Written By Chuck Leaver CEO Ziften
We were the sponsor in Las Vegas for a terrific Splunk.conf2014 program, we returned stimulated and raring to go to push on even more forward with our solution here at Ziften. A talk that was of specific interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Alleviate Risks” was the name of his presentation. If you wish to see his slides and a recording of the presentation then please go to http://conf.splunk.com/sessions/2014
Using Splunk to help with mitigation, or as I prefer to describe it as “Active Response” is a very good idea. Having all of your intelligence data streaming into Splunk is very effective, and it can be endpoint data, outside risk feeds etc, then you will be able to act on this data really finishes the loop. At Ziften we have our effective continuous monitoring on the endpoint solution, and being wed to Splunk is something that we are truly extremely proud of. It is a truly strong move in the right direction to have real time data analysis coupled with the capability to respond and take action against events.
Ziften have developed a mitigation action which uses the offered Active Response code. There is a demo video included in this blog below. Here we were able to create a mitigation action within our Ziften App for Splunk as proof of concept. After the action is produced, results within Splunk ES (Enterprise Security) can be observed and tracked. This truly is a major addition and now users will have the ability to monitor and track mitigations within Splunk ES, which offers you with the significant advantage of being able to complete the loop and develop a history of your actions.
The fact that Splunk is driving such an effort thrills us, this is likely to progress and we are dedicated to continuously support it and make more development with it. It is extremely exciting at the moment in the Endpoint Detection and Response space and the Active Response Framework built into Splunk being included will certainly promote a high degree of interest in my viewpoint.
For any questions regarding the Ziften App for Splunk, please send an email to firstname.lastname@example.org