QOMPLX today unveiled a new add-on that provides a seamless integration between its Q:CYBER threat detection technology and the Splunk Enterprise and Splunk Cloud platforms.
The add-on, which is available immediately from Splunk's Splunkbase app store, allows customers to view alerts from Q:CYBER from within their existing interfaces. This tight integration between Q:CYBER and Splunk helps security operations centers (SOCs) rapidly detect and respond to a range of attacks on critical control infrastructure, including Active Directory.
Q:CYBER is the only solution that deterministically detects Active Directory Kerberos ticket forgeries, such as Golden Ticket, Silver Ticket, DCShadow and DCSync attacks.
In recent years, nation-state hackers and cyber criminal groups have leveraged tools like Mimikatz to streamline the theft of Active Directory credentials and other types of attacks on Active Directory environments. That has allowed adversaries to move within compromised IT environments to steal data and spread ransomware. Incidents such as the attack on Marriott’s Starwood subsidiary and the U.S. Office of Personnel Management show that attackers who are able to compromise Active Directory domain controllers can parlay that into nearly unfettered access to IT assets and data while lurking unseen on corporate networks for weeks, months, or years.
That is why attacks on Active Directory and its underlying Kerberos authentication protocol are at the top of the list of concerns for CISOs in 2020.
Real-Time Detection of Attacks on Active Directory
Today, mission-focused CISOs are prioritizing projects that detect attacks on their critical control infrastructure and that help to make it more resilient. QOMPLX Q:CYBER is the only solution on the market that detects Active Directory Kerberos ticket forgeries, such as Golden Ticket, Silver Ticket, DCShadow and DCSync attacks, deterministically. Q:CYBER spots these attacks in near real-time and without false positives, giving SOCs an early jump on attackers.
Seamless Integration with Splunk® Enterprise and Splunk Cloud™
The Q:CYBER add-on for Splunk® Enterprise and Splunk Cloud™ augments existing data feeds with Q:CYBER alerts. SOC analysts working within Splunk can correlate events by using Q:CYBER detections, without needing to pivot between applications.
The Q:CYBER add-on provides Splunk-based SOCs with:
- Timely alerts - Q:CYBER’s streaming analytics alert customers about suspicious and malicious Active Directory behavior faster than competing solutions. That narrows attackers’ window of compromise from days or weeks to just minutes, limiting dwell time.
- Faster time to value - Q:CYBER detection begins immediately after the agent is installed. There’s no “training” needed. That means rapid “time to value” for Q:CYBER and Splunk Enterprise and Splunk Cloud customers.
- More signal, less noise - Q:CYBER’s add-on for Splunk Enterprise and Splunk Cloud enriches existing triggers and detection rules. Q:CYBER provides more context, increasing the “signal” and decreasing the “noise” around Active Directory activity and attacks.
Learn More about the Add-On
The Q:CYBER Add-On for Splunk Enterprise and Splunk Cloud is available immediately. Click here to download more information on the add-on, or contact QOMPLX today to get your questions answered.
Download the Q:CYBER Add-On
Or if you are interested in obtaining QOMPLX’s Q:CYBER Add-On for Splunk Enterprise and Splunk Cloud, go ahead and download it from the Splunkbase app store.
At QOMPLX, we are experts in building high-speed, highly scaled event processing solutions. Our technology integrates all of your critical data sources to allow you to make better, more data-driven decisions. QOMPLX’s advanced algorithms, simulations, and machine learning tools help the world’s most demanding firms solve the toughest challenges in cyber security, insurance underwriting and finance. Find out what QOMPLX can do for you at qomplx.com.
About Splunk, Inc.
Splunk Inc. (NASDAQ: SPLK) is the world’s first Data-to-Everything Platform. Organizations no longer need to worry about where their data is coming from, and they are free to focus on the business outcomes that data can deliver. Innovators in IT, Security, IoT and business operations can now get a complete view of their business in real time, turn data into business outcomes, and embrace technologies that prepare them for a data-driven future.