Splunk Showcases Security Intelligence Solutions at Black Hat USA 2013

  Splunk Showcases Security Intelligence Solutions at Black Hat USA 2013

Black Hat USA 2013

Business Wire

SAN FRANCISCO -- July 29, 2013

Splunk Inc. (NASDAQ: SPLK), the leading software platform for real-time
operational intelligence, today announced more than 20 security-related
demonstrations of Splunk® software will be on display at Black Hat USA 2013,
some of which are being publicly shown for the first time. The applications
have a wide range of use cases including investigating incidents, detecting
advanced threats and improving security and compliance posture. Black Hat USA
will take place July 27-August 1 at Caesars Palace in Las Vegas. Splunk
security experts will run live product demonstrations at the expo on July 31
and August 1 starting at 10 a.m. PDT daily.

“The nature of security threats is changing. Cyberattacks are often in stealth
mode and more difficult to detect and investigate with traditional security
tools,” said Tim Mather, chief information security officer and vice president
of security and compliance markets, Splunk. “Splunk software enables security
professionals to efficiently detect and investigate security threats by
allowing security teams to index and search through massive amounts of data.
All data is now security-relevant, including security and non-security sources
as well as threat intelligence feeds. Splunk is proud to showcase the latest
software solutions relevant to the security threats organizations face today
at one of the premier security events in the world.”

Splunk collaborates with a wide range of leading security vendors to make
available more than 70 Splunk apps related to security on our community
website Splunkbase. The Splunk software being publicly showcased at Black Hat
USA 2013 in booth #320 include:

Splunk App for Enterprise Security — This app provides out-of-the-box security
content that delivers a next-generation, SIEM-like security intelligence
platform that helps organizations detect known and unknown threats, perform
incident investigations and report on high-level security risk. Among the many
pre-built searches, reports and dashboards are visualizations that enable
statistical analysis of machine data. Version 2.4 makes it easier to locate
outliers and anomalies that might be advanced threats.

NetFlow for Splunk powered by NetFlow Integrator  — This app allows
organizations to index NetFlow data in Splunk Enterprise for security or
network monitoring use cases. It does this by leveraging the app and NetFlow
Logic’s NetFlow Integrator to convert binary NetFlow into a human-readable,
syslog format that is then indexed in Splunk software. The app also contains
pre-built reports and dashboards to more easily visualize network flows that
may be security threats. New in version 3.1 is enhanced support for NetFlow V9
and new visualizations.

Splunk Integration with the Norse IPViking feed  — Norse uses a global network
of sensors to identify risky or malicious IP addresses, uncover more
information around these IP addresses and assign them a risk score. Norse then
makes this information available through their live IPViking threat
intelligence feed. The proof-of-concept integration being shown enables Splunk
users to automatically or manually apply the IPViking threat intelligence feed
to data in Splunk in order to identify high-risk network and endpoint activity
associated with malicious IPs or to add more contextual information to an IP
address to facilitate a security investigation. High-risk activity that could
be identified or blocked includes external IPs attempting DDoS attacks or
acting as CnC servers.

Splunk App for Palo Alto Networks —  The Splunk App for Palo Alto Networks
ingests the context-rich machine data from Palo Alto Networks next-generation
firewalls to enable organizations to analyze risk, improve security posture
and compliance and address a number of additional operational and regulatory
concerns. The app contains pre-built searches, reports and dashboards to
visualize a wide range of Palo Alto Networks data including application and
user, intrusion prevention system (IPS), antivirus and content filtering
events. New in version 3.3 are visualizations that show events from Wildfire,
Palo Alto Networks’ technology for detecting advanced persistent threats

For the latest Splunk security solutions, please visit the security section of
the Splunk website. For more information about Black Hat USA 2013, please go
to http://www.blackhat.com/us-13/.

Register now for .conf2013, the 4^th Annual Splunk Worldwide Users’
Conference, featuring more than 100 sessions by Splunk customers, partners,
experts and employees. .conf2013 is being held September 30-October 3 at The
Cosmopolitan in Las Vegas.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) provides the engine for machine data™. Splunk®
software collects, indexes and harnesses the machine-generated big data coming
from the websites, applications, servers, networks, sensors and mobile devices
that power business. Splunk software enables organizations to monitor, search,
analyze, visualize and act on massive streams of real-time and historical
machine data. 5,600 enterprises, universities, government agencies and service
providers in over 90 countries use Splunk Enterprise to gain Operational
Intelligence that deepens business and customer understanding, improves
service and uptime, reduces cost and mitigates cybersecurity risk. Splunk
Storm®, a cloud-based subscription service, is used by organizations
developing and running applications in the cloud.

To learn more, please visit www.splunk.com/company.

Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for
Machine Data are trademarks and registered trademarks of Splunk Inc. in the
United States and other countries. All other brand names, product names, or
trademarks belong to their respective owners. © 2013 Splunk Inc. All rights


Splunk Inc.
Tom Stilwell, 415-852-5561
Ken Tinsley, 415-848-8476 (Investors)