Splunk Enterprise Security (Splunk ES)
About the product
Splunk Enterprise Security (Splunk ES) – is an application that enables Splunk Enterprise to perform SIEM system functions. The system then becomes a comprehensive solution for managing security-related information and events. It enables continuous monitoring of network infrastructure, incident response, and security operations center management. With it, security teams can quickly detect and respond to internal and external attacks, simplify threat work, minimize risk, and, above all, protect their organization. Splunk ES enables you to use data from any source to provide complete visibility into all security-related events across your organization. Splunk ES can be deployed as software with Splunk Enterprise or as a cloud service with Splunk Cloud. Splunk ES optimizes and simplifies the work of security professionals in organizations of all sizes, regardless of their level of knowledge and skills.
Advantages of the product
Knowledge derived from data automatically collected from network, endpoint, access control, antivirus, and user behavior analysis systems, as well as from vulnerability management and identity management systems, and then correlated based on pre-configured rules or ad hoc searches;
Ready-to-use alert management features enable dynamic environment discovery, contextual search, and rapid detection and analysis of advanced threats;
Customizable correlation searches, alerts, reports, and dashboards to suit your requirements — for continuous monitoring, incident response, security operations center, or business risk reporting to senior management;
Work more efficiently with task-based contexts that enable decisions to be made automatically or by specialists.
Integrated support for the most popular security frameworks: MITRE ATT&CK, NIST, Cyber Kill Chain, CIS20
Automate incident response with built-in actions and scenarios
Ability to conduct threat hunting and correlate data from different areas (IT, OT, users, applications);
Ability to feed data through integration with external Threat Intelligence systems;
Unique licensing per GB of Splunk indexed data per day or vCPU (number of processors in the Splunk infrastructure);
Multiple business lines can use the same license;
Splunk is available as both a cloud license and on-premise;
Benefits of Implementation
Comprehensive and flexible security incident management system
A consistent view of threats and risks across the entire IT and OT environment
Ready-made rules and dashboards for quick implementation of security process monitoring
Integration with threat intelligence databases and automatic alerts when threats are detected
Support for SOC teams and analysts in conducting analyses using advanced built-in views.