Adaptive Response Is The Future Of Cyber Security Splunk.conf 2016 – Charles Leaver

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

All the most recent achievements from Splunk

Last week I went to the yearly Splunk conference in the excellent sunshine state – Florida. The Orlando-based occasion allowed for Splunkers from around the globe to familiarize themselves with the latest and most successful offerings from Splunk. Although there were a variety of enjoyable activities throughout the week, it was clear that participants were there to learn. The statement of Splunk’s security-centric Adaptive Response initiative was popular and just so happens to integrate rather well with Ziften’s endpoint service.

Of particular interest, the “Transforming Security” Keynote Address presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, demonstrated the power of Splunk’s brand-new Adaptive Response interface to countless attendees.

In the clip just below taken from that Keynote, Monzy Merza exhibits how crucial data supplied by a Ziften agent can likewise be utilized to enact bi-directional functionality from Splunk by sending out instructional logic to the Ziften agent to take immediate actions on a compromised endpoint. Monzy was able to effectively determine a jeopardized Linux server and remove it from the operational network for additional forensic examination. By not just supplying vital security data to the Splunk instance, but also allowing the user to remain on the very same interface to take operational and security actions, the Ziften endpoint agent enables users to bi-directionally utilize Splunk’s powerful structure to take immediate action throughout all running systems in an exacting manner. After the talks our booth was swamped with demonstrations and very fascinating conversations concerning operations and security.

Take a look at a 3 minute Monzy highlight from the Keynote:

Over the weekend I had the ability to process the broad array of technical discussions I had with hundreds of dazzling individuals in our booth at.conf. Among the amusing things I discovered – which no one would honestly confess unless I pulled it out of them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I also observed the apparent: event response was the primary focus of this year’s occasion.

However, many people utilize Ziften for Splunk for a range of things, such as application and operations management, network monitoring, and user behavior modeling. In an effort to illuminate the broad functionality of our Splunk App, here’s a taste of exactly what folks at.conf2016 liked most about Ziften for Splunk:

1) It’s great for Business Security.

a. Generalized platform for absorbing real-time data and taking instant action
b. Autotomizing remediation from a wide scope of signs of compromise

2) IT Operations adore us.

a. Tracking of Systems, Hardware Lifecycle, Resource Management
b. Management of Applications – Compliance, License Rationalization, Susceptibilities

3) Network Tracking with ZFlow is a game changer.

a. ZFlow ties netflow with binary, user and system data – in a solitary Splunk SPL entry. Do I have to state more here? This is the ideal Holy Grail from Indiana Jones, people!

4) Our User Habits Modeling exceeds simply notifications.

a. This could be tied back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application use, logins, elevated binaries, timestamps, etc is easily viewable in Splunk
c. Ziften offers a totally free Security Centric Splunk bundle, however we transform all the data we gather from each endpoint to Splunk CIM language – Not just our ‘Alerts’.

Eventually, using a single Splunk Adaptive Response user interface to handle a plethora of tools within your environment is exactly what helps construct a strong business fabric for your company – one in which operations, security and network teams more fluidly overlap. Make better choices, faster. Find out on your own with our free 1 Month trial of Ziften for Splunk!

Leave a Reply

Your email address will not be published. Required fields are marked *