Optimizing Costs and Eliminating Excessive Alerts by Combining Splunk and STEALTHbits
Introducing STEALTHbits: A Need to Focus on Data and Access
Here’s how STEALTHbits Technologies, a cybersecurity software company, looks at cybercrime: all cybercriminal activity has two elements in common:
- Malicious actors want to get their hands on data.
- In order to do so, they need access.
Let’s say one company was breached because it was a victim of a phishing attack, and another was a victim of a traditional network attack through a web application. There are providers who offer solutions that defend against phishing, and others that protect web apps, but what happens once a malicious actor who wants to access your data gets inside?
That’s where STEALTHbits comes in. The STEALTHbits methodology across all of its solutions focuses on the sensitive data itself and who has access to it; plus, how it’s provisioned and distributed. STEALTHbits gives you the ability to monitor who is changing permissions for accessing data, as well as interactions with it, ultimately making it possible to identify and protect your business against threats like ransomware.
”The mission of STEALTHbits is to address the two primary levers that every single cybercrime incident has in common, which come down to wanting to get to data and gaining access to it.”
-Gabriel Gumbs, VP of Product Strategy at STEALTHbits
How STEALTHbits and Splunk Work Together
STEALTHbits works with Splunk in two primary ways: first, data-level integration, in which STEALTHbits uses a mechanism for sending data to Splunk, which can receive it in multiple formats. Secondly, STEALTHbits has built several preconfigured dashboards so customers can surface meaningful insights from their data within Splunk and don’t have to create views and dashboards themselves, although users still have the ability to do so if they desire.
STEALTHbits also integrates with Splunk to allow security analysts to test their own hypotheses by using it as a threat hunting dashboard. Analysts can go hunting for threats by reviewing data and using a mechanism to ask questions about it to determine things like who has accessed particular data, when, what they’ve done with it, and where it lives within an environment.
Overall, the integration possibilities give users of Splunk an aggregated view of the sensitive data within their environment and what’s happening to it, including access, who’s doing what and where, and file activity. End users have the options to use a built-in analytics platform to further enhance and query the data, or use a Splunk-native programming language to build their own dashboards, views, and apps. Since most organizations are already using platforms like Splunk to analyze machine data, they can also correlate it with STEALTHbits data to reveal the answers to even more security questions. When analysts start triangulating that information, it becomes possible to hone in on different exposures, gaps, and threats in the environment.
By combining the power of Splunk and STEALTHbits, security teams can eliminate excessive noise and alerts. By feeding that information into Splunk, they can also reduce the amount of cost and effort.
Words of Wisdom from Gabriel Gumbs, VP of Product Strategy at STEALTHbits
“No matter how well-built, powerful, or useful an application is, it’s only as good as the information you feed it. That data you get is going to give you the level of visibility into the two primary levers bad actors will use to hurt your business,” Gumbs explained.
“Also, because security information is so rich and intelligent, at STEALTHbits, we’ve made a concerted effort to ensure that what our customers interact with is not a raw data feed, but meaningful ways to access information. We create solutions by talking to customers, so STEALTHbits capabilities represented within Splunk are based on what’s being asked for by security professionals like you,” he concluded.
Deploying STEALTHbits and Splunk with ASE
STEALTHbits Technologies and Splunk are both partners of August Schell, and we have a full team of engineers available to help you understand how both technologies working together can give you better visibility into your security posture by eliminating unnecessary access, enforcing security policy, and detecting advanced threats. Curious how STEALTHbits and Splunk can work for you? Reach out to an August Schell expert, or call us at (301)-838-9470.