More

    STEALTHBits Taps into Splunk Operational Intelligence

    One of the challenges IT organizations struggle with daily is the number of IT security alerts being generated. The bigger the security information and event management (SIEM) platform, the greater the number of alerts generated. To bring some order to that potential chaos, STEALTHbits Technologies this week announced it has built three security applications integrated with the operational intelligence platform developed by Splunk.

    Gabriel Gumbs, vice president of product strategy for STEALTHbits, says the three applications combine data collected by STEALTHbits and Splunk to make it simpler to hunt for specific threats in addition to monitoring specific files or a Microsoft Active Directory (AD) deployment.

    Even though Splunk provides access to IT security applications, Gumbs says, STEALTHbits saw a need to build its own applications to provide more actionable security intelligence by creating dashboards that make it simpler to navigate data generated by STEALTHbits and Splunk versus asking IT security administrators to navigate both platforms in isolation.

    “Splunk is a beast in and of itself,” says Gumbs.

    STEALTHbits, adds Gumbs, has also taken a similar approach to building applications that are integrated with IT security platforms from other SIEM platforms.

    STEALTHbits1

    In theory, the ability to tap into massive amounts of machine data captured by Splunk should improve security by making it simpler to identify anomalous behavior. The challenge, of course, is separating all the noise being generated from an alert that signals a near and present threat.

    Mike Vizard
    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Latest Articles