Macnica (hereinafter referred to as Macnica, head office: 1-5-5 Shin-Yokohama, Kohoku-ku, Yokohama, Kanagawa Prefecture; President: Jun Ikeda), which analyzes threats targeting Japanese organizations on a daily basis and provides security solutions, has announced the following: For companies considering implementing security measures using Splunk Enterprise, we will begin offering a "Security Log Analysis Starter Package" that will help you get started easily. This package provides an integrated service that includes server preparation, log selection, dashboard creation, log operation monitoring, and maintenance support required for new installations.

In recent years, the spread of telework has increased the number of entry routes for attackers, and new threats that bypass conventional network-based security measures are increasing. As a countermeasure against such threats, Splunk Enterprise comprehensively monitors and flexibly analyzes a wide range of logs, including not only firewalls and IPS/IDS, but also Active Directory, administrator terminals, employee terminals, and authentication data of various devices. It is highly evaluated as a product that can customize the method. On the other hand, in order to implement advanced security measures using Splunk Enterprise, it is necessary to prepare servers, create dashboards, and have advanced operational monitoring skills.

This package provides everything from server preparation required for advanced security log monitoring using Splunk Enterprise, dashboard creation, SOC operation service, and maintenance support, enabling easy and speedy start-up of operations. It will be possible. This package includes (1) a dedicated server "Gemini appliance" that is optimal for Splunk, (2) a Splunk Enterprise license that is the foundation for log collection and analysis, (3) a dashboard that summarizes alerts and event statistics from collected logs, (4) a customer environment Includes SIEM operation monitoring service that provides 24/365 security monitoring using Splunk Enterprise, and ⑤ annual maintenance support for Splunk licenses.

The advantages of using this package are the following two points.

• Easy deployment of Splunk Enterprise
  Normally, when installing Splunk Enterprise, there are a wide range of items to consider, such as configuration consideration, selection of logs to be acquired, server and license procurement, dashboard (analysis screen) construction, and monitoring system construction. Especially when creating dashboards and building monitoring systems, knowledge of Splunk Enterprise is required in addition to knowledge of security.
  Since this service includes all the elements necessary for installation, security operation can be started simply by determining the scope of log monitoring. In addition, both the license and the Gemini Appliance, which is the server, are subject to maintenance support, so you can use it with confidence even if a problem occurs.
• Scope of use can be expanded to include applications other than security
  Splunk Enterprise installed in this service can be used not only for security measures, but also for various purposes such as IT infrastructure management, business process improvement, and remote work management.
  While leaving security log monitoring to this package, it is a tool for discovering new corporate value through data utilization, such as searching raw logs and creating dashboards for other purposes to check statistical information. You can also use it as

In addition to selling and supporting Splunk Enterprise, which detects, investigates, and analyzes security incidents based on machine data, Macnica is actively developing its own services. Through initiatives like this, we will do our best to contribute to strengthening the cybersecurity measures of Japanese companies.

List of Splunk related services provided by Macnica