It’s been an exciting year for Splunk Enterprise Security! In May, we celebrated being recognized as a Leader ten times in a row in the 2024 Gartner® Magic Quadrant™ for SIEM.
We’re not stopping there. We’re excited to introduce the SIEM of the Future to keep the momentum going. Splunk Enterprise Security 8.0 is available now in a private preview.
As the market-leader in SIEM, Splunk Enterprise Security 8.0 revolutionizes the SOC workflow experience, enabling security analysts to seamlessly detect what matters, investigate holistically, and respond rapidly. Elevate security operations with complete, unifiedthreat detection, investigation, and response (TDIR) workflows, modern aggregation and triage capabilities, enhanced detections and simplified terminology.
This revolutionary union of innovative capabilities across TDIR marks the dawn of a new breed of SIEM – one that will become the foundation of TDIR solutions and power the SOC of the Future. This is the SIEM of the Future, and the future is now with Splunk Enterprise Security.
SecOps Teams Continue To Face Significant Challenges
To navigate today’s evolving threat landscape, security analysts must maintain visibility across cloud, hybrid, and on-premises environments while managing a relentless influx of data from diverse security, IT and business sources. Harnessing this data effectively is critical, as security is ultimately a data problem. Analysts are also bogged down with disjointed data and security tools, hampering their ability to aggregate, correlate, and prioritize information crucial for efficient threat detection and response. As security threats evolve and data volumes increase, manual processes become increasingly unsustainable. Further, inconsistencies in the terminology used across different security components introduce confusion and communication barriers within teams, impeding effective collaboration and coordinated efforts.
To enhance SOC efficiency, analysts must be equipped with a streamlined workflow experience that boosts productivity. Ensuring security analysts have a SIEM solution that provides the foundation to unify detection, investigation, and response to threats will bolster their confidence and efficacy in managing security risks.
Complete TDIR within Splunk Enterprise Security
It’s a fact that analysts struggle with too many tools. On average, they are juggling 25+1 different security tools that perform actions across detection, investigation and response — negatively impacting mean time to detect (MTTD) and mean time to respond (MTTR).
This is why we are introducing a new unified work surface for Splunk Enterprise Security users. In Splunk Enterprise Security 8.0, we provide direct integration with Splunk SOAR playbooks and actions with the case management and investigation features of Splunk Enterprise Security and Mission Control. Analysts can detect, investigate and respond to threats from one modern interface and find an appreciable increase in their operational efficiency with a unified solution for data aggregation, analysis, and automation.
We’re bringing a seamless, completely integrated workflow experience for case management, alert triage, incident investigation, and incident response use cases to the SOC, without leaving Splunk Enterprise Security. Analysts will have one-click access to automate and orchestrate tasks within Splunk Enterprise Security.
Introducing Response Plans directly in Splunk Enterprise Security allows users to easily collaborate and execute incident response workflows for common security use cases. Analysts have access to a defined and organized response process directly within Splunk Enterprise Security without spending extra time pivoting between other tools.
One solution. MTTD and MTTR: optimized and simplified.
Modern Aggregation and Triage Capabilities
Navigating the nebulous activity of threat detection, analysts find themselves besieged by a pervasive lack of context. They struggle to understand the significance and potential impact of security threats, which impedes their ability to make informed decisions and take appropriate action.
We’re Introducing Finding Groups to analysts’ workflows that automatically aggregate findings based on predetermined rules against common security grouping techniques and calculations (including similar entities, cumulative risk score, MITRE ATT&CK thresholds, and more). This aggregate view shows analysts a comprehensive view of all related high-fidelity findings in one click – further simplifying the analyst experience to take action and respond to sophisticated threats.
Enhanced Detection
Security analysts struggle with discerning high-priority threats amidst the noise. An estimated average of 41%2 of alerts are ignored and analysts simply don’t have the time required to add actionable context for every investigation. Further, the management of an organization's collection of detections requires detection engineers to spend too much manual work to maintain and track any updates or changes within the detections.
To address this, in Splunk Enterprise Security 8.0 we’re introducing enhanced detections so that organizations can find and remediate threats, faster. We’re further helping analysts understand and implement a risk-based alerting detection strategy with turnkey capabilities to build high-confidence aggregated alerts for investigations. Enhanced detection empowers analysts to comprehend and employ a risk-based alerting strategy, offering the flexibility to create high-confidence aggregated alerts for thorough investigations. With advanced threat detection, analysts save time by focusing on critical incidents. We’re also adding native, automatic detection versioning within Splunk Enterprise Security of ESCU and customer-owned detections.
Simplified Terminology for Security Analytics
Oftentimes analysts have to work through the misalignment in terminology between different components of the security ecosystem - especially when working across products and dealing with data silos makes it even more difficult to do their job.
In Splunk Enterprise Security 8.0, we simplified terminology across TDIR workflows, bringing analysts a seamless experience. The new taxonomy aligns to Open Cybersecurity Schema Framework (OCSF), making it easy for your security team to understand exactly what they are working on within Splunk Enterprise Security. As afounding member of OCSF, Splunk supports driving an industry standard to help customers simplify and accelerate the ingestion and analysis of security data. By aligning to OCSF in Splunk Enterprise Security, we are breaking down the data silos that impede security teams to detect, investigate and respond to threats faster, and more effectively.
Splunk Enterprise Security 8.0 will be generally available to both cloud and on-prem environments in September 2024.
We’re listening! If you have ideas and requests, please submit them to Splunk Ideas. To learn more about Splunk Enterprise Security, visit our website.
Follow all the conversations coming out of #splunkconf24!
1ESG Report: SOC Market Trends
2State of Security 23
Olivia Henderson
Olivia brings to Splunk over 4 years of product marketing experience within the cyber intelligence industry, leading go-to-market strategies for products, services, and data integrations. Previouslyshe worked as an intelligence analyst for a cyberthreat intelligence managed service,focusingon Latin America, conducting research and analysis of emerging threats within the region.She holds a Bachelor of Science in Foreign Service (BSFS) in International Politics with a concentration in International Security from Edmund A. Walsh School of Foreign Service, Georgetown University and a Master of Professional Studies (MPS) in Integrated Marketing and Communications from the School of Continuing Studies, Georgetown University.
