Splunk for Splunk Enterprise Winner Winner
Splunk is a big data platform used by thousands of customers for a wide range of security use cases including log management, incident investigations and forensics, security risk reporting and visualizations, real-time correlations and alerting, and fraud detection. Splunk can also leverage statistical baselining and analysis to identify outliers and abnormal behaviors that may represent advanced threats or malicious insiders. The Splunk App for Enterprise Security, which installs on the core Splunk Enterprise product, facilitates traditional SIEM use cases out-of-the-box with security-relevant correlation searches, real-time alerts, reports, dashboards, and incident workflows creating a security intelligence platform.
Splunk’s Big Data architecture is based on a flat file, schema-less data store that can ingest any type of machine or log data from any system or application. This makes it ideal for uses where the enterprise views security in a broader context of business risk. Splunk indexes raw data without any normalization at ingestion time. With over 150 commands, Splunk’s sophisticated search language facilitates correlation, visualization and statistical analysis directly from raw data. Some customers leverage Splunk to index over 100TB a day, and to perform automated searches across petabytes of historical data that return results in seconds or minutes.
Splunk can also be used for a wide range of use cases outside security including compliance, IT operations, and application management, which, when coupled with security, help break down silos between departments and enables a strong ROI and a broad view of business risk. Splunk is software-only and installs on-premise or in cloud environments on a wide range of OSes on physical or virtual hardware.