More

    Splunk Adds Risk Scoring Framework to SIEM Platform

    Slide Show

    Five Critical Steps for Handling a Security Breach

    One of the more challenging aspects of IT security is the sheer volume of data that security professionals need to sort through to determine whether their organization has been compromised in some way.

    Looking to make that task a whole lot easier, Splunk has released an upgrade to Splunk App for Enterprise Security, an implementation of security information and event management (SIEM) software that now allows organizations to apply risk scoring to various data sets and potential security threats.

    Obviously, not all data is of equal value in the enterprise. Robert Ma, senior director of security markets for Splunk, says risk scoring of data coupled with analytics tools that make it easier to inspect potential threats when sorting through thousands of logs is now a critical requirement. Otherwise, the average IT security manager is going to be overwhelmed by a sea of data that makes it impossible to correlate one event with another.

    viz20140730-01

    In addition to the new risk scoring framework, Ma says version 3.1 of Splunk App for Enterprise Security makes it easier to visualize data on the fly. It also adds a guided search capability to make security analytics more accessible by eliminating the need to have knowledge of programming languages or command syntax to explore log data.

    When it comes to security vigilance, most IT organizations wind up suffering from security fatigue to some degree. SIEM offerings that help reduce that fatigue go a long way toward enhancing IT security. They lessen the monotony associated with sorting through massive volumes of log data to find the one item that may signal an actual attack which, up until now, seemed like a waste of time for IT.

    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Latest Articles