Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Use the Fusion of Analytics Tradecraft With Dynamic Content to Transform Security Operations
By
Splunk
We are pleased to announce the availability of premium content as a service for Splunk Enterprise Security (ES) to help accelerate the detection, investigation and response to security challenges.
Today, we are introducing the general availability of Splunk ES Content Update, an analytics tradecraft-based content service which provides guidance on how to detect threats, where to investigate and how to navigate the decision-making process to take better follow-on actions.
Additionally, Booz Allen Cyber4Sight for Splunk curated threat intelligence service that gives analysts greater power to detect and manage threats is now generally available.
Satellite Radio With Premium Channels
This new content service is analogous to satellite radio service, such as SiriusXM (available in the U.S.), where you buy a digital radio and subscribe to a subscription service. SiriusXM service (Splunk ES) includes several channels and you can sign up for additional premium channels (new offers) based on your listening preferences.
Over the past several years, our customers have been consolidating many security functions and using Splunk ES as their security analytics platform. These new offers augment the platform capability of Splunk ES by providing additional analytics capabilities to address a wide range of vulnerabilities, advanced threat detection and incident response challenges.
Why Now?
The threat landscape is dynamic and existing security solutions require frequent updates to keep up with the threats. Often, security analysts need to know the “how” as much as they need to know the “what” about threats and risks to their environment. Analysts and investigators lack understanding of the threat landscape and the broad skills needed to get the context needed to identify real threats.
Identifying and developing analytics to investigate and remediate threats takes time and requires deep security expertise as well analytics development knowledge. Existing security tools used for threat response require detailed experience to stitch the story together to understand the full scope of attacks.
Splunk ES Content Update
This expands the use cases that Splunk ES customers can solve by the use of Analytics Stories that address Advanced Malware and Vulnerability challenges. By using Splunk, and if you have enough time and the right skills, you can potentially develop solutions such as the new offers on your own. However, developing analytics stories such as the ones included in Splunk ES Content Update requires many years of deep domain expertise and development experience.
Splunk ES Content Update includes a library of Analytics Stories that enables overburdened analysts and investigators to expedite their response to threats. Customers with security operations at all maturity levels can use the Analytic Stories feature to work smarter.
The subscription service enables Splunk domain experts and researchers to continuously improve the effectiveness of the solution independent of periodic software updates, making it possible for customers to proactively stay current.
Available for free to all Splunk ES customers for the first year, you can download Splunk ES Content Update now. The Splunk ES Content Update will have a regular cadence of updates to help you address ongoing and time sensitive problems and threats faster.
Booz Allen Cyber4Sight for Splunk
Booz Allen Cyber4Sight for Splunk integrates threat intelligence generated by Booz Allen’s Cyber4Sight Managed Security Service directly into Splunk Enterprise Security.
Cyber4Sight® goes beyond arbitrary risk scores and provides analysts with context, connecting indicators to the threat-actor and the intent behind the threat. It provides:
- The combination of analytics-driven security of Splunk with the human-curated threat intelligence from Booz Allen
- Integrated intelligence service gives threat hunters greater power to detect and manage threats
- Intelligence monitoring and full-text reports from over 170,000 targeted sources from the open and closed internet
Cyber4Sight for Splunk can be downloaded today and is available on a subscription basis to eligible Splunk ES customers. Contact your Splunk sales representative for details.
We Look Forward to Continuing This Conversation
If you're joining us for our annual customer conference .conf2017 this week, you'll be able to attend sessions and learn more about both Splunk ES Content Update and Cyber4Sight for Splunk.
Ping me if you have any questions. Hope to hear from you!
Girish Bhat
Director, Security Product Marketing
@girishb
Follow all the conversations coming out of #splunkconf17!
----------------------------------------------------
Thanks!
Girish Bhat
Popular Articles
- 9 Best Data Analysis Tools to Work With
- Top SIEM Features & Capabilities for Modern SOCs
- Most Common AWS Vulnerabilities Today
- Vulnerability Scanning: The Complete Guide
- What is Applied Observability?
- Deployment Frequency (DF) Explained
- Load Testing Explained: Process, Top Tools & Benefits
- Cyberattack Maps Explained: The Value & Limitations of Cyber Attack Maps
- Common Event Format (CEF): An Introduction
- Chief Digital Officer Role: Responsibilities, Skills and Salary Expectations
Explore IT Topics
- Continuous Threat Exposure Management (CTEM)
- Typosquatting & How To Prevent It
- What is a Data Architect? Responsibilities, Skills & Salary Explored
- RED Monitoring: Rate, Errors, and Duration
- Continuous Compliance: Today’s Ultimate Guide
- SOC 1, 2, 3 Compliance: Understanding & Achieving SOC Compliance
- What's ITSI? IT Service Intelligence Explained
- Control Plane vs. Data Plane: What Are The Differences?
- Service Performance Monitoring Explained
- Data Center Security: Today’s Essentials
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
