Splunk has built new functions into its Security Operations Suite to modernize and unify its Security Operations Center (SOC) product.
Anchored by the newly launched Splunk Mission Control, the Splunk Security Operations Suite is designed to help security analysts to turn ‘data into doing’ (as the marketing spin puts it) in real world operational systems.
The cloud-based Splunk Mission Control connects Splunk SIEM (Splunk Enterprise Security), SOAR (Splunk Phantom) and UEBA (Splunk UBA) products into a single data-developer data-analyst experience.
Combined, these products form the Splunk Security Operations Suite.
“With Splunk Mission Control, customers gain a new, unified SOC experience that supports investigation and search across multiple on-premise and cloud-based Splunk Enterprise and Splunk Enterprise Security instances, ChatOps collaboration, case management and automated response, all from a common work surface,” said Haiyan Song, senior vice president and general manager of security markets, Splunk.
Machine speed response
The company points out one core truth and says that as the volume of security-relevant data continues to grow, so will the importance of technologies that can automate and respond to that data in real-time.
So… the mission is: detection, defence and action on threats at machine speed.
New product announcements include Splunk Enterprise Security (ES) 6.0 as the latest version of Splunk’s flagship security offering. Splunk ES is a security information and event management (SIEM) platform that now benefits from improved asset and identity framework enhancements.
Splunk User Behavior Analytics (UBA) 5.0 is described as a product that enables security teams to build advanced, customized Machine Learning (ML) models for baselining and tracking deviations, based on their security environment and use cases.
Splunk Phantom 4.6 is the company’s security orchestration, automation and response (SOAR) product and it now come to the mobile phone.
“Phantom on Splunk Mobile allows customers to automate repetitive, manual tasks from the palm of their hand, enabling analysts to focus on mission-critical security threats that fuel security operations. Splunk Phantom 4.6 also introduces new open source integration apps, giving developers easy access to Phantom’s source code to extend SOAR to the unique needs of every individual SOC,” said the company, in a press statement.
Splunk has also announced several new security apps and updates to Splunk ES Content Update, which delivers pre-packaged Security Content to Splunk ES customers. Updates include Splunk Analytics Story Preview, a new Splunkbase app; Cloud Infrastructure Security, new security content which analyses cloud infrastructure environments; and new open source content, including over 30 new open sourced apps for Splunk Phantom.