Damballa today announced a technology alliance with Splunk Inc., and the Damballa Failsafe Technology Add-on for Splunk Enterprise, which combines Damballa’s advanced threat protection and containment capabilities with the advanced machine data analytics platform Splunk® Enterprise. The combination provides enterprises with a ‘single pane of glass’ view into their security posture for advanced, often hidden threats.
Damballa Failsafe provides enterprises with actionable intelligence to act efficiently and decisively to find, contain and respond to all of the active infections in your network, prevent breaches and eliminating risk from advanced threats. Splunk Enterprise is a big data security intelligence platform used for log management, incident investigation and response, forensics, security and compliance reporting, fraud detection and real-time detection of known and unknown threats.
In conjunction with the partnership, Damballa today is making available an integration between Damballa Failsafe and Splunk Enterprise. The Damballa Failsafe Technology Add-on will enable all Damballa advanced threat discoveries to flow into Splunk Enterprise (versions 5.x and 6.x) for direct correlation with other solutions and integration with the Splunk App for Enterprise Security.
“The ability to correlate security Big Data, and provide meaningful analytics across it, in one place, is becoming increasingly critical to improving security posture,” said Brian Foster, CTO of Damballa. “Splunk Enterprise is quickly becoming the platform that enterprises leverage to harness their data and improve their intelligence. Having access to Damballa’s actionable threat intelligence within the context of other security and enterprise intelligence, enterprises can harness the combination to significantly improve their response time and posture.”Leveraging Damballa and Splunk Enterprise together, enterprises can:
- Optimize resources through a ‘single pane of glass’ view into Damballa events, now available within Splunk Enterprise
- View their security posture regarding “hidden” advanced threats, via the Damballa dashboard
- Improve correlation and incident response, through the ability to search Damballa evidence within Splunk Enterprise
- Conduct rapid forensic investigation, with the ability to rapidly investigate the prior activities of a device from other logs to determine how the device might have become infected, its behavior related to other devices, etc.