The maxim in the security world that “one cannot protect what one cannot see” also applies to some of the tools that actually provide visual access.

How much can administrators in a security operations center really see or understand what is happening when they are staring at multiple consoles for hours at a time?

“When I’m talking to customers, their frontline security operations teams often have 30 different consoles open on their monitor,” said Jane Wong (pictured), vice president of security products at Splunk Inc. “It takes time and makes it harder to detect and respond to threats quickly. The fundamental challenge is that many security products are not built to integrate seamlessly with one another.”

Wong spoke with Dave Vellante, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the Splunk .conf21 Virtual event. They discussed a suite of new tools from Splunk to enable a more accurate and rapid response to security incidents. (* Disclosure below.)

Enhancements for alerts and automation

The lack of seamless integration among security products is a challenge that Splunk has sought to address in a set of recent announcements, focusing on visibility for detection and response.

The latest enhancements to Splunk Security Cloud and Splunk’s Security Automation and Response tool, known as SOAR, are designed to improve end-to-end visibility by focusing on key alerts and threat prioritization. This includes a feature called Risk-Based Alerting to improve efficiency in the security operations center or SOC.

“Risk-Based Alerting pulls together what may have been single atomic alerts that can often be overwhelming to our SOC,” Wong explained. “It brings those together into one, overarching alert that helps you see the whole pattern of an attack. One customer told us they reduced the time it took for them to do an investigation from eight hours down to 10 minutes.”

When a fast-breaking attack begins to move through a network, security analysts must be able to respond quickly. To address this need, Splunk SOAR has launched an updated tool to eliminate some manual tasks and scale an automated response.

“We have a new visual playbook editor for our security orchestration and response tool,” Wong said. “It is in the cloud but also available on-prem. The new visual playbook editor reduces the need for custom code and makes playbooks more modular so they can help anyone in the security operations team respond to threats quickly.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of during the Splunk .conf21 Virtual event. (* Disclosure: TheCUBE is a paid media partner for Splunk’s .conf21 Virtual conference. Neither Splunk Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: Jane Wong