Nowdays, Security Information and Event Management (SIEM) is a mature security technology, which allows both saving efforts and time allocated to routine operations and the management of security risks. Companies that have already adopted SIEM* show the best reality perception:
- 78% of them use SIEM to improve their security risk management capacity;
- 55% – in order to benefit from extended visibility on the threats they face;
- 54% – in order to ensure requirements of compliance’s alignment with the standards and regulations in force.
Statistics according to a study conducted last year1 by Pulse, a Gartner company.
But there is also a downside, as more than half (57%) of companies admit that they do not have the advanced skills necessary to fully exploit the SIEM solutions’ functionalities.
To support these organizations, Datanet Systems recently organized a webinar in which presented live various work scenarios and practical ways to manage security risks with the SIEM Splunk Enterprise Security solution. Find below the full registration for the “Security risk management with Splunk SIEM Enterprise Security” webinar.
Splunk is for 8 consecutive years one of the leaders of the global SIEM solution market. The SIEM Splunk Enterprise Security (ES) platform, however, excels not only on performance and functionality – more details here, but also in terms of operational efficiency, according to Gartner’s2 estimations. Moreover, 451 Research‘s3 analysts consider Splunk is the only SIEM solutions provider that keeps its promises and correctly delivers, registering results as expected. Another argument in favor of Splunk is that the solution is flexible, easy to scale and operate, and comes with preconfigured anomaly detection and signaling rules – which can be easily customized – as well as data correlation tools for defining predefined alerts.
„The SIEM Splunk ES solution can operate any source of information, using both structured and unstructured data to detect security events and conduct necessary investigations. The platform delivers added value by correlating data and fast delivery of actionable information, as well as advanced integrated automation and analysis capabilities“, explains Sebastian-Bogdan Ghiță, Consultant Presales at Datanet Systems.
Relying on these capabilities, over 20,000 existing Splunk ES customers globally have achieved:
- Reducing by up to 70% the time allocated to investigate security events through correlations and incidents through searches;
- Decreasing by up to 80% the time required to complete compliance reports;
- Reducing by up to 90% the time spent performing manual security tasks manually.
In order to show how these benefits can be obtained by Splunk ES customers, the Datanet specialist made a live demo in which he presented the practical ways in which the SIEM platform simplifies and streamlines the daily work of IT security managers. The demo featured:
- how the security events discovered by the solution can be viewed based on the preset correlations or customized by the beneficiary;
- how they can be filtered (depending on the type of threat, applied tactics, etc.);
- how correlations and analyzes are performed (ad-hoc or using information stored over time);
- how to create and automate a response action for a certain category of incidents, depending on the security solutions already existing in the client’s infrastructure and integrated with the SIEM Splunk ES solution.
In the final part of the demo, the Datanet Systems’ specialist showed how companies can get better protection against unknown threats by integrating Splunk ES and Splunk User Behavior Analytics solutions.
Splunk UBA integrates advanced analysis technologies and Machine Learning with the help of which it automatically detects abnormal behaviors of users, equipment, applications, and privileged accounts, aggregates them in patterns and delivers enriched actionable information contextual through Splunk ES.
The full presentation and demo of the Splunk ES and Splunk UBA solutions can be viewed by accessing the below video.
For more information on the work scenarios and day-to-day usage of the Splunk ES solution in Security Operations Centers (SOC), please also watch “Using Splunk Enterprise Security to increase efficiency in Security Operations Centers” webinar, organized by Datanet Systems in November 2021. (in English)