RANK Software became a member of Splunk’s Technology Alliance Partner (TAP) Program last week and we are excited about what this means for Splunk customers.
Our VASA (Virtual Assistant to Security Analysts) platform is designed with three key attributes in mind. The platform was designed to support real time analytics, maintain data fidelity, and provide context. We think these attributes work well in a Splunk environment and provide Splunk customers with additional valuable threat hunting capabilities. A few use cases that stand out for me:
1. Real Time Analytics
Splunk customers can augment their historical log analysis with real-time analytics of network data and other log sources via VASA. VASA can identify artifacts associated with this real time analysis and update Splunk for further analysis or correlation across all Splunk data sources.
Splunk customers can also benefit from real time data enrichment at the time of ingestion. Examples of VASA Enrichment capability include threat intelligence feeds, GeoIP, malware IOCs, and Internal context. Coupled with VASA’s ability to extract Layer 7 protocol meta data (HTTP, DNS, SMB), this provides valuable context to help the analyst query the platform. VASA’s real time query engine can also easily query attributes stored directly in Splunk.
2. Data Sources:
VASA provides other valuable capability to Splunk customers by ingesting DNS or real time network data. This ability to ingest real time network traffic is valuable to Splunk customers by giving them a cost-effective method to gain visibility to all network events. Having broader visibility to events allows customers to more quickly identify, investigate and resolve potential threats. And VASA’s architecture also has the ability to take advantage of data already stored in Splunk without duplication.
3. Visualization Layer
Splunk customers can also take advantage of a rich visualization layer that helps analysts to quickly determine whether an alert is truly malicious. The VASA visualization layer includes a Network Graph, a Summary View, and a Timeline View and helps provide visual context to the analyst. Once the alert is identified as malicious, VASA integrates easily with Splunk customers’ Phantom or other SOAR platforms for remediation and automation.
For more information on VASA platform, check out this video demonstration: https://www.ranksoftwareinc.com/VASA or contact us on our website and we would be pleased to arrange a web demonstration for you.
We are delighted to be working with Splunk and look forward to supporting our mutual customers in their Threat Hunting efforts!Rick Costanzo is CEO of RANK Software, an AI security platform provider.