Splunk extends user behaviour analytics into SIEM


San Francisco-based Splunk Inc. is extending its user behaviour analytics and enterprise security products to automate many security information and event management (SIEM) tasks, enabling organisations to more quickly detect and respond to insider threats and cyberattacks.

Splunk User Behaviour Analytics UBA 2.2 and Splunk Enterprise Security ES 4.1 enable organisations to respond to prioritised true threats, gain additional visibility across the attack life cycle and obtain deeper insights into anomalous behaviour and malicious activities. Both new versions will be generally available in April 2016.

The new versions combine machine learning, statistical modelling, anomaly detection, context-enhanced threat correlation and rapid investigation capabilities to give organisations a jump on both insider threats and external cyberattacks. Splunk ES also enhances threat intelligence detection from social platforms with the addition of Facebook ThreatExchange support.

“Splunk ES goes miles beyond traditional SIEMs by arming us with deep investigative and rapid response capabilities,” said Gary Hayslip, CISO, City of San Diego.

“Splunk UBA is unique in its data science-driven approach,” said Mark Grimse, vice president of IT, Rambus. “Splunk UBA can automatically help find hidden threats thanks to its advanced use of machine learning. It has given our security analysts a way to stay ahead of and more quickly respond to cyberattacks and insider threats.”

“Splunk UBA and Splunk ES play a vital role in helping to redefine the SIEM market,” said Haiyan Song, senior vice president, security markets, Splunk. “By enhancing Splunk UBA and expanding the ability for Splunk ES to ingest behavioural anomalies detected by Splunk UBA, we can make it easier for our customers to automate many typical SIEM tasks.”