Splunk unveils Attack Analyzer to automate malware, phishing attack analysis

Cybersecurity vendor Splunk has announced the integration of Splunk Attack Analyzer with Splunk SOAR to deliver automatic analysis of malware and credential phishing attacks. Announced during the Splunk conf23 user conference in Las Vegas, Attack Analyzer helps security teams uncover complex attack techniques used to evade detection, according to the firm.

The vendor also unveiled a raft of new AI-powered security capabilities to help organizations automatically mine data, detect anomalies, and prioritize critical decisions, including generative AI app Splunk AI Assistant, which provides an interactive chat experience and helps users author Splunk Processing Language (SPL) using natural language.

Observability key to addressing security vulnerabilities

The inability to address incidents - whether a security threat or a customer-impacting disruption - hinders an organization's ability to remain competitive. According to a recent Enterprise Strategy Group (ESG) report, 55% of senior IT decision makers say observability enabled them to gain more insight into vulnerabilities, and 51% said the observability remediation capabilities enabled their security teams to act faster. By unifying security and observability processes and technologies, organizations can help ensure their digital systems remain resilient complexity and provide shared visibility across their tech stack to drive efficient incident response, Splunk said in a press release.

The integration of Splunk Attack Analyzer with Splunk SOAR enables security analysts to automate threat forensics that provide accurate, timely detections and reduce the time and resources spent on manual investigations, according to the firm.

Teams can submit threat samples to Splunk Attack Analyzer

Users can submit identified threat samples directly to Splunk Attack Analyzer or via API, enabling analysts to draw conclusions and act on the insights generated without wasting manual resources, Splunk wrote. The proprietary technology safely executes the threat providing analysts a comprehensive view showing the technical details of an attack, it added. Teams can also generate non-attributable environments within Splunk Attack Analyzer to access malicious content, URLs and files - without compromising the safety of the analyst or enterprise, Splunk said.

"As the digital landscape evolves, organizations really need a holistic approach to security and observability," said Jon Oltsik, distinguished analyst and fellow, ESG. "A comprehensive strategy can help security teams safeguard their valuable assets, detect and address potential threats proactively, ensure regulatory compliance, maintain operational continuity, and build trust among their stakeholders,"

Splunk's latest innovations can help, as they are designed to empower and speed up IT operations, security operations, and engineering teams' work and collaboration for detecting, investigating, and remediating security issues, Oltsik added.