PRODUCT BRIEF

Splunk Enterprise Security

Data-driven insights for full breadth visibility, detection and investigation

Data-Driven Security
• Improve security posture and gain full visibility across
Connecting
your multi-cloud, hybrid, and on-premises environment Data and People

• Accelerate threat detection and investigation using

1 10
10 0
risk-based alerting, threat intelligence, and out-of-the- 011
00 010
1
0 00
01 10
0 1
01 110 1011
01 10 1 00 11 0
00 100 1110 10 010 001
box security content 011
11 010 10
1 0 00 11
10 00 110
0
0 1 0
01 01 01 10 10 01
01 01 01
10 011 00 110 01
1
01 00 10 0
• Quickly gather context from your technology 01 0

investments with a flexible data platform and

integrations across multi-vendor tools and technologies
Risk-Based Context and
Intelligence

You’re faced with adapting to a dynamic threat landscape, evolving adversary tactics, advanced threats and evolving
business demands — and your existing security technologies can’t keep up. To meet these new challenges, modern
security teams need data-driven capabilities, contextual insights and accurate and rapid threat detection techniques to
reduce mean-time-to-detect and make business-centric decisions. Security teams can more quickly detect, investigate,
and respond to attacks by centralizing and utilizing all their machine data.

Splunk Enterprise Security (ES) is a data-centric, modern security information and event management (SIEM) solution
that delivers data-driven insights for full breadth visibility into your security posture so you can protect your business
and mitigate risk at scale. With unparalleled search and reporting, advanced analytics, integrated intelligence, and pre-
packaged security content, Splunk ES accelerates threat detection and investigation, letting you determine the scope
of high-priority threats to your environment so you can quickly take action. Built on an open and scalable data platform,
you can stay agile in the face of evolving threats and business needs. Our extensive ecosystem of Splunk, partner, and
community-built integrations as well as flexible deployment options ensure your technology investments are working in
tandem with Splunk ES whilst meeting you wherever you are on your cloud, multi-cloud, or hybrid journey.

Splunk ES helps security teams of all sizes and levels of expertise to streamline their security operations. It provides:

• Insight from data that is automatically retrieved from network, endpoint, access, malware, UBA anomalies, vulnerability
and identity technologies, and shared to correlate using pre-defined rules, risk-based alerting, or via ad-hoc searching.

• Out-of-the-box capabilities to manage and prioritize alerts, contextual searches, and the rapid detection and analysis of
advanced threats.

• Flexibility to customize correlation searches, risk-based alerts, reports and dashboards to fit specific needs — whether
deployed for continuous monitoring, incident investigation and response, a security operations center (SOC), or for
executives who need to view business risks.

• Improve operational efficiency using workflow-based context for automated and human-assisted decisions.
 PRODUCT BRIEF

Data-Driven Security Defined

The process of discovering relationships across all security-relevant data, including data from IT infrastructures, point
security products and all machine-generated data to rapidly adapt to a changing threat landscape.

Continuously Monitor Security Posture

Get a clear visual picture of your organization’s security posture
by using a comprehensive set of pre-defined dashboards, custom
views with key security metrics and performance metrics, static and
dynamic thresholds, and trending indicators. Reduce organizational
risk by using the Use Case Library for faster detection of newly
discovered and ongoing threats and accelerating incident response.

Prioritize and Act on Incidents

Reduce false positives, detect more sophisticated threats, and align
security operations to industry frameworks like MITRE ATT&CK with
Risk-Based Alerting (RBA). Optimize incident response workflows by
using centralized logs, prioritized alerts, UBA anomalies, pre-defined
reports and correlations, and incident response workflows with risk
scores. Streamline investigations and accelerate incident response
using Investigation Workbench to investigate one or more notable
events in one view.

Rapidly Investigate & Analyze Threats

Gain full context of the events leading up to a high-priority alert with
RBA. Conduct rapid investigations using ad hoc search, as well as static,
dynamic and visual correlations to improve response times. Investigate
and pivot on any field from any data retrieved automatically from across
the security and IT stack to rapidly develop threat context and track
attacker steps to verify evidence. Utilize Adaptive Response actions to
automate retrieval, sharing, and responses in multi-vendor environments.

Handle Multi-Step Investigations

Conduct breach and investigative analyses to trace the activities
associated with compromised systems. Apply the kill chain
methodology and investigate the attack lifecycle using ad hoc
searches and the out-of-the-box functionality within ES. Enable faster
detection and response process by utilizing automatically delivered
security detection and investigation content developed by the Splunk
Threat Research Team.

Ready to supercharge your security operations with a cloud-based data-driven SIEM solution?
Learn how to get started with Splunk.

Learn more: www.splunk.com/asksales www.splunk.com

Splunk, Splunk> and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.
All other brand names, product names or trademarks belong to their respective owners. © 2022 Splunk Inc. All rights reserved. 22-24670-Splunk-Enterprise Security-123-PB