Just about everyone has come to realize that defending the enterprise against the hundreds of thousands of types of security attacks being continually launched is beyond the capabilities of mere mortals. As such, IT organizations are increasingly going to have to rely on machine learning software to help even the IT security odds.
At the Splunk 2015 Worldwide Users Conference today, Splunk unveiled an update to its security software, now rechristened Splunk Enterprise Security 4.0, which adds support for advanced tools for investigating threats. It also formally unveiled Splunk User Behavior Analytics, a separate security offering based on machine learning software that Splunk gained when it acquired Caspida, Inc. earlier this year.
Monzy Merza, chief security evangelist at Splunk, says the ultimate security goal is to not only identify the attack paths being used by various types of malware, but also the kill chain that can be used to put a stop to those attacks. Rather than simply keeping a database of those types of attacks in a security information event management (SIEM) system, Merza says Splunk is now effectively creating a security operations center through which IT organizations can more proactively defend themselves.
For example, Splunk User Behavior Analytics enables IT organizations to more easily identify anomalies in end-user behavior, while Splunk Enterprise Security 4.0 makes it simpler for teams of IT security professionals to collaborate on identifying those threats, said Merza. The end result, adds Merza, is a much more rapid response to identifying not only potential threats, but also just how lethal they may be to the organization.
Regardless of the level of IT security required, it’s pretty clear that advanced analytics and machine learning software have a major role to play in the future of IT security. The challenge will be figuring out how to go about incorporating those technologies in a way that best complements the layers of IT security that most IT organizations have already deployed.