Is Splunk a cybersecurity tool?

marksmith991 · ‎11-01-2023

I'm curious about Splunk and its role in cybersecurity. Can anyone shed some light on whether Splunk is classified as a cybersecurity tool? How does it contribute to cybersecurity strategies, and are there specific use cases that make it stand out in the realm of cybersecurity tools? Appreciate any insights or experiences you can share.

Regards:

@marksmith991

gcusello · ‎11-02-2023

Hi @marksmith991,

if you read the Gartner or Forrester Reports about SIEMs, you find Splunk as a leader in this market sector; in your vision, is a SIEM a Security tool?

I think that a SIEM (and Splunk is a SIEM market leader) is one of the milestones of each security platform (not only tool!).

Then you can expand your solution using a SOAR (as Splunk Phantom), an Enterprise User Behaviour solution (as Splunk UBA), threat intelligence feeds, and many other apps that you can use on Splunk.

About Strategies, I think that a security strategy must start from the board of the company, descend on all the employees and find application in many solutions that anyway must start from the SIEM, or (better) from the Security Operation Center (SOC).

It's finished the vision that security are tools as firewalls or antivirus installed in the company network: today security is an approach from the board to all the employees that use integrated technology solutions (still note solutions, not tools!) in continue evolution.

Ciao.

Giuseppe

Is Splunk a cybersecurity tool?

splunkd

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability

Introducing the Splunk Community Dashboard Challenge!