The white paper “White Paper: Splunk, Big Data and the Future of Security” is attached here.
The Summary is reprinted below.
Summary–Reaching for Security Intelligence
Finding anomalous patterns in massive data sets over time and in context for unknown threats is the key to detecting advanced persistent attackers and the malware they leave behind. SIEMs that are set up to monitor security infrastructure watching for known threats do not solve the APT problem and have security teams in constant cleanup mode thinking like the victim and not like the attacker. Only big-data solutions with strong analytics and visualization capabilities can provide insight into anomalous behavior.
Security teams need to start using their creativity to think about the modus operandi of the attacker and work with the business, assigning risk to data. Thinking like an attacker and modeling attacks that start with spear-phishing against the most important business assets aligns the security team with business objectives through prioritization of data assets and risk. This type of thinking is a valued skill.
Splunk is a security intelligence solution for monitoring large datasets and gives you the ability to tell the difference between humans interacting with IT systems and behaviors that may be caused by malware. Splunk can cover known threats via information from signature and rule-based systems but also can be used to monitor for unknown threats based on risk-based scenarios translated into Splunk’s analytics language.
Leave a Reply