The IT environment inside most major organizations has reached a level of complexity that makes it almost impossible for the average team of IT professionals to secure. Splunk, via its acquisition of Caspida for $190 million, now plans to add artificial intelligence to help IT organizations even the IT security odds.
As a provider of behavioral analytics software based on machine learning algorithms, Haiyan Song, senior vice president of security markets for Splunk, says Caspida makes use of semantic classifications, kill chain detection, graph analysis and threat scoring to enable IT organizations to not only identify threats, but also understand just how lethal a particular piece of malware might be to their organization.
While Splunk has made use of its existing search technology for machine data to create security applications, Song says Caspida adds a level of depth to the Splunk security portfolio in terms of being able to operationalize security intelligence that wasn’t previously available.
For example, Song says that because Caspida can identify anomalous use of valid credentials to exploit systems they have accessed and then automate the appropriate level of response, Splunk is now addressing the entire IT security lifecycle.
Given the sensitive nature of the data being analyzed, Song says that Splunk expects Caspida to be deployed on premise most of the time. But Song says that Splunk does plan to make an instance of Caspida available as a cloud service. In both cases, Caspida will be able to harness data from a variety of sources, including a number of security information event management (SIEM) systems.
While the concept of machine learning has been around for a while, advances in machine learning algorithms are making it more feasible to apply it to a number of IT management tasks that require sorting through huge volumes of data to determine what is occurring. At a time when the number of applications and systems that generate machine data has never been greater, it’s become clear that no matter how many administrators the average IT organization might have, there is now a need for artificial intelligence to be applied to make sense of it all.