It’s been an exciting year for Splunk Enterprise Security! In May, we celebrated being recognized as a Leader ten times in a row in the 2024 Gartner® Magic Quadrant™ for SIEM.
We’re not stopping there. We’re excited to introduce the SIEM of the Future to keep the momentum going. Splunk Enterprise Security 8.0 is available now in a private preview.
As the market-leader in SIEM, Splunk Enterprise Security 8.0 revolutionizes the SOC workflow experience, enabling security analysts to seamlessly detect what matters, investigate holistically, and respond rapidly. Elevate security operations with complete, unified threat detection, investigation, and response (TDIR) workflows, modern aggregation and triage capabilities, enhanced detections and simplified terminology.
This revolutionary union of innovative capabilities across TDIR marks the dawn of a new breed of SIEM – one that will become the foundation of TDIR solutions and power the SOC of the Future. This is the SIEM of the Future, and the future is now with Splunk Enterprise Security.
To navigate today’s evolving threat landscape, security analysts must maintain visibility across cloud, hybrid, and on-premises environments while managing a relentless influx of data from diverse security, IT and business sources. Harnessing this data effectively is critical, as security is ultimately a data problem. Analysts are also bogged down with disjointed data and security tools, hampering their ability to aggregate, correlate, and prioritize information crucial for efficient threat detection and response. As security threats evolve and data volumes increase, manual processes become increasingly unsustainable. Further, inconsistencies in the terminology used across different security components introduce confusion and communication barriers within teams, impeding effective collaboration and coordinated efforts.
To enhance SOC efficiency, analysts must be equipped with a streamlined workflow experience that boosts productivity. Ensuring security analysts have a SIEM solution that provides the foundation to unify detection, investigation, and response to threats will bolster their confidence and efficacy in managing security risks.
It’s a fact that analysts struggle with too many tools. On average, they are juggling 25+1 different security tools that perform actions across detection, investigation and response — negatively impacting mean time to detect (MTTD) and mean time to respond (MTTR).
This is why we are introducing a new unified work surface for Splunk Enterprise Security users. In Splunk Enterprise Security 8.0, we provide direct integration with Splunk SOAR playbooks and actions with the case management and investigation features of Splunk Enterprise Security and Mission Control. Analysts can detect, investigate and respond to threats from one modern interface and find an appreciable increase in their operational efficiency with a unified solution for data aggregation, analysis, and automation.
We’re bringing a seamless, completely integrated workflow experience for case management, alert triage, incident investigation, and incident response use cases to the SOC, without leaving Splunk Enterprise Security. Analysts will have one-click access to automate and orchestrate tasks within Splunk Enterprise Security.
Introducing Response Plans directly in Splunk Enterprise Security allows users to easily collaborate and execute incident response workflows for common security use cases. Analysts have access to a defined and organized response process directly within Splunk Enterprise Security without spending extra time pivoting between other tools.
One solution. MTTD and MTTR: optimized and simplified.
Navigating the nebulous activity of threat detection, analysts find themselves besieged by a pervasive lack of context. They struggle to understand the significance and potential impact of security threats, which impedes their ability to make informed decisions and take appropriate action.
We’re Introducing Finding Groups to analysts’ workflows that automatically aggregate findings based on predetermined rules against common security grouping techniques and calculations (including similar entities, cumulative risk score, MITRE ATT&CK thresholds, and more). This aggregate view shows analysts a comprehensive view of all related high-fidelity findings in one click – further simplifying the analyst experience to take action and respond to sophisticated threats.
Security analysts struggle with discerning high-priority threats amidst the noise. An estimated average of 41%2 of alerts are ignored and analysts simply don’t have the time required to add actionable context for every investigation. Further, the management of an organization's collection of detections requires detection engineers to spend too much manual work to maintain and track any updates or changes within the detections.
To address this, in Splunk Enterprise Security 8.0 we’re introducing enhanced detections so that organizations can find and remediate threats, faster. We’re further helping analysts understand and implement a risk-based alerting detection strategy with turnkey capabilities to build high-confidence aggregated alerts for investigations. Enhanced detection empowers analysts to comprehend and employ a risk-based alerting strategy, offering the flexibility to create high-confidence aggregated alerts for thorough investigations. With advanced threat detection, analysts save time by focusing on critical incidents. We’re also adding native, automatic detection versioning within Splunk Enterprise Security of ESCU and customer-owned detections.
Oftentimes analysts have to work through the misalignment in terminology between different components of the security ecosystem - especially when working across products and dealing with data silos makes it even more difficult to do their job.
In Splunk Enterprise Security 8.0, we simplified terminology across TDIR workflows, bringing analysts a seamless experience. The new taxonomy aligns to Open Cybersecurity Schema Framework (OCSF), making it easy for your security team to understand exactly what they are working on within Splunk Enterprise Security. As a founding member of OCSF, Splunk supports driving an industry standard to help customers simplify and accelerate the ingestion and analysis of security data. By aligning to OCSF in Splunk Enterprise Security, we are breaking down the data silos that impede security teams to detect, investigate and respond to threats faster, and more effectively.
Splunk Enterprise Security 8.0 general availability coming soon to both cloud and on-prem.
We’re listening! If you have ideas and requests, please submit them to Splunk Ideas. To learn more about Splunk Enterprise Security, visit our website.
Follow all the conversations coming out of #splunkconf24!
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.