Splunk Continues To Expand Its Adaptive Response Initiative To Detect, Battle CyberThreats Faster

As cyber threats become more sophisticated, headline-grabbing security point solutions just can’t handle the speed and complexity of diagnosing and fighting off the attacks.  In response, Splunk continues to recruit vendor partners and domain experts to its Adaptive Response Initiative. IDN looks at the latest additions.

Tags: analytics, cyber, endpoint security, hacks, identity, incident response, policy management, security, SOC, Splunk, threat intelligence,

Splunk Adaptive Responsive

As cyber threats become more sophisticated, headline-grabbing hacks such as ransomware and Internet of Things (IoT) attacks are getting tougher to combat using only point security solutions. 


The problem: No matter how good these best-of-breed solutions are, they are not designed to work together – leaving gaps in the IT’s ability to detect and fight off security threats.  


To respond to this growing complexity of cyberthreats, Splunk continues to add members and expand the reach of its Adaptive Response Initiative (ARI), a partner program to consolidate threat response across domains and security products. 


Splunk’s initiative provides a “framework for adaptive security architectures” that will consolidate threat response across vendors, according to Haiyan Song, Splunk’s senior vice president of security markets. 


Song explained the need for ARI’s multi-vendor, multi-domain approach to cybersecurity.


Today’s security architectures often involve many layers of tools and products from different vendors. Even the best point security solution is often unable to communicate with other solutions to deliver a consolidated end-to-end picture of threats, he noted. This creates a gap, and this gap makes it difficult for security teams to detect and respond in a timely manner, Song said.  


“Splunk is addressing these gaps by extending its adaptive response framework to Splunk Enterprise Security, adding a common interface for automating retrieval, sharing, and response in multi-vendor environments,” Song added.


The goal: To help SOCs (Security Operations Centers) and IT create and deliver a consolidated threat response across all domains and products, as well as bring more automation to responses, he said.  


ARI is also looking to improve strong bi-directional capabilities to boost real-time visibility.  The initiative welcomed five new security partners with expertise in security policy management, incident response and endpoint security capabilities. New members are: AlgoSec, Demisto, RedSeal, Resolve Systems and Symantec (Advanced Threat Protection)


[These firms join existing Adaptive Response Initiative members Acalvio, Anomali, Blue Coat, Carbon Black, Cisco, CrowdStrike, CyberArk, DomainTools, ForeScout, Fortinet, Okta, OpenDNS, Palo Alto Networks, Phantom, Proofpoint, Qualys, Recorded Future, Tanium, ThreatConnect and Ziften.]


Technologically, ARI’s membership represents some 20 different security domains, including next-generation firewall (NGFW), endpoint security, threat intelligence, identity management, incident response and more.


“Security is a team sport,” Song said. “It is more important than ever for industry-leading technologies in our Adaptive Response Initiative to work together and help organizations detect and defend themselves from growing cyber threats. [This is because] digital transformation is forcing organizations to strengthen their security posture through security analytics.”


Monzy Merza, head of security research at Splunk, reviewed recent security trends in a recent blog post:

Years ago, when Splunk first introduced the [analytics-driven security] concept to the marketplace, we were living in a world where security practitioners were still focusing on prevention, rather than detection. Since then, advanced cyber adversaries have forced security analysts to change the way they think about posture.

Security analysts no longer buy into the idea that there is a silver bullet for security, and vendors acknowledge that security is a team sport. With this shift in mindset comes a change in strategy, where end-to-end context and cross-vendor analytics are emphasized to better detect and respond to threats in real time. Detection is now king.

ARI participants are collaborating to address the challenge of detection and resolution of cyberthreats by:

  • Enabling a multi-vendor adaptive security architecture
  • Extracting new insights from existing security architectures
  • Improving investigations with more context from key security and IT domains


To achieve this, ARI works with Splunk Enterprise Security, which sports a common framework to interact with data and invoke actions useful in detecting and fighting off cyberattacks. Splunk’s ‘Adaptive Response Framework’ enables security teams to be more responsive with the ability to apply changes to their environment.


Splunk Enterprise Security can also automate threat responses, enabling a company’s security infrastructure to adapt to the attacker using a range of actions appropriate to each domain, Song added.


“Customers and partners can leverage Splunk’s Adaptive Response framework to gain insights into all relevant data, helping security analysts discover new ways to gain end-to-end context and improve security posture,” he said.


Song shared an example of how Splunk’s approach allows point solutions to offer value adding up more than the sum of their parts, ForeScout, a Splunk partner (and ARI member) provides customers visibility and control of devices connecting to its network so they can detect threats and execute a response faster.


"Leveraging the ForeScout Extended Module for Splunk via Adaptive Response, we can increase our holistic data defense and security to minimize the impact of malware and data breaches,” said Clayton Colwell, associate security engineer, Brown-Forman Corp., a joint Splunk/ForeScout customer in a statement,  “With these bi-directional communications, we anticipate even higher real-time visibility. This will enable us to minimize the time and resources needed to respond to emerging threats.”


While thousands of customers use Splunk to analyze, assess and respond to threats, “we cannot fight them alone,” Song continued. 


Readers can learn more about the Adaptive Response Initiative here.