Adaptive Response Implementation for Splunk Enterprise Security
Crest worked with one of the security start-ups who are the leading provider of NAC (Network Access Control) solutions. Their product provides physical and/or virtual security solution that can identify the network devices such as notebooks, smartphones, tablets and all possible Internet of Things (IoT) devices when they join the network.
Crest provided a comprehensive solution which uses the power of Splunk Enterprise Security and Adaptive Response along with their product capabilities to enable their customers monitor real time NAC-related events, identify threats, and remediate by taking corrective action on the endpoints.
Following examples highlight few threats which could occur in customer deployment are handled by this solution:
- When number of authentication failures exceed the threshold pre-set by SOC admin, user can choose to take the action of notifying the administrator via email
- When Malware is detected in the event, user can take the action of notifying the administrator via email
- When Virus is detected in the event, user can take the action of notifying the administrator via email
- When a bad DNS request comes in the event from a particular host, user can take the action of blocking the outgoing traffic from that host.
Programming Language: Python