In this release, we provide three new capabilities to help security teams detect suspicious behavior in real-time, quickly discover the scope of an incident to respond accurately, and improve security workflow efficiencies using embedded frameworks.
We've introduced cloud-based streaming analytics* cloud-based streaming analytics integrates with Splunk’s risk-based alerting (RBA) framework to deliver enhanced analytics for improved situational awareness and response time to suspicious behavior. This feature brings scalable real-time streaming analytics for a broader range of advanced security detections and focuses on addressing common use cases including insider threat, credential access and compromise, lateral movement, and living off the land attacks. *Initial availability to eligible US-East Splunk Cloud customers only
Splunk Enterprise Security 7.1 also brings a new visualization feature, Threat Topology, which provides a comprehensive view into security incidents, enabling analysts to quickly determine the scope of security incidents, and achieve faster time to initiate an investigation.
Last but not least, with our new MITRE ATT&CK® visualization security analysts can quickly build situational awareness around an incident in the context of the MITRE ATT&CK Matrix. Security analysts can leverage and visualize MITRE ATT&CK annotations in Splunk Enterprise Security risk events and get a comprehensive picture of how the asset or identity has been impacted by various tactics and techniques.
So Why Wait? Upgrade today to Splunk Enterprise Security 7.1!
