.0 expedites alert triage and investigations, enhancing detection with advanced analytics. As a result, security analysts can leverage streamlined workflows, faster responses and improved productivity.
With the new enhancements in Splunk Enterprise Security 8.0, security teams can:
- Leverage a seamless workflow experience: Splunk Enterprise Security 8.0 offers a unified work surface and response plans to help customers identify, assess and respond to threats.
- Drive more efficient investigations: One click, modern aggregation and triage capabilities to automatically aggregate findings based on preset criteria for a comprehensive view of critical insights.
- Save time by focusing on critical incidents: Enhanced detection delivers turnkey capabilities to understand and implement a risk-based alerting strategy, generating high-confidence aggregated alerts for investigations.
- Communicate more effectively and take rapid action: Clear, concise terms that align to each phase of a security workflow within Splunk Enterprise Security 8.0.
“The latest advancements in Splunk Enterprise Security 8.0 revolutionize the TDIR life cycle experience for analysts,” said Mike Horn, SVP & GM, Splunk Security Products. “Featuring a seamless investigation and case management solution that includes integrated automation with Splunk SOAR, our latest release empowers SOC teams to navigate the complexities of cybersecurity with efficiency. Splunk Enterprise Security 8.0 serves as a foundation for the SOC of the future, driving proactive defense in an ever-evolving threat landscape.”
Federated Analytics feature
Splunk’s Federated Analytics feature, available in private preview on Splunk Cloud Platform and cloud deployments of Splunk Enterprise Security, introduces a new approach to data analysis.
This solution enables customers to analyze data directly where it resides, beginning with Amazon Security Lake, a service that automatically centralizes an organization’s security data from across their Amazon Web Services (AWS) environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake, for threat hunting and bringing specific data into Splunk for frequent threat detection.
By seamlessly integrating with Amazon Security Lake, Federated Analytics empowers organizations to efficiently detect and investigate security incidents without the need to relocate data. This capability ensures swift, context-rich data analysis and enhances operational agility, setting the stage for future expansions to additional data platforms.
With Federated Analytics, security teams can:
- Analyze data wherever it resides: Ensure timely access to and analysis of data across storage locations, maintaining data integrity and reducing latency.
- Unify security visibility across your data: Integrate and analyze data from Splunk and Amazon Security Lake with a seamless analyst experience, providing a holistic view of security data, and reducing costs and logistical complexities.
- Increase efficiency and cost-effectiveness: Optimize operational costs through smart data management strategies such as data tiering and selective data ingest, significantly lowering expenses associated with data management.
“With Amazon Security Lake and Splunk’s Federated Analytics, customers now have access to significant advancements in data security and accessibility, supporting SOC use cases such as monitoring and threat hunting,” said Mark Terenzoni, Director of Risk Management at Amazon Web Services.
“The Federated Analytics solution empowers organizations to leverage the comprehensive capabilities of Amazon Security Lake while maintaining robust security measures. We are enthusiastic about our collaboration with Splunk to enable customers to perform just-in-time indexing for large volumes of data sources without requiring data movement for investigative use cases. Federated Analytics and the Open Cybersecurity Schema Framework (OCSF) underscores our shared vision of driving innovation and efficiency in cybersecurity,” added Terenzoni.
Enhancing security defense: Cisco Talos integration with Splunk security products
Following Cisco’s acquisition of Splunk, security teams will be able to harness the power of Cisco Talos threat intelligence across Splunk Attack Analyzer, Splunk Enterprise Security and Splunk SOAR for enhanced defense against known and emerging threats. Cisco Talos is one of the most trusted threat intelligence teams in the world, composed of world-class researchers, analysts, incident responders and engineers.
Leveraging Talos’ extensive intelligence network, Splunk customers can streamline threat detection and response processes, reducing alert fatigue and allowing security analysts to focus on critical threats. This enables quick identification and prioritization of real threats with global real-time outbreaks, contextual insights and advanced correlations.
The technical integration of Talos real-time intelligence is underway across Splunk’s portfolio, including Splunk Enterprise Security, Splunk SOAR and Splunk Attack Analyzer.
Product availability
Splunk Enterprise Security 8.0 is now in private preview, with general availability coming in September 2024. Splunk’s Federated Analytics feature will become available in private preview starting in July 2024.
The Cisco Talos threat intelligence integration with Splunk Enterprise Security, Splunk SOAR and Splunk Attack Analyzer will be made available soon.