Splunk has announced the release of Enterprise Security 8.0 for cloud customers initially. Whilst it is anticipated on-premise customers will receive the update, the release date has not yet been released.
What is new in Splunk Enterprise Security 8.0
The latest release has been described as the most advanced yet. SOC analysts are in for a treat with new and improved functionality as well as long-awaited improvements.
1. Unified Work Surface
SOC analysts have often had to jump between screens to investigate an incident. They might have a playbook on a confluence/wiki page, incident review/response on another and so forth.
The latest release now sees Mission Control integrated into the platform. What this means is a SOC analyst can now detect, review the associated playbook and if Splunk SOAR is installed, run specific playbooks right from Mission Control.
This means SOC analysts now effectively have a single pane of glass to work with. This will help reduce screen fatigue and miss important alerts.
2. Finding Groups
Finding Groups is a new addition from Splunk which they say Enterprise Security can now automatically aggregate findings based on predetermined rules against common security grouping techniques and calculations.
What this will mean for a SOC analyst is an enhanced experience, more than what RBA has been shown. Splunk goes on further to say, with Finding Groups in play, Splunk SOAR can have playbooks automatically run based on rules from detection’s.
This new addition is going to greatly increase the efficiency of SOCs and allow for more detailed threat hunting.
3. Enhanced Risk Based Alerting (RBA)
Splunk advise RBA is going to become a lot easier to implement with updated content which can be found in Enterprise Security Content Updates (ESCU).
4. Simplified Terminology
With the new update comes simplified terminology. The reason behind this according to Splunk is to align with the Open Cybersecurity Schema Framework (OCSF).
This will start to get consistent language and terminology among SOC analysts and allows for greater understanding if incident detection’s and Post Incident Reviews (PIRs) are shared with other agencies or organisations.
Find out more
The latest upgrade of Enterprise Security, is a game changer.
To find out more, click on this link to go to the office Splunk’s press release: Read More.
