SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Splunk takes data-centric approach to security with new platform
Thu, 24th Jun 2021
FYI, this story is more than a year old

Splunk has launched its new Splunk Security Cloud, a data-centric modern security operations platform.

According to the company, the platform is designed to deliver enterprise-grade advanced security analytics, automated security operations, and integrated threat intelligence with an open ecosystem.

With Splunk Security Cloud, teams can secure and manage multi-cloud deployments while remaining agile in order to adapt to ever-evolving threats.

The solution takes a data-centric approach to security and accelerates an organisation's data-driven outcomes.

Overall, the solution includes the following capabilities:

  • Advanced Security Analytics with machine learning-powered analytics to detect and deliver key insights into multi-cloud environments.
  • Automated Security Operations to drive faster time to detection, investigation and response; alerts that used to take 30 minutes, now can take as 30 seconds, Splunk states.
  • Threat Intelligence that automatically collects, prioritises and integrates all sources of intelligence driving faster detections.
  • Open Ecosystem to help correlate data across all security tools, regardless of the vendor, for increased visibility and apply prescriptive detections and guidance to detect threats faster.

Splunk vice president of product management for security, Jane Wong, says, “Splunk Security Cloud combines advanced security analytics, streamlined security operations and an open and thriving ecosystem, bringing together Splunk's and our partners' industry leading security solutions to help our customers securely embrace digital transformation and SOC modernisation."

Splunk chief product officer Sendur Sellakumar says, “At Splunk, we believe security is a data problem and data drives better decisions, providing the foundation for security analytics.

“As the volume and complexity of data grows and customers' digital environments get more complex, Splunk Security Cloud provides the best solutions to help customers solve their ever-evolving security challenges.

Splunk has been investing in developing a network of partners, currently working with more than 2,500 partners to provide significant choice for joint customers.

Additionally, the company's automation ecosystem includes more than 300 third-party integrations that support more than 2,000 operations actions to allow customers to correlate data across their disparate security tools for increased visibility and apply prescriptive detections and guidance to detect threats faster.

Amazon Web Services (AWS) and BlueVoyant are two companies Splunk is working with.

Splunk has been collaborating with AWS to release new offerings that provide a more curated experience for customers that have an AWS-centric cloud adoption model.

Optimised for AWS customers, the new Splunk Security Analytics for AWS offering is a simplified security analytics solution designed for lean security teams running on AWS, the company states.

Splunk Security Analytics for AWS leverages centralised visibility of AWS environments, accelerating threat detection, investigation and response capabilities for security teams with fewer staff.

Splunk Security Analytics for AWS is scheduled to be available on AWS Marketplace on June 29, 2021.

Recently, Splunk also completed the acquisition of TruSTAR, a cloud-native security company providing a data-centric intelligence platform.

TruSTAR extends Splunk's abilities in security analytics through cloud-native threat intelligence integration and automation.

TruSTAR's intelligence platform, which works with the Splunk security portfolio today, will be integrated deeper into the Splunk Security Cloud in the coming months.

This will allow Splunk customers to develop SOC workflows with normalised threat intelligence from third-party sources, and from their own historical events and investigations, to reduce the time it takes for customers to detect and remediate issues before they impact the business.

Splunk Security Cloud and Security products are available now in the United States, and will be available in APAC and EMEA in the future.