Wherever machine data appears that has high value signal, you can be sure that Splunk will show up, understand the use case, and create products. That’s exactly what the company has done with cybersecurity, in this case offering a product that blends machine learning (ML) and human intelligence to create a new kind of security application.
In continuing with my recent focus on how companies create the right cybersecurity portfolio for their business, in this article I examine Splunk, and what the company can offer businesses looking to bolster their security. I’ve argued that a cybersecurity portfolio is akin to an investment portfolio – you need a diversification of assets and a strategy that changes over time.
For this article, I spoke with Haiyan Song, Senior Vice President of Security Markets at Splunk. As I have done in other articles in this series, I wanted to get a sense from Song about where Splunk’s offerings fit into both the National Institute for Standards and Technology (NIST) framework for cybersecurity, as well as the five key steps I’ve identified all companies need to undertake during the portfolio creation process. Those steps are: 1) Determine Needs; 2) Allocate Spending According to Risk; 3) Design Your Portfolio; 4) Choose the Right Products; and 5) Rebalance as Needed. Those steps are important because companies have limited money, time, and talent to devote to cybersecurity, so their allocation of those resources must be strategic and targeted to their individual needs.
Song is one of the many tech security leaders I’ve interviewed for this series, and hearing how Splunk fits into the portfolio picture gives another example of the type of products available on the market. I’ve worked on and off with Splunk for many years creating various sorts of content about Operational Intelligence and other concepts.
What does Splunk provide?
Splunk is geared toward providing customers with greater visibility into their data and networks. As I wrote about in my profile of Gigamon, this type of transparency is radically important to address the categories of detection, identification, and prevention that are three of the pillars of the NIST framework.
Interestingly, the Splunk platform wasn’t designed explicitly for security at first. It was focused on processing log files and eventually machine data in the largest sense. Splunk’s ability to store, process, index, and search machine data at scale has led to domain-specific products for various high value use cases. That’s what Splunk has built for security through two products: Splunk Enterprise Security and Splunk User Behavior Analytics . The data Splunk can make sense of on company networks and the way it leverages the efficacy of security products already in use allow companies to better detect and respond to threats in near real-time. Splunk is aimed at changing how companies perform Security Event Information Management (SEIM).
“We’re transforming how SEIM should be done. We do this through providing analytics – not just rules – which helps analysts within the SOC visualize and detect threats,” Song told me. “The Splunk portfolio was started to do operational intelligence.”
Source: SANS ISC SecNewsFeed @ May 5, 2017 at 05:42AM