Splunk Strengthens its Security and Threat Detection Platforms

Splunk, which provides operational intelligence, is making major changes to its key platforms, delivering out-of-the-box capabilities driven by machine learning and advanced analytics to help detect cyberattacks and insider threats.

The company also announced today that Splunk Enterprise and Splunk Enterprise Security are at the heart of an expanded security operations center (SOC) for Integra, which is utilizing Splunk ES to detect, prevent and respond to attacks, and to provide customers with 24/7 security analysis for the Integra network and services. 

Splunk Enterprise Security (ES) 4.0 will help organizations detect, scope, and respond to advanced attacks. “We’ve significantly improved the ability for our customers to both detect and respond to breaches,” said Robert Ma, Splunk senior director of security markets. “This is the trend the market is dealing with right now." The 4.0 release adds Investigator Journal, a new tool that keeps track of ad hoc searches and activities to streamline analysis of multi-stage attacks associated with breach detection and response.  “Customers can more quickly analyze information then determine how they can put it into a timeline, meaning they see the cause and effect over time,” Ma said. “As they bring things into the timeline they can better collaborate between technology or security groups.”

Additionally, the update includes Investigator Timeline which allows individual analysts to place any event, activity or annotation within a visual timeline to better understand and communicate the cause and effect of events and the details of advanced multi-stage attacks.

The new Enterprise Security Framework allows customers, vendors, and third parties to create, access, and extend ES functionality with their own apps that can run within ES and utilize features such as the alert management, risk scoring, threat intelligence, and identity and asset frameworks.

Along with Splunk ES’s advancements, Splunk is rebranding a tool that was acquired from Caspida in August. The new solution is called User Behavior Analytics and it adds a new layer of defense by using unsupervised machine learning, multi-entity behavior baselines, peer group analytics and advanced correlations to improve detection of cyber-attacks and insider threats. “It represents the next generation of advanced threat and insider threat detection by using behavioral analytics,” Ma said. “What it’s going to be able to do is to help users and corporations do a better job at detecting what was previously undetected and these are malicious external and insider threats.”

In addition, Splunk App for PCI Compliance 3.0 is designed to help organizations verify their PCI compliance posture by reviewing and measuring the effectiveness and status of their technical controls.  New features include reports and searches covering the PCI DSS 3.1 standard, updated user interface and additional technology add-ons, and being built on the Enterprise Security Framework to take advantage of the alert management, risk scoring, threat intelligence, and identity and asset frameworks.

“Splunk software is playing a central role in helping Integra’s SOC and our suite of services set the highest standards for protection against threats, thanks to Splunk software’s ability to perform real-time and historical analysis for massive volumes of data. That helps enable Integra to ensure an exceptional level of threat neutralization and incident response rate," said  Steve Fisher, vice president of network planning and security, Integra. Integra’s IT team also uses Splunk Enterprise to minimize downtime and deliver business value in IT and network operations. Teams monitor, analyze and visualize data from nearly all critical IT systems. 

For more information about Splunk’s updates, visit