Amusingly named operational intelligence business Splunkhas announced it has acquired Caspida, a machine learning and behavioural analytics business. Under the terms of the agreement, Splunk has acquired all of the outstanding stock of Caspida for an aggregate purchase price of approximately $190 million, including approximately $127 million in cash and $63 million in restricted Splunk securities.
The combined business will create a solution to inform businesses of breach responses and breach detection and will help businesses prevent the sort of high-profile breaches created where compromised credentials have been used to gain entry.
Attacks with trusted access are often not detected by existing security approaches. Whether gaining access through compromised accounts/systems or leveraging existing privileges to conduct malicious activities, attackers often do not need to deploy additional malware. These activities are dynamic and attackers will find ways to evade traditional security technologies. Even if detected, security analysts must find supporting evidence, often using a kill chain methodology to identify the progression of activities from intrusion to lateral movement to exfiltration.
Key capabilities of the combination of the Splunk and Caspida solutions include the ability to:
Detect Advanced, Hidden and Insider Threats Out-of-the-Box Using Data Science
- Continuous threat and anomaly detection that applies multi-domain analysis using machine learning.
- Uncovers hidden breaches and new attacks out-of-the-box without extensive customization.
Improve Threat Detection with Targeted Incident Response
- Provides threat activities relative to the kill chain with supporting evidence to enable targeted remediation.
- Detects multi-domain (user, device and traffic applications) anomalies and streamlines threat review and incident resolution.
Dramatically Increase SOC Efficiency
- Scores and highlights the most important threats and anomalies to minimize alert fatigue.
- Detects and provides insights on threats and suspicious activities to complement and extend threat intelligence.
Muddu Sudhakar, founder and CEO of Caspida explained the technology behind their solution. “By analyzing machine data and using data science to detect meaningful anomalous behavior of users, devices and entities, Caspida has solved a problem that previously required significant manpower and expensive, do-it-yourself toolsets. We are very excited to join the Splunk family and deliver new detection capabilities to customers.”
Haiyan Song, Senior Vice President of Security Markets, Splunk acknowledges breaches are becoming more complex and severe with each passing day. “With Caspida, Splunk accelerates its focus on solving advanced threats - both external and from insiders - by shining a light on those who are wrongfully using valid credentials to freely and unpredictably exploit systems they have accessed. By addressing the entire lifecycle of known and unknown advanced threats, and by providing a platform to detect, respond to, and automate actions, Splunk has further reinforced its position as the security nerve centre.”