Crest Data teamed with the customer to come up with a comprehensive solution, which is a Splunk App and Add-on that enables users to directly apply the threat intelligence to their Splunk logs. This solution offers a centralized overview dashboard to monitor the incidents and detect threat events in real time. Moreover, Crest Data provided the drilldown functionality that allows users to view historical samples in the customer’s threat repository and analyze potential threats in detail, which has improved the overall security posture of the system.

About the Customer

The customer provides a real-time network visibility platform required to manage performance, security, and availability at a global scale. Trusted by leaders in healthcare, telecommunications, and finance, their platform transforms the way the world’s most essential organizations plan and deliver digital services. They turn complex network data into the clarity needed to innovate with confidence.

Customer Challenge

The customer’s threat intelligence empowers organizations to leverage the deep insights of their threat data collection, but integrating this intelligence into existing workflows was a major challenge. The main problem was to identify how to utilize the customer’s threat intelligence repository, which has over a billion threat samples and thousands of indicators, along with an organization’s existing security logs in Splunk. Lacking an efficient integration, security teams had a hard time leveraging such a massive amount of data to identify and track possible threats in real-time, and, therefore, severely hampered their ability to gain holistic visibility into the security posture of their environment.

Customer Solution

Crest Data collaborated with the customer to develop a Splunk App and Add-on, enabling users to leverage the customer’s threat intelligence on Splunk data. This integration enables the users of Splunk to identify and assess possible vulnerabilities and threats to their systems by inspecting the incidents that exist in their Splunk logs.

The major aspects of the solution are:

• Overview Dashboard: The dashboard leverages information from the sources and provides the user with a broad perspective of the incidents that have taken place and the corresponding threat events that are recognized in Splunk.
• Drilldown Functionality: This functionality enables users to drill down to view the past sample threats that are available within the customer’s threat intelligence repository so that they can perform a comprehensive analysis of the possible threat events.

Outcomes 

Efficiently introducing threat intelligence into the Splunk environment ensured various important advantages to security operations:

• Real-Time Threat Detection: By combining the customer’s threat intelligence central repository – comprising more than a billion threat samples – with already available security logs, the customer is now able to detect and identify possible threats in real-time.
• Proactive Vulnerability Analysis: The solution enables users to analyze and identify possible vulnerabilities to their systems through direct correlation of threat intelligence to incidents identified in Splunk logs.
• Unified Monitoring: The centralized dashboard provides a holistic view of incidents and associated threat events, and gives security teams an overview of the current security situation in the environment.
• Improved Investigative Capabilities: The drilldown feature enables analysts to view past samples of the threats available in the customer’s threat intelligence central repository. They can perform a deep analysis of potential threat events in order to better understand and mitigate risks.
• Scalable Intelligence Usage: The project was able to successfully tackle the problem of scaling to use enormous amounts of data – billions of samples and thousands of indicators – to provide actionable security insights at scale.

About Crest Data

Crest Data is a data and AI-driven technology solutions provider for enterprises and technology innovators across cybersecurity, cloud security, and observability domains, helping them to move faster and more securely. As an expert in enterprise security offerings, Crest Data focuses on maximizing visibility, accelerating response times, and securing critical infrastructure across multi-cloud and hybrid environments.