App Combines FireEye Technology and Intelligence with Splunk Big-Data Security Analytics
Sep 25, 2014 – FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced the new FireEye App for Splunk® Enterprise. The FireEye App for Splunk Enterprise leverages Splunk’s unique big data capabilities to more rapidly detect advanced threats targeted against organizations of all sizes.
Drawing on data from the FireEye Threat Prevention Platform – Network, Email, Content, and Endpoint Security, as well as FireEye Forensic Analysis – the FireEye App for Splunk Enterprise allows organizations to visualize internal and external threats and unearth threat patterns in FireEye data by leveraging Splunk Enterprise’s ability to correlate multiple data sources from across their IT infrastructure.
“As the threat landscape becomes even more layered and complex, FireEye and Splunk are expanding our relationship and accelerating collaboration around advanced threat protection,” said Steve Pataky, vice president of global channels & strategic alliances, FireEye. “Together, FireEye and Splunk give organizations the expertise and intelligence to make organizations more resilient to modern attacks.”
“Analyzing machine data from across an entire organization and utilizing advanced threat intelligence is key to strong security,” said Colin Savage, vice president of business development, Splunk. “The alliance between Splunk and FireEye helps our joint customers better identify malicious activities, potentially reducing the impact of breaches from months to minutes.”
“As threat groups get more sophisticated we recognize the need to provide visibility across our IT and security systems so we have a complete picture of a potential attack,” said Sheryl Hanchar, senior manager cyber network defense and incident response, Broadcom. “The combination of Splunk and FireEye provides our incident responders with the capability to rapidly analyze incident data, correlate the indicators to identify affected systems, and respond in near-to-real-time.”
The FireEye App for Splunk Enterprise is designed to help secure enterprises with the following features:
- Holistic view on the security posture. Combine, integrate and correlate FireEye data with all other data, including FireEye meta-data, malware events, and data on known and new threats. Data in Splunk Enterprise includes machine data from IT and business systems distributed across the enterprise.
- Shorten Incident Detection and Reporting. Respond to incidents faster and streamline reporting by aggregating FireEye original data and long-time horizon events.
- Unified, Interactive User Experience. Visualize and analyze data across multiple FireEye platforms through a single Splunk interface with extensive search capabilities, risk prioritization, and threat trends to shorten security response times and streamline reporting needs.
- Determine Malware Impact in the Organization. The FireEye App for Splunk Enterprise provides insight into raw data about malware, allowing customers to drill down into patterns, alerts and data across the enterprise and show the impact of malware events on the rest of the organization.