Splunk unveils New Security Innovations for Enhanced Threat Detection

Splunk, a cybersecurity and observability provider, announced new security advancements to improve threat detection and security operations across various data sources. These advancements include the introduction of Splunk Enterprise 8.0, designed to help security teams proactively manage and mitigate risks, and a new Federated Analytics feature, which analyzes data directly where it’s stored for threat hunting and frequent threat detection.

In response to increasingly sophisticated security challenges, a unified threat detection, investigation, and response (TDIR) solution is essential for powering the Security Operations Center (SOC) of the future. Splunk’s latest offerings aim to meet this need by providing comprehensive security visibility, accurate threat detection, and streamlined workflows for rapid response, ultimately saving time and reducing costs.

Splunk Enterprise Security 8.0: Streamlining Threat Detection and Response

Splunk Enterprise Security 8.0, now with Mission Control natively integrated, simplifies the detection, investigation, and response to threats through a single interface. With standardized terminology and unified automation via Splunk SOAR, the platform expedites alert triage and investigations, enhancing detection with advanced analytics. This allows security analysts to benefit from streamlined workflows, faster responses, and improved productivity.

Key enhancements in Splunk Enterprise Security 8.0 include:

• Seamless Workflow Experience: A unified work surface and response plans help users identify, assess, and respond to threats efficiently.
• Efficient Investigations: One-click aggregation and triage capabilities automatically compile findings based on preset criteria, providing a comprehensive view of critical insights.
• Time-Saving Focus on Critical Incidents: Enhanced detection offers turnkey capabilities for implementing a risk-based alerting strategy, generating high-confidence aggregated investigation alerts.

• Communicate more effectively and take rapid action: Clear, concise terms that align to each phase of a security workflow within Splunk Enterprise Security 8.0.

These features are designed to improve security teams' operational efficiency and speed, supporting a more effective response to emerging threats.

“The latest advancements in Splunk Enterprise Security 8.0 revolutionize the TDIR life cycle experience for analysts,” said Mike Horn, SVP & GM, Splunk Security Products. “Featuring a seamless investigation and case management solution that includes integrated automation with Splunk SOAR, our latest release empowers SOC teams to navigate the complexities of cybersecurity with efficiency. Splunk Enterprise Security 8.0 serves as a foundation for the SOC of the future, driving proactive defense in an ever-evolving threat landscape.”

Splunk has announced the Federated Analytics feature, available in a private preview on Splunk Cloud Platform and cloud deployments of Splunk Enterprise Security. This new approach to data analysis allows customers to analyze data directly where it resides, starting with Amazon Security Lake.

Amazon Security Lake centralizes an organization’s security data from AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake for threat hunting and frequent threat detection. By integrating with Amazon Security Lake, Federated Analytics enables organizations to detect and investigate security incidents efficiently without relocating data, ensuring swift, context-rich data analysis and enhancing operational agility. This feature is set to expand to additional data platforms in the future.

With Federated Analytics, security teams can:

• Analyze Data in Place: Access and analyze data across storage locations, maintaining data integrity and reducing latency.
• Unify Security Visibility: Integrate and analyze data from Splunk and Amazon Security Lake, providing a holistic view of security data and reducing costs and logistical complexities.
• Increase Efficiency and Cost-Effectiveness: Optimize operational costs through data management strategies such as data tiering and selective data ingest, significantly lowering expenses associated with data management.

“With Amazon Security Lake and Splunk’s Federated Analytics, customers now have access to significant advancements in data security and accessibility, supporting SOC use cases such as monitoring and threat hunting,” said Mark Terenzoni, Director of Risk Management at Amazon Web Services. “The Federated Analytics solution empowers organizations to leverage the comprehensive capabilities of Amazon Security Lake while maintaining robust security measures. our collaboration with Splunk to enable customers to perform just-in-time indexing for large volumes of data sources without requiring data movement for investigative use cases. Federated Analytics and the Open Cybersecurity Schema Framework (OCSF) underscores our shared vision of driving innovation and efficiency in cybersecurity.”

Following Cisco’s acquisition of Splunk, security teams can now utilize Cisco Talos threat intelligence across Splunk Attack Analyzer, Splunk Enterprise Security, and Splunk SOAR for improved defense against known and emerging threats. Cisco Talos, composed of researchers, analysts, incident responders, and engineers, is a widely trusted threat intelligence team.

By leveraging Talos’ extensive intelligence network, Splunk customers can streamline their threat detection and response processes. This integration aims to reduce alert fatigue, allowing security analysts to concentrate on critical threats. The integration provides quick identification and prioritization of real threats using global real-time outbreak data, contextual insights, and advanced correlations.

Read more from Bharti Trehan..

Read IT Product News here..