The acquisition is aimed at extending Splunk’s security analytics leadership by adding behavioural analytics to improve detection of insider threats and advanced threats.
Under the terms of the agreement, Splunk has acquired all of the outstanding stock of Caspida for an aggregate purchase price of approximately $190m.
According to Splunk, the combination of its technology with Caspida’s will unify breach response with breach detection.
Recent high-profile breaches show virtually all attacks happen with compromised credentials, and Splunk believes automated detection using machine learning is the future for detecting known and unknown threats from insider and external attackers.
The company said Splunk’s customers now have out-of-the-box user behavioural analytics to help detect, respond to and mitigate these threats.
“Splunk built its reputation in security by enabling customers to more effectively respond to breaches, and with this acquisition, our customers can now also better detect advanced threats – the breaches that are becoming more complex and severe with each passing day,” said Splunk senior vice-president of security markets Haiyan Song.
“With Caspida, Splunk accelerates its focus on solving advanced threats – both external and from insiders – by shining a light on those who are wrongfully using valid credentials to freely and unpredictably exploit systems they have accessed,” he said.
Caspida’s technology uses data science and machine-learning algorithms to detect advanced threats and malicious insiders to present the most meaningful set of threats for analysts and incident responders.
Read more about behavioural analytics
- Balabit's Blindspotter real-time user behaviour analytics monitoring tool for identifying malicious activity throughout IT systems has been released to market
- Behavioural analysis could have prevented Salesforce.com employee inadvertently handing over access to customer database
- There is a growing trend in the industry towards merging big data and security
- Many logs are generated and then ignored, as resources to review and analyse them in a timely and useful manner are lacking
“We founded Caspida with a vision of applying data science to help solve the most pressing cyber security challenges – advanced threats and insider threats,” said Caspida CEO Muddu Sudhakar.
“By analysing machine data and using data science to detect meaningful anomalous behavior of users, devices and entities, Caspida has solved a problem that previously required significant manpower and expensive, do-it-yourself toolsets,” he said.
According to Sudhakar, the combination of the two companies’ technologies will provide the ability to detect advanced, hidden and insider threats; improve threat detection with targeted incident response; and increase efficiency of security operations centres.
Splunk chief financial officer Dave Conte said the technology will be integrated in the coming months and the company expects to contribute to top line revenues in 2016.
The announcement comes just a day after European security firm Balabit announced the general availability of its Blindspotter behaviour analytics monitoring tool that was unveiled in October 2014.