Splunk Software As a SIEM

Improve your security posture by using Splunk as your SIEM

Published July 2018


Enterprise security teams must use a SIEM solution that not only solves common security use cases, but advanced use cases as well. To keep up with the dynamic threat landscape, modern SIEMs are expected to be able to:

• Centralize and aggregate all security-relevant events as they’re generated from their source
• Support a variety of reception, collection mechanisms including syslog, file transmissions, file collections, etc.
• Add context and threat intelligence to security events
• Correlate and alert across a range of data
• Detect advanced and unknown threats
• Profile behavior across the organization
• Ingest all data (users, applications) and make them available for use—monitoring, alerting, investigation, ad hoc searching
• Provide ad hoc searching and reporting from data for advanced breach analysis
• Investigate incidents and conduct forensic investigations for detailed incident analysis
• Assess and report on compliance posture
• Use analytics and report on security posture
• Track attackers’ actions with streamlined ad hoc analyses and event sequencing
• Centrally automate retrieval, sharing and responses across the security stack
• Assess threats from the cloud, on-premises and hybrid apps and data sources

You will have to register, or log in, in order to download this paper.

Biting the hand that feeds IT © 1998–2019