Splunk Upgrades Security, Behavior Analytics Tools
Analytics, cloud and other IT vendors are using a major cyber security conference this week to roll out new enterprise security products and enhancements.
Among them is “operational intelligence” vendor Splunk Inc., which unveiled new versions of its security and user behavior analytics packages during the RSA security conference in San Francisco. The new capabilities are said to combine the best features of machine learning and anomaly detection to sift through and prioritized data breaches and other threats.
The user behavior analytics platform, version 2.2, along with the 4.1 version of Splunk’s enterprise security package is designed to detect “anomalous behavior” and malicious activities across an organization. That capability is in line with the growing shift toward detecting and tracking cyber threats as they unfold.
The upgrades to the analytics-driven security tools are designed to improve the enterprise security platform’s ability to “ingest” behavioral anomalies detected by its user analytics tool, according to Haiyan Song, Splunk’s senior vice president of security markets. The combined tools help automate standard security information and event management (SIEM) tasks to help spot and counter potential insider threats.
San Francisco-based Splunk (NASDAQ: SPLK) is among a growing list of SIEM vendors expanding their product lines as cloud-based data becomes more vulnerable to cyber attacks from within. IBM ((NYSE: IBM), which integrated its SIEM platform with market leader Resilient Systems last year, announced this week it is acquiring the “incident response” specialist.
Many emerging SIEM platforms are designed to automated security processes and policies used to respond to everything from an insider attack to a lost mobile device. Splunk is attempting to differentiate itself in a crowded field by sharing threats detected by its behavioral analytics technology with its updated security platform so they can be correlated into enterprise workflows.
Splunk touts the latest version of its user behavior analytics platform as leveraging machine learning capabilities to improve insider threat defenses and speed up response times. The company positions its SIEM platform as an adjunct to other alerts, threat intelligence along with data feeds and analysis from across organizations.
The company was ranked among the SIEM market leaders in a survey released last fall by Gartner. It finished second behind market leader LogRythm in terms of compliance and threat management use cases and third behind LogRythm and IBM Security’s QRadar platform for overall SIEM use cases.
The market researcher’s annual SIEM rankings noted that Splunk Enterprise is “is widely deployed by IT operations organizations and application support teams for log management and analytics for availability-oriented use cases….” It also noted the release of Splunk “enhancements to visualizations for security metrics, threat analytics and predictive analytics.”
Splunk said both it user analytics and enterprise security releases would be generally available in April. The latest version of Splunk Enterprise Security requires Splunk Enterprise 6.3 or Splunk Cloud.