Eliminate Manual Threat Analysis of Credential Phishing & Malware Threats with Splunk Attack Analyzer

We are extremely excited to introduce a new addition to the Splunk unified security operations experience: Splunk Attack Analyzer.

Splunk Attack Analyzer (formerly Twinwave) automates threat analysis of suspected malware and credential phishing threats by identifying and extracting associated forensics to provide accurate and timely detections.  

SOC analysts continue to struggle to work across many security tools to help them understand and address threats targeting the organization. They often can not see the full picture of malicious activity or the contextual awareness of a series of coordinated threats. 

When it comes to investigating active credential phishing or malware, analysts must:

1. Manually synthesize data, files or urls to formulate insights.
2. Then take the time to draw conclusions. 
3. Finally, take corrective action. 

Analysts often turn to traditional sandboxes for analysis and detection purposes, but these tools are often not designed to detect the latest complex attacks that utilize varying delivery vectors. Even with the use of sandboxes, there is still an element of manual work for analysts to access malicious content, which can lead to inefficient, incomplete, and misleading investigations.

Take the manual work out of Threat Analysis

Splunk Attack Analyzer provides automated threat analysis and associated digital forensics to:

• Save analysts’ time.
• Help SOCs achieve the operational efficiency needed to outpace adversaries.

The solution uses proprietary technology to analyze credential phishing and malware threats, helping security analysts achieve unparalleled detection efficacy with confidence and ease. 

Splunk Attack Analyzer automatically navigates through varying delivery vectors of an attack chain, such as accessing malicious content, downloading files, or even entering passwords for archives, to get to the final payload which can then be analyzed. 

How Splunk Attack Analyzer Works

When a suspected sample is submitted to Splunk Attack Analyzer, analysts are provided with an immediate visualization that showcases:

• The step by step actions of the intended attack
• All associated intelligence and context

This insight provides analysts with a clear and rapid view into how threat actors are operating, eliminating the need to manually synthesize data in order to draw conclusions. Analysts are therefore able to save time and get through the backlog of events faster and process alerts with accuracy.

Analysts also have the capability to seamlessly generate non-attributed environments directly within Splunk Attack Analyzer in order to access malicious content, including URLs and files, without compromising the safety of the analyst or the enterprise.

The ability to directly access potential phishing sites or files enables analysts to thoroughly conduct an investigation and remain confident their identity is concealed. 

Fully automate end-to-end threat analysis & response workflows

With the volume and sheer velocity of phishing attacks and alerts that the SOC must triage on a daily basis, analysts require a solution that fully automates end-to-end threat analysis and response workflows.

Integrated with Splunk SOAR, Splunk Attack Analyzer conducts automated analysis of identified indicators without SOC analysts having to perform manual investigative tasks or write complex playbooks that utilize multiple threat analytics products. Once Splunk Attack Analyzer has confirmed an active threat, Splunk SOAR will execute the appropriate response playbook to protect the enterprise.

The combination of Splunk SOAR and Splunk Attack Analyzer provides the SOC with unique, world-class analysis capabilities, making the SOC more effective and efficient in responding to current and future threats. 

Learn more about Splunk Attack Analyzer

Ready to automate threat analysis? We’ve got you covered! Visit the Splunk Attack Analyzer webpage or speak to your account manager to learn more.

Follow all the conversations coming out of #splunkconf23!

Follow @splunk