today announced a technology alliance with Splunk Inc., and the Damballa Failsafe Technology Add-on for Splunk Enterprise, which combines Damballa’s advanced threat protection and containment capabilities with the advanced machine data analytics platform Splunk® Enterprise. The combination provides enterprises with a ‘single pane of glass’ view into their security posture for advanced, often hidden threats.
Damballa Failsafe provides enterprises with actionable intelligence to act efficiently and decisively to find, contain and respond to all of the active infections in your network, prevent breaches and eliminating risk from advanced threats. Splunk Enterprise is a big data security intelligence platform used for log management, incident investigation and response, forensics, security and compliance reporting, fraud detection and real-time detection of known and unknown threats.
In conjunction with the partnership, Damballa today is making available an integration between Damballa Failsafe and Splunk Enterprise. The Damballa Failsafe Technology Add-on will enable all Damballa advanced threat discoveries to flow into Splunk Enterprise (versions 5.x and 6.x) for direct correlation with other solutions and integration with the
Splunk App for Enterprise Security
“The ability to correlate security Big Data, and provide meaningful analytics across it, in one place, is becoming increasingly critical to improving security posture,” said Brian Foster, CTO of Damballa. “Splunk Enterprise is quickly becoming the platform that enterprises leverage to harness their data and improve their intelligence. Having access to Damballa’s actionable threat intelligence within the context of other security and enterprise intelligence, enterprises can harness the combination to significantly improve their response time and posture.”
Leveraging Damballa and Splunk Enterprise together, enterprises can:
- Optimize resources through a ‘single pane of glass’ view into Damballa events, now available within Splunk Enterprise
- View their security posture regarding “hidden” advanced threats, via the Damballa dashboard
- Improve correlation and incident response, through the ability to search Damballa evidence within Splunk Enterprise
- Conduct rapid forensic investigation, with the ability to rapidly investigate the prior activities of a device from other logs to determine how the device might have become infected, its behavior related to other devices, etc.
“Damballa’s solution is compelling because it gives organizations the ability to find, contain and respond to active infections that make it through perimeter defenses undetected, regardless of the source of the threat, entry vector, or OS of the device,” said Bill Gaylord, senior vice president of business development at Splunk. “Damballa finds real, actionable risk, and leveraging this new integration will give our joint customers access to information they need to improve their security posture and quickly mitigate the threats likely to cause the most damage to their organization.”