Splunk Introduces the Future of Security Intelligence

  Splunk Introduces the Future of Security Intelligence

  New Splunk App for Enterprise Security Highlights Statistical Analysis for
                               Threat Detection

Business Wire

SAN FRANCISCO -- April 30, 2013

Splunk Inc. (NASDAQ: SPLK), the leading software platform for real-time
operational intelligence, today announced the general availability of version
2.4 of the Splunk App for Enterprise Security. Splunk® Enterprise and the
Splunk App for Enterprise Security are a security intelligence platform that
helps organizations discover unknown threats in real time with out-of-the-box
content, including new searches, dashboards and visualizations that enable
rich statistical analysis of machine data. Learn more about the Splunk App for
Enterprise Security today.

“Statistical analysis is the new weapon of the security warrior defending
against threats that bypass traditional security detection systems. This is
one of the reasons why more than 1,500 organizations around the world rely on
Splunk for security,” said Mark Seward, senior director of security and
compliance, Splunk. “Companies now understand that hidden in the terabytes of
user-generated machine data are abnormal patterns of activity that represent
the presence of malware or the behavior of malicious insiders. The new Splunk
App for Enterprise Security enables statistical analysis of HTTP traffic to
help security professionals determine a baseline for what’s normal, quickly
detect outliers and use those events as starting points for security analysis
and investigation.”

“The future of securing the enterprise relies upon using all available data,
not just predetermined bits and pieces of traditional security data.
Statistical analysis expands the value of that data. It can help uncover
meaningful insight that often goes unrecognized in a mass of raw information.
The new Splunk App for Enterprise Security is breaking new ground in security
data analytics by applying statistical techniques to data that is often beyond
the reach of legacy tools,” said Scott Crawford, managing research director,
security and risk management, Enterprise Management Associates. “Today’s
attackers are more determined than ever, and organizations need a flexible,
fast and scalable data platform to be able to respond. The new dashboards in
the Splunk App for Enterprise Security help security professionals make this
data more actionable.”

Fieldglass is a market leader in Vendor Management System (VMS) technology.
Fieldglass’ Software-as-a-Service platform helps nearly 200 companies better
procure and manage their global non-employee workforces. The company replaced
a legacy Security Information and Event Management (SIEM) tool with Splunk
Enterprise and the Splunk App for Enterprise Security two years ago.
Fieldglass uses Splunk software for data forensics and analysis, security
reporting and SIEM functionality.

"Finding advanced threats is hard. What Splunk has done with the Enterprise
Security 2.4 release is make it easier to find and visualize unusual
characteristics of data using statistics," said Jim Krev,Sr. Security
Manager, Fieldglass Inc. "This can help to detect a malicious payload left on
a host and its outbound communication. The visualizations also make it easier
for me to assure management that our AV software is working sufficiently and
we have had no payload problems."

The common purpose of advanced threat malware is to communicate to external
locations its health, facilitate command and control, and collect and send
valuable data to the attacker. Essentially, attackers are turning employees
into ‘data mules’ for advanced threat actors. Often, the attacker will then
use web-based protocols for communication in the hopes of hiding their traffic
in terabytes of web logs. Traditional security approaches help find known
threats, and statistical analysis is used to separate ordinary user activity
from the anomalies that result from unknown threats. The Splunk App for
Enterprise Security includes searches, dashboards and visualizations for
Advanced Threat Detection that help to reveal what activity is abnormal and
detect attack patterns. This statistical analysis reveals attacks and threats
including:

  *Command and control (CNC) instructions embedded in URLs. The Splunk App
    for Enterprise Security automates the process to watch for outliers in the
    data.
  *Hosts communicating with new malicious websites. Hosts that are talking to
    domains registered in the past 24-48 hours indicate a likely CNC site.
    Splunk users can correlate domain registrations and proxy data to monitor
    this in real time and historically.
  *Significant increases in unknown communications. Monitoring proxy data for
    specific users with the Splunk App for Enterprise Security enables
    organizations to watch for spikes of unknown communications as an overall
    trend and by specific users.
  *Unusual user agent strings in use. User agents automate the collection of
    data such as email, but during attacks user agents strings can also
    facilitate automated victim attacker communications. Splunk customers can
    monitor and be alerted about user agent anomalies in real time.
  *Abnormal amounts of source/destination traffic. Track average amounts of
    traffic are tracked between source/destination pairs and calculated over
    user specified time frames. Statistical outliers are visualized in a
    scatter plot and can be used to start an investigation.

Splunk customers who have purchased the Splunk App for Enterprise Security can
download version 2.4 of the Splunk App for Enterprise Security on Splunkbase,
Splunk’s community website. New users can contact Splunk sales.

Register now for .conf2013, the 4^th Annual Splunk Worldwide Users’
Conference, featuring more than 100 sessions by Splunk customers, partners,
experts and employees. .conf2013 is being held September 30-October 3 at The
Cosmopolitan in Las Vegas.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) provides the engine for machine data™. Splunk®
software collects, indexes and harnesses the machine-generated big data coming
from the websites, applications, servers, networks and mobile devices that
power business. Splunk software enables organizations to monitor, search,
analyze, visualize and act on massive streams of real-time and historical
machine data. More than 5,200 enterprises, universities, government agencies
and service providers in over 90 countries use Splunk Enterprise to gain
Operational Intelligence that deepens business and customer understanding,
improves service and uptime, reduces cost and mitigates cybersecurity risk.
Splunk Storm®, a cloud-based subscription service, is used by organizations
developing applications in the cloud.

To learn more, please visit www.splunk.com/company.

Splunk, Splunk Storm and the engine for machine data are registered trademarks
or trademarks of Splunk Inc., and/or its subsidiaries and/or affiliates in the
United States and/or other jurisdictions. All other brand names, product names
or trademarks belong to their respective holders. © 2013 Splunk Inc. All
rights reserved.

Photos/Multimedia Gallery Available:
http://www.businesswire.com/multimedia/home/20130430005078/en/

Multimedia
Available:http://www.businesswire.com/cgi-bin/mmg.cgi?eid=50619875&lang=en

Contact:

Splunk Inc.
Tom Stilwell, 415-852-5561
tstilwell@splunk.com
Ken Tinsley, 415-848-8476 (Investor)
ktinsley@splunk.com
 
Press spacebar to pause and continue. Press esc to stop.