At .conf24 we unveiled the private preview of Splunk Enterprise Security 8.0, and the buzz was undeniable.
Today, we are thrilled to announce that Splunk Enterprise Security 8.0 is now generally available! This isn’t just another release—it’s a massive leap forward that redefines and revolutionizes security operations.
Splunk Enterprise Security 8.0 is the cornerstone of the SOC of the Future. With groundbreaking advancements featuring a seamless investigation and case management solution that includes integrated automation with Splunk SOAR1, Splunk Enterprise Security 8.0 delivers the most seamless analyst experience across the threat detection, investigation, and response (TDIR) workflow.
Splunk Enterprise Security 8.0 revolutionizes the SOC workflow experience from the ground up. Now security analysts can seamlessly detect what matters, investigate holistically, and respond to threats —faster and more efficiently than ever before. The SIEM of the future is here: unified TDIR with automated workflows, modern aggregation and triage capabilities, enhanced detections and simplified terminology.
For far too long, SOC teams have struggled with disjointed tools and processes. With Splunk Enterprise Security 8.0, those days are over. Here’s how we’re revolutionizing the SOC workflow experience and boosting analyst productivity:
Say goodbye to spending extra time pivoting between tools. Imagine doing everything from one modern, unified interface. Now with the direct integration of Splunk SOAR playbooks and actions with the case management and investigation features of Splunk Enterprise Security and Mission Control, analysts can handle everything from detection, investigation and response without switching context. This significantly boosts operational efficiency by providing a unified solution for data aggregation, analysis, and automation—without leaving Splunk Enterprise Security.
Now, with Finding Groups, you can view all related high-fidelity findings in one click. Finding Groups automatically aggregates findings based on predetermined rules against common security grouping techniques and calculations. This further simplifies the SOC analyst experience to take action and respond to sophisticated threats. But we didn’t stop there. Now, with native Splunk SOAR integration, analysts can leverage Automation Rules to assign playbooks to specific detections, enabling those playbooks to run automatically whenever designated findings are triggered in Splunk Enterprise Security. Unifying these capabilities enables the SOC to accelerate their automation journey—all through a single view.
New, enhanced detections provide turnkey capabilities to build high-confidence aggregated alerts for investigations. We also added native, automatic detection versioning within Enterprise Security Content Updates (ESCU) and customer-owned detections.
With simplified terminology across TDIR workflows, Splunk Enterprise Security now aligns with the Open Cybersecurity Schema Framework (OCSF). This ensures that every SOC analyst speaks the same language within the TDIR workflow, creating a truly seamless experience.
The industry recognition keeps rolling in. This year, we celebrated being recognized as a Leader ten times in a row in the 2024 Gartner® Magic Quadrant™ for SIEM. But that’s not all, Splunk was ranked first in every Use Case in the 2024 Gartner® Critical Capabilities for Security Information and Event Management.
And if that’s not enough to get excited about—Splunk has been ranked #1 for the fourth consecutive year in the IDC Worldwide Security Information and Event Management Market Shares, 2023: The Leaders in SIEM City (doc # US52525024, September 2024) report.
Splunk has also been named a Leader in the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment (doc #US49029922, September 2024).
Splunk Enterprise Security 8.0 is available now for cloud customers. Please reach out to your account representative for more information. On-premises environments to follow in the coming weeks.
On November 7, join us for a discussion featuring Forrester’s Allie Mellen on trends in today’s SIEM market. You'll also learn more about how Splunk is revolutionizing the analyst experience with Splunk® Enterprise Security 8.0 through native integration with Splunk SOAR. Register here!
We’re always listening! Have ideas and requests? Share them with us through Splunk Ideas.
We’re building the SOC of the Future together. To learn more about Splunk Enterprise Security, visit our website. Happy Splunking!
1*Splunk SOAR subscription required
2 *In preview with Splunk Enterprise Security 8.0
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.