New SIEM Tools Help SOC Automation

Splunk rolls out new SIEM and orchestration tools at its .conf event.

ORLANDO, FL — Splunk .conf — In a presentation that was part of the keynote address at Splunks annual .conf gathering, Splunk vice president of security research Mony Merza announced three updates to the companys roster of security-focused analytics products. Splunk Enterprise Security 5.2, Splunk User Behavior Analytics 4.2, and Splunk Phantom 4.1 were premiered to a crowd of more than 8,000 at Disneys Arena.
What does it take to defend against phishing or malware? Merza asked. You have to be able to observe, orient, decide, and act. Splunks acquisition of Phantom earlier in 2018 allows for the final piece of that list, he said, while Splunks traditional SIEM technology continues to provide the first three.
The new version of Splunk Enterprise Security includes event sequencing, which groups correlation searches and risk modifiers for threat detection and investigations, and a new Use Case Library, which highly accurate and usable security content tailored to a customers specific security situation. The Splunk ES Use Case Library provides an automated discovery process for new use cases, including adversary tactics, cloud security, abuse, and ransomware, to help security analysts understand how best to respond.
Phantom 4.1, which integrates the Phantom orchestration and automation functions with Splunks core functionality, provides new features including clustering support, which aids operational scaling; a new indicator view; and improved onboarding, which dramatically speeds deployment.
Splunks UBA 4.2 is designed to help analysts with machine learning to help find threats and anomalous user behavior. New features include user feedback learning for better UBA anomaly model-scoring in threat detection; improved data ingestion performance by up to 2x; and single sign-on support.
For more, read
here
.

Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New SIEM Tools Help SOC Automation