TMCnet News

Insight Engines Announces General Availability of Cyber Security Investigator
[September 25, 2017]

Insight Engines Announces General Availability of Cyber Security Investigator


Insight Engines today announced general availability of Insight Engines Cyber Security Investigator (CSI) for Splunk. CSI lets users ask questions of datasets using natural language. Its Splunk (News - Alert) application lets anyone in an organization detect, investigate, and visualize cyberthreats - even if they don't have expertise in Splunk Search Processing Language (SPL).

"Security teams today are like the Great Wall of China - they apply their efforts broadly but are easily breached by smart, targeted intruders," said Insight Engines CEO Grant Wernick. "CSI (News - Alert) turns their data analysts into a cyber SWAT team. They can swiftly zero in on irregular network traffic or authentication data, track breaches as they happen, and take action. All they need is a basic understanding of security principles and a bit of curiosity."

Organizations in healthcare, finance and technology use CSI for Splunk to gain actionable intelligence from their Splunk data. At last year's Splunk .conf2016, Kaiser Permanente led a session on the impact CSI had on their Cyber Risk Defense Center (CRDC). At Splunk .conf2017, Insight Engines will conduct a joint session with Joel Fulton, Splunk CISO and former Deputy CISO of Symantec (News - Alert), highlighting how CSI helped his former security team reduce the learning curve for Splunk and speed up threat investigations.

CSI uses Insight Engines' natural language processing (NLP) search technology to enable plain English search queries over machine data. Insight Engines proprietary NLP technology is much more than keyword lookups from a dictionary. In seconds, it examines search queries to understand meaning, intent and context, and produces accurate results and meaningful visualizations.

"Splunk is a pioneer in enabing enterprises to gather and analyze their data in a central location, but teams are still only using a fraction of their data to solve interesting problems," said Erik Swan, Insight Engines board member and investor, and co-founder and former CTO of Splunk. "Splunk Processing Language is crazy powerful but often overkill. Insight Engines radically opens the door to access to complex data analysis without needing expertise in Splunk Processing Language. It's a win for my baby the Splunk platform, but also for every organization that wants to broaden access to Splunk's power to better inform their decisions."



CSI beta was first introduced to Splunk users at .conf2016. Today, CSI for Splunk will G.A. with new product capabilities that make it easier for security professionals to catch threats. These include:

  • The personal workbench. Analysts can now personalize their individual homepages to display custom query results for their specific role, giving them an at-a-glance sense of where threats may exist and what they should investigate next - a concept that people have grown to expect from consumer products, but don't get in the enterprise.
  • Deeper integration with Palo Alto (News - Alert) Networks. This marks the first time anyone, no matter how technical they are, can ask plain English questions of their Palo Alto products, and generate sophisticated visualizations and correlations based on the insights that are created by Palo Alto Networks products.
  • Autopilot, an automated query mode. Autopilot proactively conducts searches a team likely hasn't ever thought of, and displays results for these searches in seconds, increasing a security team's opportunity to randomly discover bad actors, and inspiring them to ask more questions of their data.
  • Pivot Queries, a query recommendation engine that intelligently suggests new questions to ask in real time based on the question you are asking. Analysts can click on a result and get suggested natural language queries about that specific result, leading to better insights.
  • Alexa integration, a new voice search component that lets security analysts ask questions of CSI via the Echo interface. Voice as an interface is just starting to come to the enterprise. Insight Engines is paving the way to bring it deeper into the workplace, making it possible to generate complex database queries in real time from just the sound of one's voice.

To learn more about Insight Engines' activities at Splunk .conf2017, in Washington, D.C. on Sept. 25-28, visit: https://insightengines.com/blog/insight-engines-at-splunks-upcoming-user-conference/.


To learn more about CSI, visit: https://insightengines.com/product/ or contact [email protected].

About Insight Engines

Insight Engines enables organizations to unlock the value of machine data so it becomes accessible and actionable to anyone in an organization, from an analyst to an executive. Its unique and powerful natural language search technology enables everyone to ask the questions that matter in plain English and generates highly optimized queries against their data in real time, eliminating the need to spend years becoming an expert in complex search languages and days crafting queries. Customers include the Fortune 500 as well as major government organizations. Insight Engines is backed by August Capital, Splunk, Real Ventures and Data Collective and is headquartered in San Francisco, CA (News - Alert). For more information, visit https://www.insightengines.com or follow the company on Twitter @InsightEngines.


[ Back To TMCnet.com's Homepage ]