Traditional SIEM solutions struggle to keep pace with the ever growing set of data sources and increasing contextual complexity. 10 years ago collecting data from firewalls, IDS sensors, and operating systems and normalizing the data for querying held promise. Today, that approach simply isn’t enough. Modern security organizations require platforms that can query valuable contextual information from unique data sources rather than normalizing it away. Security organizations must also begin to adopt the doctrine of automation from the DevOps movement to keep pace with today’s attackers.
At NuHarbor Security we view Splunk as a central cog to the security machine and seek to leverage automated integration wherever possible to reduce manual overhead. NuHarbor Security also understands that log and event data contain an immense amount of value for more than just the security organization, and knows how to leverage the data analytics and automation services provided by Splunk throughout the enterprise.
NuHarbor Security utilizes Splunk’s industry leading next generation data analytics platform to provide cohesive analytics services by leveraging existing machine data. The flexibility of our Splunk Managed Services platform allows us to host your Splunk environment on dedicated instances managed by NuHarbor Security in our cloud, or on your own on premise platform in order to meet your unique business requirements. Regardless of the deployment model, you maintain full access, visibility, and usability of your data.
Splunk Management and Monitoring
NuHarbor Security monitors and manages the performance, updates, configuration, and overall environment health of your on premise or hosted Splunk instances. Our weekly status reports provide you with a detailed summary of ongoing management and maintenance activities as well as an overall system health report for your environment.
As your environment changes, NuHarbor Security will onboard new sourcetypes as needed. This process includes log source review, test implementation of new data inputs, Splunk app installation as applicable, and search time field extraction. NuHarbor Security will provide test indexes for this onboarding process to protect the integrity of production data and expedite the onboarding process.
Our Splunk Certified Administrators and Architects will work with your users to create new and useful searches, as well as edit existing ones as needed. Searches can be executed on demand, or via a report or dashboard.
Report Generation & Design
Utilizing Splunk’s industry leading data analytics engine, we will work with your data owners to design and generate meaningful reports. These reports can be consumed directly within the Splunk web interface or delivered to users for out of band consumption.
Our services include the generation of meaningful and actionable dashboards that bring your users a visual representation of your saved searches. These dashboards are highly customizable and can be organized and presented in a variety of formats, at varying levels of detail for different audiences and user types.
Splunk Enterprise Security
NuHarbor Security will manage, monitor, and enhance the Splunk Enterprise Security product. We utilize Enterprise Security’s correlation and classification features to monitor and track possible security concerns within your environment. Our security log investigation services allow you to enhance and prioritize your incident response activities. The combination of Splunk Enterprise Security’s capabilities and NuHarbor Security’s services creates a complete security monitoring and investigations solution for your organization.
On Demand Services
NuHarbor Security can provide various services on demand to support your Splunk installation. Our services are designed to mature your security program including but not limited to security automation (e.g. scripting), support of IT compliance mandates, and access control design.