New Splunk solutions make detecting cyber attacks easier

Get a free Techzine subscription!

Splunk has announced new innovations to its security portfolio to help security teams detect and investigate cyber-attacks more easily and quickly. The solutions have new functions such as security automation, orchestration and response (SOAR), the Use Case Library and Event Sequencing.

The company’s SIEM platform has been given several new features. This includes new event sequencing, with which correlation searches and risk modifiers are grouped in order to optimise threat detection and speed up investigations.

There is also a new Use Case Library, which allows users to use it immediately, to receive research-driven and actionable security content that is relevant to their security operations. The Library gives users an automatic way to discover new use cases, such as cloud security and ransomware. On the basis of this, it can be determined what action should be taken in the event of a threat in one’s own environment.

Phantom 4.0

With the Splunk Panthom SOAR technology, users need to “work smarter” and react faster. The technology helps SOCs set up tasks and automate complex workflows.

Splunk Phantom 4.0 gives customers access to numerous new features, such as clustering support. This helps users to scale their operations. There is also a new indicator view, which gives analysts a threat-intelligence-centered ability to conduct investigations. Finally, there is improved onboarding, allowing users to start using Phantom within a few minutes after deployment.

UBA 4.2

According to Splunk, in almost half of the security problems, rogue insiders or criminal attacks are identified as the main cause of data breaches. With Splunk UBA 4.2 this must be prevented. UBA 4.2 expands the power of Splunk ES by allowing analysts to use machine learning to find internal and external threats and abnormal user behavior.

UBA 4.2 has several new features, such as user feedback learning. That enhances the UBA anomaly model scoring to improve severity and confidence in threat detection. The performance of data ingestion has also been improved to improve data quality.

All-new is support for single-sign-on authentication, which helps SOC teams maintain compliant access controls throughout the security center.

Adaptive Operations Framework

The company also announced the launch of the Splunk Adaptive Operations Framework (AOF). AOF is an evolution of the Adaptive Response Initiative. The system has been improved with Phantom’s flexible, API-driven framework. AOF claims to be the largest community of innovative security vendors in the industry.

AOF allows organizations to use Splunk in combination with more than 240 security technologies, in order to absorb structured or unstructured data from any source. Coordinated decisions can also be taken that are supported by analytics.

ES 5.2 and UBA 4.2 will be widely available on 16 October. Phantom is now available for free download.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.