Data analytics and security vendor Splunk has extended its portfolio by introducing security operations platform Splunk Security Cloud into the mix.
Following an observability cloud announced in May, the data-driven offer is meant to cover use cases ranging from security monitoring and threat detection, to auditing and compliance scenarios. It promises insight into the security status of multi-cloud environments through analytics of streaming data backed by machine learning, and faster detection of — and response to — security incidents through automation via playbooks and workflow orchestration.
Templates for most common automations are reportedly part of the package. Splunk also gave a preview of a visual editor for building custom processes by combining actions, utilities, formats and similar building blocks into flow diagrams.
The automations are meant to free up capacities so that security teams can focus their efforts on problems that need human interaction rather than doing repetitive work. Of course company infrastructures are widely variable and made up of all kinds of components, which makes centralising data for automation tricky. Splunk claims that pre-built apps, plug-ins and connectors should be enough to take care of that.
Dashboards are part of the platform as well, and can be used to get an idea of the status of various events and report things like the number of incidents solved and the mean time it took to do so. That’s a feature which might be more of interest to management, though.
For now, Splunk Security Cloud is available in the US only, with EMEA planned to follow suit in autumn and APAC in early 2022. Pricing will be based upon the company’s workload pricing approach, details for which are available on request.
While the Splunk Security Cloud is geared towards larger ente ..
Support the originator by clicking the read the rest link below.
