Splunk

MORE INFORMATION:

https://www.splunk.com/

Description of technology

SIEM

Splunk Enterprise Security - is an analytics-driven SIEM solution that gives organizations the ability to quickly and effectively detect and respond to both internal and external threats. It is built as an Application on top of Splunk Enterprise data analytics platform and utilizes best of breed of machine data ingested from multicloud and on-premise solutions. With variety of integrations and addons it allows to quickly interpret, search and visualize information generated from different software and hardware products. Splunk’s SIEM helps to investigate and correlate activities across IT infrastructure in one unified view to quickly identify potential security incidents of all types. Splunk ES from years is recognized as a leading SIEM vendor due to it’s effectiveness, detection rates and ability to fit and scale to any environment.

SOAR/SOC

Splunk Phantom - is a fully featured Security Orchestration Automation and Response solution. It combines security infrastructure orchestration, playbook automation and case management capabilities to streamline IT teams. Phantom completes Splunk’s platform for any Security Operation Center by offering automatic reactions on security incidents and much more. Phantom’s flexible app model supports hundreds of tools and thousands of unique APIs, enabling connection and coordination of complex workflows across big variety of solutions. It enables teams to work smarter by executing a sequence of action from gathering forensic data, through detonating files in Sandbox to quarantining a device or blocking user, everything successfuly and automaticaly done in seconds instead of hours or days. As an open platform, Phantom allows security teams also to create own actions with it’s visual editor or by integrated Python development environment.

UEBA

Splunk User Behavior Analytics - is a dedicated software solution that discovers abnormal activities and unknown threats that traditional security solutions can miss. By using machine learning technology Splunk UBA profiles all monitored entities and introduces scoring based on calculated risk. By performing data and anomaly stitching it creates a single threat allowing easier and faster actions. In conjunction with Splunk Enterprise Security (SIEM platform) it builts a complete solution that offers maximum value to detect and resolve incidents utilizing the potential of machine-driven analytics.

Helpful files