Getty Images
Amid a rash of high-profile cybersecurity breaches, vendors such as Splunk are racing to polish their security orchestration tools for a growing audience.
This week, Splunk’s cloud-based security orchestration and response (SOAR) tool broadened its low-code IT automation features in a move meant to increase the product’s appeal in a crowded and cutthroat IT security market. The new Splunk SOAR App Editor offers a centralized low-code UI where users can create and edit apps that orchestrate integrations with third-party tools. Previously, such custom apps could be created only by engineers deeply familiar with the Python programming language and cloud-native infrastructure tech.
“The low-code/no-code approach is fundamental,” said Christopher Kissel, an analyst at IDC. “Trying to do SOAR and then having to go get a Python expert doesn’t make any sense. You have to be able to drag and drop or have prompts for different filters and fields.”
Low-code and no-code interfaces are especially relevant as companies migrate to cloud and increasingly rely on remote work as a result of the COVID-19 pandemic while contending with increased security threats, Kissel added.
“Last year when people immediately had to establish working groups to get to VPNs and certain applications, and you couldn’t do it through a monolithic Security Operations Center, it was an important use case for SOAR,” he said. “Low-code and no-code [interfaces] give that speed and agility.”
For one major Splunk SOAR customer, that speed and agility were put to use by a DevOps team for both security and non-security tasks alike.
Aerospace company Lockheed Martin Corp., based in Bethesda, Md., previously used a set of homegrown scripts coded in Python to link Splunk SOAR, ServiceNow IT service desk and Ansible IT automation software via AWS Lambda functions to automatically update infrastructure in response to Splunk monitoring alerts. It also used the integrations to automatically address endpoint issues such as failed Windows drivers on employee workstations via a digital experience management utility called Tachyon.
“There was nothing wrong with it, except [it took] 448 lines of code,” said William Swofford, cybersecurity systems engineer at Lockheed Martin, in a Splunk .conf presentation this week. “We had to be static for that use and that use only — to reuse that code would have been a little difficult. We could have done it, but we would’ve had to do a lot of work to do so.”
With the new low-code Splunk SOAR App Editor, however, Lockheed engineers were able to re-create those integrations using a drag-and-drop interface without writing any code, which provides a path for the average technical person at the company to develop sophisticated IT automation workflows, according to Swofford’s co-presenter, David Walker, chief architect at Lockheed.
Moreover, other teams will more easily be able to reuse those custom apps for their own purposes, according to Walker.
“Sharing of code, visual code, being able to reuse [things] quickly — that was key,” he said. “Why re-code when we can reuse?”
Splunk SOAR App Editor was among several updates to Splunk’s security products this week. Others included the first integration between Splunk Enterprise Security (SES) information and event management (SIEM) tool and IP it acquired with threat intelligence vendor TruSTAR in May. TruSTAR will send insights and alerts into the SES UI with this week’s release.
TruSTAR adds security analytics and automated anomaly detection that will enable Splunk’s SIEM to better scrutinize individual user behavior for suspicious activity, according to IDC’s Kissel.
“It’s not integrated on their backplane for SES right now, but that’s supposed to be in the next edition,” Kissel said. “It normalizes and synthesizes information from threat intelligence feeds, transforms it and throws it back over to the SIEM.”
TruSTAR IP will help keep SES competitive against emerging extended detection and response (XDR) products from vendors such as Elastic Inc. and Uptycs. Experts still debate how SOAR, SIEM and XDR product competition will shake out, but regardless of what technical category they fall into, security automation vendors face pressure to expand endpoint and user behavior monitoring features, Kissel said.
“We’re still trying to define XDR — it’s sort of tricky,” he said. “But if you’re thinking about … detection and response, refined alerts that cut down on false positives and get to a closer indicator of compromise, Splunk is pulling that together through TruSTAR and [other acquisitions].”
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.
Programmers, looking to implement — or improve — your team’s TDD practices? Review the fundamentals and examples below to …
Test report writers, here we will overview how to write your summary, what details to include in it, how to keep your audience in…
In his new book, a senior software engineer shares his in-depth hands-on knowledge to both prep readers for cert exams and guide …
Choosing between functional programming vs. object-oriented programming isn’t easy, but there are plenty of key factors that may …
There are many variations to the role of the software architect in today’s IT teams, and a lingering debate is over whether they …
Despite the benefits, microservices will introduce profound security issues. We review the biggest microservices security …
AWS Graviton2 processors power a range of EC2 instance types. To select the right one, consider an application’s specific compute…
Everything a business runs in the cloud costs money, and AWS S3 storage is no exception. Smart AWS users understand how to adjust…
Google Distributed Cloud Edge, available in preview, takes the company’s cloud computing infrastructure to the private data …
Think you’re ready for the AWS Certified Solutions Architect certification exam? Test your knowledge with these 12 questions, and…
Amazon said its van monitoring system is designed solely for driver safety. But many industry experts have concerns regarding the…
Amazon would like to strengthen its global footprint, but the e-commerce giant faces roadblocks and challenges today that did not…
The new Java 17 release contains plenty of new features that will intrigue developers. Here are five features that should push …
Are you a developer who’s new to Java? Here are three ways to write a Hello World program in Java on Eclipse and get started with…
Here’s why Java is still the most popular programming language for everything from mobile development to enterprise and …
IBM’s third-quarter earnings report was a mixed bag, with overall cloud revenues continuing to rise, and server hardware showing …
Improve latency across your data center’s infrastructure by exploring its causes, a handful of best practices and tools you can …
Container sprawl and container repositories can introduce new vulnerabilities to a data center. Here’s what organizations should …
This year’s VMworld conference ran virtually from Oct. 5 through Oct. 7. Read the latest news and announcements about and from …
With Tanzu integration and vSphere VM Service lets developers and admins spin up VMs and guest OSes as desired-state images in …
With updates to Project Monterey, VMware customers can now use DPUs for networking, security and bare-metal deployments from the …
All Rights Reserved, Copyright 2016 – 2021, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source

Leave a Reply