One of the more challenging aspects of IT security is the sheer volume of data that security professionals need to sort through to determine whether their organization has been compromised in some way.
Looking to make that task a whole lot easier, Splunk has released an upgrade to Splunk App for Enterprise Security, an implementation of security information and event management (SIEM) software that now allows organizations to apply risk scoring to various data sets and potential security threats.
Obviously, not all data is of equal value in the enterprise. Robert Ma, senior director of security markets for Splunk, says risk scoring of data coupled with analytics tools that make it easier to inspect potential threats when sorting through thousands of logs is now a critical requirement. Otherwise, the average IT security manager is going to be overwhelmed by a sea of data that makes it impossible to correlate one event with another.
In addition to the new risk scoring framework, Ma says version 3.1 of Splunk App for Enterprise Security makes it easier to visualize data on the fly. It also adds a guided search capability to make security analytics more accessible by eliminating the need to have knowledge of programming languages or command syntax to explore log data.
When it comes to security vigilance, most IT organizations wind up suffering from security fatigue to some degree. SIEM offerings that help reduce that fatigue go a long way toward enhancing IT security. They lessen the monotony associated with sorting through massive volumes of log data to find the one item that may signal an actual attack which, up until now, seemed like a waste of time for IT.