Splunk Inc. announced integrations with the newly launched Amazon Web Services (AWS) Security Hub.
AWS Security Hub provides a comprehensive view to manage security
alerts and automate compliance checks for AWS customers. Splunk
Enterprise and Splunk Phantom integrations with the AWS Security Hub are
designed to help customers further accelerate detection, investigation
and response to potential threats within their AWS security environment.
"As
organizations continue to migrate to the cloud, data is dispersed
across various teams that need to ensure that they are monitoring and
analyzing it in order to detect potential threats and respond to them
quickly," said Haiyan Song, senior vice president and general manager of
security markets, Splunk. "Splunk's support for AWS Security Hub allows
our customers to take an analytics-driven approach to security, and to
scale their security operations through automation and orchestration
capabilities."
Splunk
can also leverage Amazon CloudWatch Events to provide customers with
data directly from AWS Security Hub. From there, Splunk can monitor and
identify potential threats across AWS Security products like Amazon
GuardDuty, Amazon Inspector, and Amazon Macie directly in the Splunk
platform. Additionally, the Splunk integration enables serverless
automation to gather findings from AWS Security Hub sending them to a
HTTP Event Collector in the Splunk platform. With the Splunk Phantom App
for AWS Security Hub, findings can be sent to Phantom for automated
context enrichment with additional threat intelligence information or to
perform automated response actions. By adding broader context to
findings, security teams can make well-informed decisions and take
action quickly.
"Today's
security teams are not only tasked with preventing security breaches
and responding to potential threats, but they also need to be aware of
the latest rules and regulations that allow their organizations to
operate effectively and be in compliance," said Dan Plastina, Vice
President, Security and Services, Amazon Web Services, Inc. "We are
working with Splunk to allow our customers to continue AWS Security Hub
investigations in the Splunk platform and to initiate their Splunk
Phantom automation playbooks."
Splunk Phantom Amazon Machine Image (AMI) Now Available on AWS Marketplace
To
further expand the Splunk security solutions available for AWS
customers, a Splunk Phantom AMI is now available on AWS Marketplace.
Splunk Phantom makes it simple and straightforward to automate,
orchestrate and respond to threats within AWS environments. AWS
customers can launch the Splunk Phantom AMI on the AWS Marketplace.