Splunk Enterprise Security App
In a previous blog post (read here) we discussed the Splunk product portfolio. Splunk can be beneficial in the security space using the Splunk Enterprise App for Security. This is a paid for App in their App store, and can give you great visibility into your enterprise security platform.
Splunk’s specialty is turning machine data into business value. In other words making data, that may not have been easy to understand, readable to anybody. This data can come from many places, but the key is to correlate it all and create a complete picture of what’s going on.
What does the App do?
The enterprise security app is an easy way for you to collect data from your enterprise security platforms and present it out to administrators and users. We can take the different security devices you have and pull feeds in from IDS and IPS systems, as well as syslog and netflow data from switches. We can take all of this data and make sure that the security admins have a good snapshot of the entire environment. This will allow us to look at the security posture of the organization within one dashboard. We can summarize all threats and categorize them by type or severity. Furthermore we can give different types of users different dashboards, based on what they care about.
Check out the Splunk Enterprise Security SIEM app demo here
https://www.youtube.com/watch?v=pkDfbhwmXIE
What to do next?
If you think this is something you would like to pursue contact your Focus account manager and talk to them about Splunk. We can setup a meeting and discuss what you want to get out of Splunk. If it’s a fit we can move to a pilot phase using the free 60 day trial of Splunk Enterprise. If you like what you see we can assist with the acquisition of the licensing and design a final solution.
Thanks for reading!
Brad Maher |Director of Technology