.conf21 Splunk for Security Announcements

Hello, Community! 

We made several announcements at .conf21 that we are excited to share with you, in case you missed them.

Enterprise Security

Coming soon: Enterprise Security Cloud is packed with new capabilities to give security teams insights in order to drive faster detection and response, and continues to build on the capabilities previously announced.

Here are the highlights:

1. Executive Summary Dashboard:

   The new Executive Summary dashboard surfaces key performance indicators that provide insights on the overall health of the SOC and facilitates reporting to CISOs and other senior leaders. The Executive Summary Dashboard allows you to quickly assess the following:

   • Mean Time to Triage
   • Mean Time to Resolution
   • Investigations Created
   • Risk-Based Alerting Trends
   • And More!

2. Security Operations Dashboard:

   • The Security Operations Dashboard shares key insights but provides deeper analysis for SOC managers and team leads. Previously, Enterprise Security introduced a dispositions feature of incident review that allowed you to record whether an event was a true positive, false positive, or benign positive. Coming soon, you will see and report on this data over time, and get a deep dive into exactly which correlation sources contribute to each of the four default disposition types.

3. Cloud Security Monitoring Dashboard:

   • We are also enhancing the  Cloud Security Monitoring Dashboard to give you new dashboards like AWS Security Groups, AWS IAM Activity, as well as new dashboarding to capture Microsoft 365 data.

4. Automated Real-Time Content Updates:

   • We are also adding in-product, automated real-time content updates so that you can get the latest security content from the Splunk Threat Research Team, as soon as it is available, with one click!

Behavioral Analytics for Security Cloud (Preview)

Splunk Behavioral Analytics for Splunk Security Cloud, now in Preview, provides threat detection using streaming security analytics capabilities to uncover unknown threats and anomalous user and entity behavior. Augment your SIEM in the cloud with real-time search and analytics in addition to traditional search-based correlations and batch analytics to ​​accelerate your mean time to detect and spend more time hunting with higher-fidelity, risk-based behavioral alerts.

SOAR

• Splunk SOAR’s new and improved Visual Playbook Editor makes it easier than ever to create, edit, implement and scale automated playbooks to help your business eliminate security analyst grunt work, and respond to security incidents at machine speed. 
• Splunk SOAR apps are now available on Splunkbase, providing you with a one-stop shop to extend the power of SOAR. 
• Splunk SOAR’s new App Editor allows you to create, edit, and test apps all from one place, making the app development experience easier and faster than ever. 

Splunk Intelligence Management (TruSTAR)

The Splunk Intelligence Management technology, formerly TruSTAR, breaks down data silos within and across enterprises to align security effectiveness with business objectives, improving cyber resilience and operational efficiency. The unified intelligence API delivers insights directly into your Splunk Security products, and joint customers benefit from the ability to:

• Reduce noise from intel sources to automatically improve alert prioritization
• Easily share threat intelligence data across teams, tools, and sharing partners
• Drive efficiencies in Splunk SOAR playbooks with enrichment based on normalized intelligence

SURGe

The complexity of security threats is increasing exponentially. Having access to expert knowledge, refined processes, and best-of-breed technologies can enable organizations to stay proactive in securing their business. SURGe is a team of Splunk security experts, threat researchers, and advisors that support security teams during high-profile, time-sensitive cyberattacks with timely contextual awareness and initial incident response techniques. Beyond being an advisor and trusted partner for customers during high-profile security incidents, SURGe will also provide security research on a variety of security topics via blogs, long-form whitepapers, webinars, presentations, and many more types of content.

By leveraging SURGe’s technical guidance and security research, security teams can find clarity amidst chaos, reduce their mean-time-to-detect, and reduce their mean-time-to-respond. You can learn more about SURGe, read about our latest research on detecting supply chain attacks, or sign up for alerts on high-profile security incidents on our website.

For more details, screenshots, and more about all the cool stuff we announced at .conf21, check out our full announcement blog. For the full scoop on what's coming to Enterprise Security, check out the "What’s New in Enterprise Security" .conf21 session. Also, be sure to check out the Security Super Session for a full picture on Security, and be sure to check out all the awesome SOAR sessions!