Splunk, which is well known in the enterprise IT market for its namesake network monitoring and visibility tool, hopes to accelerate its security business today with the announcement of two new products.
Splunk is using technology from Caspida, which it acquired in July for $190 million, for its User Behavior Analytics (UBA) product. Caspida's technology applies machine learning, as well as analytics and visualization, so an enterprise can see an attacker's path through its users.
Monzy Merza, chief security evangelist at Splunk, told eSecurity Planet that UBA is more than just a rebrand of existing Caspida technology; it represents a more direct and robust integration with the Splunk Enterprise Security platform. Splunk's platform worked with Capsida prior to the company's acquisition, as well. The new integration is "tight and seamless," Merza said, making it easier for users to get alerts and analysis.
"Where UBA is really good at identifying threats over a long time horizon and consolidating them into alerts, Splunk Enterprise is very powerful in allowing analysts to do deep dive investigations and analysis," Merza said. "So now customers can use both products and go back and forth seamlessly across the two products."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Splunk Enterprise Security 4.0 is the new name for the product formerly known as the Splunk App for Enterprise Security. Among the software's new capabilities is an enhanced investigator timeline.
"As a security practitioner when we think about an incident or an investigation we're constantly trying to maintain context," Merza said. "In doing so, we have lots of threads which can cause lots of distraction and make it hard to share."
The enhanced investigator timeline gives an analyst the ability to maintain the context of events for an entire investigation.
"The way the timeline is rendered, it lays out all the events in time order in which they occurred," Merza said.
By rendering all the events in a timeline, the investigation process is streamlined and more visible to all staff on an investigation team. Some Splunk customers will likely use it as a training tool, Merza said, to show junior analysts how more experienced analysts reached a certain conclusion.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.