Years ago the network perimeter was the boundary between your organisation’s infrastructure and the rest of the world. In a modern cloud-first world the perimeter shifts to be the Internet itself. With hybrid multi-cloud being the most common enterprise model today, its clear attack surfaces have increased.
Splunk is well-known for its ability to rapidly ingest data from any kind of structured or unstructured data source and to then bring to the surface insights from this aggregated data. The company says the only way to protect attacks on multiple fronts is by adapting to data-driven security practices that detect and deliver key insights across workload migrations and a multi-cloud environment.
The new Splunk Security Cloud takes such a data-centric approach to provide modern security operations for the cloud and is the only cloud-based security operations platform that combines advanced security analytics, automation, investigations, threat intelligence, and response capabilities.
“At Splunk, we believe security is a data problem and data drives better decisions, providing the foundation for security analytics,” said Sendur Sellakumar, Chief Product Officer, Splunk. “As the volume and complexity of data grow and customers’ digital environments get more complex, Splunk Security Cloud provides the best solutions to help customers solve their ever-evolving security challenges.”
Key features include:
- Advanced Security Analytics includes machine learning-powered analytics to detect and deliver key insights into multi-cloud environments.
- Automated Security Operations drives faster time to detection, investigation and response. Alerts that used to take 30 minutes can now take as little as 30 seconds.
- Threat Intelligence that automatically collects, prioritises and integrates all sources of intelligence driving faster detections.
- Open Ecosystem helps correlate data across all security tools, regardless of the vendor, for increased visibility and apply prescriptive detections and guidance to detect threats faster.
“Splunk Security Cloud combines advanced security analytics, streamlined security operations and an open and thriving ecosystem, bringing together Splunk’s and our partners’ industry-leading security solutions to help our customers securely embrace digital transformation and SOC modernisation,” said Jane Wong, Vice President, Product Management, Security at Splunk.
“Security is a team sport, and no single product or service can solve all customers’ security needs,'' continued Sellakumar. “Enterprises we talk to have anywhere from 25 to 50 tools in their environment, including multiple control points, increasing operational costs and complexity for the Security Operations Centers.”
Consequently, Splunk has continued to develop its wide partner network, with over 2,500 partners and over 300 third-party integrations supporting over 2,000 operations actions.
Splunk Security Cloud is available now in the United States and will be available in the Asia Pacific region, as well as Europe, the Middle East and Asia, in the future.
Splunk also announced Splunk Security Analytics for AWS, offering a simplified security analytics solution designed for lean security teams running on AWS. This product will be available on the AWS Marketplace on June 29, 2021.
Additionally, Splunk has completed the acquisition of TruSTAR, a cloud-native security company providing a data-centric intelligence platform. TruSTAR’s intelligence platform works with the Splunk security portfolio already but will be integrated deeper into the Splunk Security Cloud in the coming months. Customers will benefit from enriched security operations centre (SOC) workflows with normalised threat intelligence from third-party sources and their own historic events and investigations. The result is decreased time for customers to detect and remediate issues, resolving them before they impact the business.