Digital Guardian Releases Digital Guardian App for Splunk
June 2015 by Marc Jacob
Digital Guardian has released the Digital Guardian App for Splunk. The Digital Guardian App for Splunk harnesses the power of Splunk® Enterprise’s big data analytics capabilities to more rapidly detect and respond to insider attacks and advanced threats targeting sensitive data.
Digital Guardian solutions provide granular security event data on endpoints and servers (Windows, Mac OS X and Linux) for user behaviour and process activity, including information describing which users and processes are accessing and attempting to exfiltrate sensitive data, a key indicator of malicious activity.
Digital Guardian has also developed a Splunk Add-on to natively collect and export the full richness of Digital Guardian data into the Splunk App for Enterprise Security. This add-on is specific to Digital Guardian solutions, with dashboards on Data Classification, Data Egress, Advanced Threat Detection, Alerts, Events, Process Activity, and Operations.
With Splunk Enterprise, organisations can collect their data, enrich it and perform real-time analytics, so users can obtain full visibility across all departments and benefit from high-fidelity alerts. Splunk solutions can correlate Indicators of Compromise (IOCs) detected on the network and enable joint customers with Digital Guardian endpoint events to filter out false positives, immediately understand which endpoints have been infected by threats, and prioritise which alerts need immediate attention. Armed with this visibility, users can deploy Digital Guardian’s real-time endpoint mitigation rules to block threats and quarantine systems before malicious code can propagate and sensitive data can be exfiltrated. The Splunk platform now gives Digital Guardian the ability to improve incident response and mitigation times for customers.
Download the Digital Guardian App for Splunk and Technology Add-on (TA) for Digital Guardian in Splunkbase, the Splunk app store.