Security event monitoring, incident response, log management and compliance reporting
Jointly developed by Splunk and GlassHouse, Splunk Enterprise Security Suite (ESS) brings the power of enterprise security information and event management together with the fast ad-hoc search, flexibility and scalability benefits of Splunk in one integrated suite. For the first time, enterprises with limited security resources can harness the power of Splunk to turn all their IT data into security-relevant information.
As the search engine for IT data, Splunk can index logs, events and activities generated by any application, server or network device without complex connectors, custom parsers or expensive database deployments. GlassHouse adds security operations domain knowledge that Splunk ESS users can now leverage to correlate IT data and provide insight into the security posture of their organizations.
Splunk ESS is an enterprise-class security suite built on the Splunk Common Information Model (SCIM) and supports both Common Event Expression (CEE) and Common Event Format (CEF) for interoperability of event data with other security and log management solutions.
Today’s enterprise security environment is characterized by an increasingly dynamic threat landscape driving a rapid escalation in the number of potential security incidents and the cost of dealing with increasing risk and exposure. In their “2009 Market Outlook for IT Security”, Forrester Research estimates the cost of enterprise security operations will increase by 18% in 2009 over 2008.
The Splunk Enterprise Security Suite is a collection of security applications consisting of packaged searches, correlations, reports, dashboards, visualizations and analysis integrating a wide variety of security use cases including:
- Security Posture Overview
- Compliance Reporting
- Endpoint Protection
- Event Monitoring
- Incident Response
- ISO 27002 Governance
- Log Management
- Network Protection
- User and System Access Reporting
- Forensics