Amazon CTO, Werner Vogel said “protecting your customers’ data should be priority number 1.” last month at AWS Summit. The best part of that statement was that he wasn't just talking to a crowd of security engineers and red teamers. Everyone in IT has a shared responsibility to the privacy and careful management of their customers’ data, which means everyone in IT has a shared responsibility in security.
But with the way development has been moving towards agile and CI/CD deployments, how does an entire organization keep up with that pace while also managing security? The average sec ops person can see up to 200k alerts per day. I get stressed out when I have unread emails. Imagine having 200k unread emails with serious security issues hidden away. No surprise here, in Cisco’s Annual Cyber Security Report: they found that “Security teams can only investigate 56 percent of the security threats they receive daily – leaving 44 percent of alerts, or nearly half, unexplored.” So how do you know which alerts to prioritize, how do you escalate the issues? And who’s responsible for remediating? As data becomes more available, how are we helping each other sift through noise to find the real information that needs to be acted on?
Applications in production are the most common attack entry point which makes the visibility of new threats and the ability to block those attacks in progress critical. The team at tCell believes in arming security and DevOps teams with prioritized security data in a frictionless environment. That’s why we’ve joined the Splunk Adaptive Response initiative - to provide simple application layer attack visibility and blocking from within the Splunk ES product.
Splunk Adaptive Response and tCell
The Adaptive Response Initiative is a framework that optimizes threat detection and remediation using workflow-based context. The tCell cloud platform analyzes security data obtained by deep app inspection to identify bad actors, and protect apps from a wide array of attacks. With the tCell integration, Splunk users can now leverage that data to defend other parts of their infrastructure against those same bad actors, or protect threatened accounts automatically. In addition, Splunk users can obtain raw data feeds from tCell for unique application telemetry that can be aggregated with other data sets for more advanced analytics and response. Finally, as bad actors are detected within Splunk from other systems, via Adaptive Response, attacks can be thwarted by using tCell’s defense mechanisms, initiated automatically from Splunk. With application layer visibility and ability to block attacks and breaches, the Splunk ecosystem now has valuable app-level data insight and control for rapid, and flexible countermeasures.
With tCell and Splunk you can:
- Detect and block bad actors from applications and APIs using data correlated from web servers, application servers, client-side browsers, and intel sourced from Splunk.
- Promote prioritized application security data across the enterprise faster with ready-to-execute information for operations and developers.
- Reduce the number of dashboards by using actions via Splunk.
- Keep development agile with security that fits naturally into the CI/CD pipeline and DevSecOps programs.
We look forward to hearing from you about of these capabilities in Splunk. So download the app here and tell us what you think!