Nick is an experienced Splunk-Certified Architect and accomplished solutions architect with experience of designing global, scalable and high performance compliance and security incident monitoring solutions, both on-premise and in the cloud.
In the latest Gartner Magic Quadrant report, Splunk has been indicated as a leader in the SIEM industry for the seventh time in a row. In this blog, we look at
In layman’s terms, SIEM stands for Security Information and Event Management. SIEM focuses on real-time log and event data, and automatically categorises threats and risks by leveraging machine learning and predictive analytics to assist organisations in detecting attacks or data breaches as quickly as possible.
There are several options available when you need a SIEM solution, and Gartner has a Magic Quadrant report which explores the different options.
Splunk is the industry leader for SIEM, and their focus is to turn data into an actionable commodity. Their portfolio includes three products that focus on Security (and therefore SIEM): Splunk Enterprise Security (ES), Splunk User Behaviour Analytics (UBA) and Splunk Phantom (a “SOAR” add-on).
Splunk’s Enterprise Security offers organisations the ability to get complete visibility over the security risks in their landscape. The aim is to combat security threats with rapid operationalisation, and turn the data into knowledge to enable the right team to respond with maximum impact. Splunk Enterprise Security gives an analytics-driven approach to proactively mitigate risk.
Splunk UBA is an additional layer that provides machine learning to detect unknown threats and anomalous behaviour.
Phantom provides Security Orchestration, Automation, and Response (SOAR) capabilities, and is designed to provide automated remediation and mitigation of security incidents.
EPI-USE Labs has solved this challenge by developing a connector for Splunk called Cenoti.
Full visibility into security threats depends on full visibility into all of your IT systems. SAP has traditionally been some of a black box in terms of integration with external systems, and that has given operational and security teams a challenge in understanding the real-time status of the components of an ERP system.
Cenoti is a combination of a certified SAP Application and Splunk-certified Apps which allow organisations to extract data from SAP systems and deliver them into a Splunk environment for use in several ways:
Via the Cenoti dashboards, reports and alerts in the Cenoti Application (for Splunk Core)
For Out-of-the-Box integration into Splunk Enterprise Security (Splunk ES), delivering numerous security use cases, correlation searches and enriching exports for assets and identities, custom visualizations including swimlanes, key panel indicators and glass tables.
Simple setup procedure to quickly integrate SAP operational data into Splunk IT Service Intelligence (Splunk ITSI) including service templates, KPI base searches, automatic discovery and glass tables.