Content
Splunk Enterprise Security
Splunk Enterprise Security
offers continuous monitoring, threat detection and incident response in a SIEM
platform. It also runs a SOC and executive view of compliance and business
risk, enabling organizations to detect, investigate and respond to threats. It
is scalable and analyzes all security relevant data in real-time to provide
organization-wide visibility, intelligence, and analytics. Options for
deployment models include on-premises, public or private cloud and SaaS. The
solution aims to make all solutions work together in a bidirectional way with
more than 1,000 applications and add-ons.Splunk ES uses a set of
frameworks to support monitoring and alerting to enable organizations to
quickly respond to attacks, bolster security operations, gain comprehensive
visibility into their security posture across all machine data, augment
detection and investigation with advanced analytics, and make informed
decisions backed by leveraged threat intelligence, network, and endpoint data.
It supports a variety of full integrations. All dashboards can be exported into
a downloadable report through the Protocol Center.Upon logging into Splunk
Enterprise Security you are greeted with a window that asks if you would like
to take the tour, which allows you to interact in almost every main tab. The
interface itself is modern and virtually anything can be drilled down into for
more detail.The Security Posture tab shows occurrences by level of
urgency that users can click on to see all categories related to that scoring.
This essentially shows a high-level overview so analysts know what they should
investigate. This is customizable with thresholds based on your specifications.
The Incident Review tab is where most
analysts will look first with notable events and metadata around them that can be
used for correlation searches ranging from simple to very complex statistical
analyses. You can also perform actions on individual events of groups of
events. You can also pivot from here directly into the Asset Investigator.
Analytic Story Detail shows you what the search is with a description
appropriately labeled “Explain it like I’m 5” to give you a thorough
understanding of detection, implementation, investigation and the like. The
Asset Investigator and Identify Investigator have charts akin to swim lanes
comprising various categories of attack types on a timeline. Select any of
these periods in individual categories or several periods across multiple lanes
for deeply granular information. You can use the group select feature to
aggregate data into a single place.
Starting price depends
on maximum daily volume of data ingested in GB/day. Perpetual, Term, and
multi-year term license options are offered. Annual term license pricing is
$2,000 for 1GB/day, $6,000 for 10GB/day, and $20,000 for 100GB/day.Tested by Matthew HrebenProduct title
Splunk Enterprise Security
Product info
Vendor: Splunk
Price: Dependent on maximum daily ingestion.
Contact: splunk.com
Strength
Explain it like I’m 5” thoroughly breaks down the entire security response phase from detection and investigation to remediation and beyond.
Weakness
Lack of free support options beyond online documentation and community support.
Verdict
Unique Use-Case Library and search functionality allows for quick, single-pane viewing of aggregate data for investigation, manual threat hunting, and complex statistical analyses.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds