Splunk Accelerates Detection, Response with Automation-driven, Cloud-delivered Solutions

Splunk Inc., a data platform leader, announced a series of product innovations designed to help organizations embrace digital transformation by providing the security visibility needed to accelerate time to detection, investigation and response.

Led by enhancements to Splunk Security Cloud and Splunk SOAR, Splunk provides organizations a comprehensive Security Operations Center (SOC) platform with intelligence, analytics and automation.

Enterprise security leaders are in the midst of massive digital transformation, which was further accelerated over the last year due to the scale of remote work and cloud computing adoption. At the same time, organizations are confronted with a continuously evolving threat landscape.

Many security products are not designed to integrate with one another, so maintaining end-to-end visibility across on-premise, hybrid and cloud environments can be too complex for security teams to handle. This can lead to blind spots that attackers can exploit.

As a result, SOC’s may struggle to quickly detect, investigate and respond to cyberattacks. To address these challenges, Splunk provides an extensive cloud delivered SOC platform, which is fueled by analytics and driven by automation.

With Splunk, organizations can conquer complexity and defend against threats all the while securely enabling innovation.

In the face of an expanding array of security tools, technology partnerships continue to be integral to delivering positive security outcomes for organizations. Splunk strengthens customer success through more than 2,400 partner integrations.

As cloud migration continues, security teams must focus on reducing their time to detect threats to keep their organizations running securely and compliant. With Splunk Security Cloud, coming soon, customers will have access to rich visualizations that allow senior leaders to see key metrics and insights into the overall health of their organization’s security program.

Additionally, Risk-Based Alerting (RBA) enhances threat detection abilities, reduces alert volume, and improves alert prioritization to help drive better outcomes in the SOC.

In August, Splunk SOAR launched an updated visual playbook editor. This feature made it easier to create, edit, implement and scale automated playbooks to help businesses eliminate manual security tasks, and respond to security incidents at machine speed.

Today, Splunk is releasing Splunk SOAR App Editor, which provides a new way to edit, test and create SOAR apps. This provides easy integration and automation between Splunk SOAR and commonly used third-party tools.

Furthermore, there are more than 350 Splunk SOAR apps available on Splunkbase, Splunk’s ecosystem of partner and community-built technical integrations, which provides customers with a one-stop shop to extend the power of SOAR.

Following the acquisition of TruSTAR earlier this year, Splunk expanded its intelligence marketplace sources. Today, it announced that TruSTAR is now Splunk Intelligence Management, which enables customers to operationalize all sources of security intelligence across their ecosystem of teams, tools and partners, and directly delivers insights into Splunk Enterprise Security and Splunk SOAR.

In addition, Splunk has launched SURGe, an elite team of cybersecurity experts that will provide technical guidance during high-profile, time-sensitive cyberattacks.

This team is dedicated to researching, responding, and educating on the threats that impact the world. As a trusted advisor, SURGe offers support to security teams with response guides and in-depth analyses in the form of research papers and webinars. Organizations can rely on SURGe to provide appropriate context and timely recommendations so they can navigate global security incidents with confidence and intelligence.

Today, SURGe published its inaugural SURGe research paper, which explores several methodologies for identifying potential abnormal SSL/TLS communications specifically around supply chain compromise using multiple Splunk commands and queries and open source data sources.

For more information on .conf21 announcements, visit the Splunk .conf21 website.