When it comes to securing your business, presenting a unified front can be key in ensuring you stay protected. However, often different business units can come into conflict as perspectives and individual goals collide.
Combining security, IT and infrastructure can be a major challenge, but Splunk believes it can offer a way to bring this disparate divisions together and act as the “nerve centre” for your business.
Speaking at the Splunk conf2017 event in Washington DC this week, the company’s director of security research Monzy Merza outlined how the company’s offerings can identify threats and stop them before they happen.
"Defence can have an unfair advantage,” he told attendees, “I believe defenders can succeed...Security, IT and infrastructure can come together - all we need is a nerve centre, so that we can share, and learn."
At the core of Splunk’s security proposition is an updated version of its User Behaviour Analytics (UBA) 4.0 service. This tool can spot anomalous behaviour early on, allowing security teams to stamp out any potential issues quickly - all using the power of big data. The latest version of the service gives administrators more insight to their user’s habits, identifying not just particular users, but also the system they've been accessing, and all the information needed to proceed with an investigation.
In order to widen the reach and scale of UBA, Splunk has also this week released an open-source SDK that will now allow customers to use the power of machine learning to boost their security protection. The UBA 4.0 SDK allows users to build their own machine learning analytics services to spot customised issues within their systems, such as a particular metric or software service behaving unusually. But it will also provide access to a world of existing machine learning models created by the wider Splunk community, pooling knowledge about the latest threats.
"We wanted to take the effort of the Splunk security research team and bring that to you,” Merza noted.
Splunk UBA 4.0 and its associated SDK is available now, as part of a new suite of services announced by the company at .conf2017.