In the Analyze and Investigate workflow stage, you'll use Splunk User Behavior Analytics, Splunk Enterprise Security or Splunk Intelligence Management to reduce your mean-time-to-respond (MTTR). In order for security teams to analyze and investigate cyber attacks effectively, advanced tools like these Splunk products use the latest technologies to help investigate incidents. This is because cyber attackers are becoming smarter and launching attacks that can completely bypass substandard security protocols.
If you're a user of Splunk Cloud Platform or Splunk Enterprise, this content can still help you understand the strategies you should use to augment your analysis and investigation techniques. You can find use cases which apply to all Splunk products in the Lantern Security Use Case Library.
Explore analysis and investigation focal areas and find your use cases
Explore the content in the following focal areas to find use cases you should apply.
- Behavior analysis and machine learning
- Tools that analyze behavior on the network and use machine learning to find anomalies in behavior can notify of potential threats in near real-time.
- Ensure that your organization follows applicable laws, general mandates, and industry-specific regulation that governs how it conducts business.
- Protect your customers' personal and financial information from cyber fraud, one of the most common and threatening forms of fraud that takes place internationally.
- Incident collaboration
- Build a high-performing SOC team by encouraging active and passive collaboration behaviors, helping them innovate faster and quickly recover from incidents.
- Threat hunting
- Search for malicious activity within your organization’s IT infrastructure, provide insights for further investigation and build a feedback loop to improve existing controls.
- Threat intelligence
- Make quick, data-driven, real-time security decisions and take preemptive action before an attack actually crosses the threshold of your organization.