One of the challenges IT organizations struggle with daily is the number of IT security alerts being generated. The bigger the security information and event management (SIEM) platform, the greater the number of alerts generated. To bring some order to that potential chaos, STEALTHbits Technologies this week announced it has built three security applications integrated with the operational intelligence platform developed by Splunk.
Gabriel Gumbs, vice president of product strategy for STEALTHbits, says the three applications combine data collected by STEALTHbits and Splunk to make it simpler to hunt for specific threats in addition to monitoring specific files or a Microsoft Active Directory (AD) deployment.
Even though Splunk provides access to IT security applications, Gumbs says, STEALTHbits saw a need to build its own applications to provide more actionable security intelligence by creating dashboards that make it simpler to navigate data generated by STEALTHbits and Splunk versus asking IT security administrators to navigate both platforms in isolation.
“Splunk is a beast in and of itself,” says Gumbs.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
STEALTHbits, adds Gumbs, has also taken a similar approach to building applications that are integrated with IT security platforms from other SIEM platforms.
In theory, the ability to tap into massive amounts of machine data captured by Splunk should improve security by making it simpler to identify anomalous behavior. The challenge, of course, is separating all the noise being generated from an alert that signals a near and present threat.