Information Security, Web Application Security

Signal Sciences Joins Splunk Adaptive Response Initiative

Andrea Swaney

Andrea Swaney is the Director of Strategic Partnerships. She has spent the last 10 years with security startups in leadership roles including Sales, Business Development and Alliances. When not working to secure the web, Andrea is likely to be found reading about or drinking wine, or on a vineyard somewhere in California or France.

From alerts to actions: Signal Sciences Joins Splunk Adaptive Response Initiative to bring powerful AppSec controls to your SOC

samuel-zeller-77098 (1).jpg

Security teams in every organization face a constant deluge of daily alerts. An information security executive at Bell Canada at this year’s ICRMC (International Cyber Risk Management Conference) said his organization sees 15K per second. With the ratio of security professionals to operations and developer ratios around 1:10:100 respectively, how do you keep up with that? What do you prioritize? What team is responsible for escalation in each case (I envision a flow chart from hell)? Efforts are ad-hoc and manual at best, resulting in increased time to discovery and response rates that make security professionals wonder how we’re moving the needle.

Detecting Account Takeovers and Defending Your Users  Organizations are under attack, but today’s attacks aren’t focused on  attacking just servers - today’s attacks focus on attacking your users. Account  takeovers are on the rise, putting critical company data at risk. Free ReportThe application layer has never been more critical. Business is driving ahead with agile and CI/CD resulting in less time for security reviews and more potential vulnerabilities in production webapps. There’s a lot of great products coming to market in the security automation & orchestration space, but there’s not a lot of application layer data and visibility. Everything seems to focus on infrastructure, since that’s all there was to worry about in the pre-cloud days. Signal Sciences feels strongly about getting AppSec data out of the security silo and into the hands of Ops and Dev teams, so we teamed up with Splunk, a leader in the security incident and event management space, to provide simple actions that enable teams to take action quickly, right from within the Splunk ES product via its Adaptive Response Initiative.

splunk-signal-sciences.png


Splunk launched the Adaptive Response Initiative to build a framework to speed up detection and remediation times across vendor solutions in the enterprise. Splunk's Adaptive Response action allows you to send an action to Signal Sciences to blacklist an IP based on correlation search or manual search events. If you’re already getting logs indexed in Splunk, you can use their powerful search and correlation functions to identify other misuse and abuse events in your application. Maybe you get some great threat intel feeds and want to use Signal Sciences to enforce actions. Signal Sciences provides an audit log so you can trace who invoked a blacklist decision and why. We started with a blacklist event, but it’s very easy to extend capability to also whitelist IPs, paths, or parameters from network traffic logs fed into Splunk.

 


With Signal Sciences and Splunk you can:


  • Find and stop bad actors faster by correlating attacks and anomalies with webserver and APM logs in real-time against your webapps, APIs and microservices

  • Propagate application security information at scale across the enterprise with greater speed and visibility

  • Scale security responsibility and control by allowing actions to be made from within Splunk

We look forward to hearing from our customers other extensions of these capabilities in Splunk. So download the app here and tell us what you think!

The DevOps Roadmap for Security  This Signal Sciences report provides a playbook to help bridge the gap between  DevOps and Security tribes in your organization. Free eBook  <https://info.signalsciences.com/book/>