Splunk Inc. is enhancing its security analytics portfolio by combining machine learning, anomaly detection, context-enhanced correlation, and rapid investigation capabilities in new versions of Splunk User Behavior Analytics (UBA) and Splunk Enterprise Security(ES).
“We help companies improve the way they detect insider threats and cyberattacks using data science and that’s with Splunk UBA,” said Robert Ma, Splunk’s senior director of security markets. “We’ve also enhanced our Enterprise Security premium solution to improve how companies can investigate advanced threats and this is about helping them get better context and threat intelligence.”
Splunk UBA 2.2 introduces data science and machine learning features that upgrade insider threat defense, cyberattack detection, and rapid incident investigations. By providing Splunk UBA multi-entity behavior-based anomaly and threat information into Splunk ES, organizations can leverage the power of both products to better detect and respond to threats, according to Splunk.
“We now have combined the power and promise of data science and machine learning from big data in terms of running machine learning algorithms to detect threats and brought it into Splunk Enterprise Security solution so they can be incorporated into security operations centers and typical security workflow and processes,” Ma said.
The update allows organizations to leverage Splunk UBA machine learning throughout the security information and event management (SIEM) workflow. It also adds anomaly-based correlation capabilities to Splunk ES based on the results of Splunk UBA machine learning and statistical modeling, and enhances insider threat and cyberattack detection using Splunk UBA. The solution also defines how threats are triggered from detected anomalies using the new Threat Detection Framework, and increases data access and physical data loss coverage. “With the improvement of Splunk UBA, organizations get the benefit of better precision, coverage, and fidelity - meaning greater accuracy on what threats are detected,” Ma said.
For more information about Splunk’s updates, visit www.splunk.com.