Case Study: Adaptive Response Implementation for Splunk Enterprise Security

Adaptive Response Implementation for Splunk Enterprise Security

Crest worked with one of the security start-ups who are the leading provider of NAC (Network Access Control) solutions. Their product provides physical and/or virtual security solution that can identify the network devices such as notebooks, smartphones, tablets and all possible Internet of Things (IoT) devices when they join the network.

Crest provided a comprehensive solution which uses the power of Splunk Enterprise Security and Adaptive Response along with their product capabilities to enable their customers monitor real time NAC-related events, identify threats, and remediate by taking corrective action on the endpoints.

Following examples highlight few threats which could occur in customer deployment are handled by this solution:

  • When number of authentication failures exceed the threshold pre-set by SOC admin, user can choose to take the action of notifying the administrator via email
  • When Malware is detected in the event, user can take the action of notifying the administrator via email
  • When Virus is detected in the event, user can take the action of notifying the administrator via email
  • When a bad DNS request comes in the event from a particular host, user can take the action of blocking the outgoing traffic from that host.
Technologies:
Programming Language: Python
GUI Framework: Javascript
Framework: Splunk

First Name*

Last Name*

Work Email*

Contact Number