Splunk : Introducing Splunk Security Analytics for AWS

Share:

By Jane Wong July 19, 2021

At Splunk, we've traditionally seen larger organizations more so than smaller ones benefit from our security analytics capabilities. It comes down to resources: larger firms can build larger security teams staffed with domain experts, afford premium tools, and devote time and budget to retaining professional services consultants for help with implementations. Smaller firms have to get the job done without those perks.

That's why we're thrilled to announce the availability of Splunk Security Analytics for AWS, a solution designed specifically for lean security teams running on Amazon Web Services (AWS). Available exclusively in AWS Marketplace, the offering gives smaller security teams an accessible way to harness the power of Splunk.

Security Analytics Simplified for Lean Teams Running on AWS

Built on the foundation of Splunk's market-leading security technologies, Splunk Security Analytics for AWS packages Splunk's powerful threat detection and investigation capabilities in an easy-to-buy, easy-to-use way. The offering's new data onboarding process helps teams strapped for time and resources get up and running quickly. Its pre-built, AWS-specific detections and dashboards provide deep, centralized visibility into AWS environments, accelerating threat detection and investigation. No more switching to-and-from multiple consoles - the offering augments the value of existing AWS security services and other security data sources by centralizing data and applying detections and visualizations. The offering makes detecting and investigating threats easier for smaller security teams in several ways:

Rapidly Onboard Security Data Into Splunk

We built a hassle-free data onboarding wizard to minimize the time and manual input needed to go from subscribing to the solution in AWS Marketplace to uncovering security insights. The solution currently correlates information across several AWS data sources - Amazon GuardDuty, AWS CloudTrail, AWS Security Hub, AWS Identity and Access Management (IAM) Access Analyzer, and AWS IAM credential reports - and Microsoft 365.

Detect Threats Faster with Pre-Built Correlations

Pre-written, AWS-specific threat detections come enabled with Splunk Security Analytics for AWS. Splunk's Threat Research Team crafted these detections to help you uncover threats such as anomalous EC2 and S3 modifications, suspicious login behavior and user provisioning, insecure network configurations, and much more. Along with detections, we provide end-to-end security guides - or Analytic Stories - to give you context on activity that certain detections look for, how to implement those detections, how detections map to industry frameworks like MITRE ATT&CK®, and much more. Leverage the best of Splunk's AWS-focused detection content from day one.

Visualize Your AWS Security Posture with Pre-Built Dashboards

We've built AWS-specific dashboards that start lighting up soon after completing the onboarding wizard; no need to build them yourself. Using data from AWS' security solutions as their foundation, these dashboards display everything from detected threats and organization-wide alert trends to IAM, Network Access Control List (ACL), Security Group, and Microsoft 365-specific insights. Skip the weeks or months of manually configuring a legacy solution or paying professional services personnel to do it for you. Splunk Security Analytics for AWS presents a unified view of your AWS environment within hours of getting started.

Swiftly Determine Root Cause

Say goodbye to inconsistent, piecemeal security investigations and instead conduct swift and structured investigations using our Investigation Workbench. The Investigation Workbench is a dedicated tool in the offering that serves as your team's hub for security investigations: you can add relevant information to an investigation as you explore your data in Splunk, and use the Investigation Workbench for detailed analysis, incident timeline construction and visualization, and more. The Investigation Workbench allows you to examine high-value data from AWS' security services and Microsoft 365 in new and revealing ways, reducing your team's time to investigate and respond to threats.

Get Started with Splunk Security Analytics for AWS

We're so excited to bring smaller security teams the benefits of our security analytics capabilities as a cloud service. You can get started with the solution in AWS Marketplace at an attractive introductory price of $100 per month*. Beyond the introductory period, the solution continues to offer pay-as-you-go pricing at a low monthly rate. Learn more about the solution on Splunk.com or by watching our videos on onboarding data and detecting and investigating threats in Splunk Security Analytics for AWS. You can also check out our product brief for additional information on the offering.

Happy Splunking!

_{*All orders for the offerings made through October 31, 2021 (the 'promotional period') are offered by Splunk at a promotional rate of $100.00 USD per term up to the capacity stated in the AWS Marketplace listing. Please see the End User License Agreement for full details.}