While you can still get the feel that this is an operations tool, the security insight provided by Splunk Enterprise Security will feel right at home in any SOC. This Splunk app delivers insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability, and identity information. Navigating through the app, you can quickly drill down to get valuable insight in various areas from your security posture, incidents to review, current investigations and many more. The other members of the review team without the experience working with Splunk had similar experiences. There was almost no learning curve navigating through the dashboard. Splunk has continued to update the interface and make the dashboard modern. Signing back into the Splunk Enterprise Security app brought back some feelings of nostalgia, but that’s where it ended. Splunk ES can be deployed as a software, as a cloud service, in a public or private cloud, or in a hybrid software-cloud deployment. The Splunk system is extremely flexible and scalable to fit into any size organization. Splunk offers software installations for on-premise solutions as well as the popular cloud solutions. While we were excited to see this new Splunk Enterprise Security app in action, Splunk granted SC Labs access to their web sandbox, so we didn’t get a chance to work through the installation process, setup or load testing the solution. I was really looking forward to getting my hands on Splunk Enterprise Security app to see if this operations tool can live up to my expectations as a security tool. Fast forward a few years, and Splunk has really stuck to the operational side of things.
The Director of IT Operations was constantly looking for new ways to utilize Splunk. I remember looking through Splunk daily to help identify traffic patterns and traffic utilization for our clients. I trace my start in actual information security back to when I was working in network operations for a large MSSP.
0 kommentar(er)
