Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time operational intelligence, today announced it will showcase more than 20 security-related demonstrations of Splunk® software at the RSA Conference USA 2014. Splunk security experts will be on hand at booth #2835 to conduct live demonstrations and answer questions at the show scheduled for Feb. 24 – 28 at the Moscone Center in San Francisco. The demonstrations cover a wide range of use cases including investigating incidents, detecting advanced threats and improving security and compliance posture. In addition, Splunk security evangelist Joe Goldberg will present on how to use big data to help counteract advanced threats.
“Maintaining a strong security posture seems like a moving target with the onslaught of news about insider and advanced threats. A common thread among these cyberattacks is that there would have been a greater chance of detecting them by monitoring the appropriate machine-generated data in real time,” said Steve Sommer, chief marketing officer, Splunk. “Splunk Enterprise is a security intelligence platform used by thousands of organizations that all recognize the critical importance of big data solutions that collect and analyze machine data from across the business. Many of these organizations migrated to Splunk software after being frustrated by the limited flexibility, scale and speed of traditional SIEMs.”
The 451 Research Group recently issued its 16th Information Security Study which named Splunk one of the fastest growing security information and event management (SIEM) providers. Watch the Splunk for Security video to learn more about why Splunk software is the ideal security intelligence platform and how it is more than just a SIEM.
Highlighted Splunk software being publicly showcased at RSA Conference USA 2014 includes:
- Splunk App for Enterprise Security — Provides out-of-the-box security content that delivers a “beyond-SIEM” security intelligence platform, helping customers detect known and unknown threats. This app unites IT ops and security teams in quickly performing incident investigation and root-cause analysis. It also supports all phases of security management with prebuilt real-time searches and alerts, reports and dashboards, statistical analysis and interactive investigation visualizations. New in version 3.0 is support for multiple threat intelligence feeds with deduplication, predictive analytics and native support for ingest of Netflow/IPFIX and packet capture data. Click here to watch a comprehensive demo of the Splunk App for Enterprise Security.
- Splunk App for Palo Alto Networks — Shortens the time to detection and remediation of advanced threats, including automated incident response for compromised hosts. The app ingests all security data from Palo Alto Networks security platform, which provides native visibility into all traffic, irrespective of port, protocol and encryption. Users are able to act on this data in real time, quickly indexing, searching, visualizing and reporting on intelligence from users, applications, IPS/IDS, anti-malware, URL filtering and WildFire for unknown malware and exploits. The app allows security teams to discover advanced threats and compromised hosts while simplifying a host of other compliance, regulatory and operational concerns, including automated remediation such as quickly quarantining infected users or alerting administrators if a breach happens. New in version 4.0 is compatibility with Splunk Enterprise 6, which features all dashboards in simple XML, built-in GeoIP mapping and updated UI navigation bars.
- Splunk App for Cisco Security Suite — Ingests the context-rich machine data from a variety of Cisco security products to enable organizations to analyze risk, improve security posture and compliance and address a number of additional operational and regulatory concerns. The app contains pre-built searches, reports and dashboards to visualize a wide range of data from multiple Cisco products including ASA/PIX/FWMS firewalls, Cisco Email and Web Security Appliances, Cisco Intrusion Prevention System, and Cisco Identity Services Engine.
- Splunk Integration with Norse live threat intelligence — Norse uses a global network of sensors to identify high-risk and malicious IP addresses, uncover more contextual information around these IP addresses and assign them a risk score. Norse then makes this information available in real-time through the cloud via its IPViking and Darklist services. Norse threat intelligence is offered as part of the Splunk App for Enterprise Security 3.0 for a free 30-day trial period, or it can be accessed via the new Splunk Add-on for Norse Darklist and Norse IPViking on Splunk Apps. Once in Splunk, Norse threat intelligence data can be used for incident response to identify high-risk network and endpoint activity associated with malicious IPs or to add more contextual information to an IP address to facilitate a security investigation.