Splunk, leading software platform for real-time operational intelligence, has just rolled out its latest 2.4 version of the Splunk App for Enterprise Security. The USP of this app is the Statistical Analysis for Threat Detection, making it the next generation of security intelligence. With Splunk App for Enterprise Security, users will now be able to accurately identify the ever-important unknown threats in real time with out-of-the-box content, new searches, dashboards and visualizations.

“Statistical analysis is the new weapon of the security warrior defending against threats that bypass traditional security detection systems. This is one of the reasons why more than 1,500 organizations around the world rely on Splunk for security,” said Mark Seward, senior director of security and compliance, Splunk. “Companies now understand that hidden in the terabytes of user-generated machine data are abnormal patterns of activity that represent the presence of malware or the behavior of malicious insiders. The new Splunk App for Enterprise Security enables statistical analysis of HTTP traffic to help security professionals determine a baseline for what’s normal, quickly detect outliers and use those events as starting points for security analysis and investigation.”

Actually, the statistical analysis incorporated by Splunk seems interesting. It’s because we all have data pieces in one or other way, but what’s important is the way we analyze it and put into use. Basically, Statistical analysis expands the value of security data and helps gain actionable insights. Plus, the new dashboards in the Splunk App make this data more actionable.

What’s happening nowadays is attackers are harnessing employees into ‘data mules’ for advanced threat actors. While traditional security approaches help find known threats, Splunk’s statistical analysis helps segregate ordinary user activity from the anomalies that result from unknown threats and detect attack patterns.

What statistical analysis reveals?

• Command and control (CNC) instructions embedded in URLs by automating the process to watch for outliers in the data.
• Hosts communicating with new malicious websites by correlating domain registrations and proxy data to monitor this in real time and historically.
• Significant increases in unknown communications by enabling organizations to watch for spikes of unknown communications as an overall trend and by specific users.
• Unusual user agent strings in use by enabling enterprises to monitor and be alerted about user agent anomalies in real time.
• Abnormal amounts of source/destination traffic via statistical outliers that are visualized in a scatter plot and can be used to start an investigation.

If you have already purchased the Splunk App, you can download version 2.4 of the Splunk App for Enterprise Security on Splunkbase.