IRI Reveals Data-Centric Security Insights in Splunk SIEM Software
Sensitive Data Searching and Masking Results Feed Cloud Display, Alert, and Response
Melbourne, FL - April 9, 2019 - Innovative Routines International (IRI), Inc. (www.iri.com), a leading provider of big data management and data-centric security software, has recently documented new options for Splunk Enterprise Security (ES) users interested in finding and masking discrete data at risk in disparate data sources. In multiple blog articles, IRI shows how users of the Splunk ES Security Information and Event Management (SIEM) environment can leverage static or streaming information from different search logs and masking operations produced by static data masking software from IRI -- FieldShield, DarkShield, and CellShield EE -- all of which are also included in the IRI Voracity data management platform.
“The addition of granular details about where sensitive data is, its masked versions, and audit details on whether it’s been protected or not is very important for DBAs, data security governance (DSG) architects, and compliance officers,” observed IRI Data Software and Services Director Lisa Mangino. “Beyond the logs and reports in IRI products, having that data indexed and available in Splunk puts powerful analytic, dashboarding, and action mechanisms in play, and in the cloud” she added.
For example, when personally identifiable information (PII) and other sensitive information is stored or accessed in databases, FieldShield can be used to classify, search, and protect it consistently in one or more tables at a time with functions like format-preserving encryption. The results of the search operations (log data), or masking operations (masked data), can be fed directly into Splunk via an add-on, Splunkbase app, or Universal Forwarder process from all Voracity artifacts, including FieldShield's.
When PII sits unmasked in semi-structured unstructured files like HL7 and JSON, email archives, PDFs and Microsoft documents, NoSQL DBs, images and other “dark data” sources, IRI DarkShield can also report and graph its search and masking results in files and dashboards. But by directly indexing, or automatically forwarding, that same log data to Splunk ES, it is possible for Splunk to analyze it in displays, and use it to create alerts and take action through the Splunk Adaptive Response Framework or a Phantom Playbook.
Finallly, data masking operations conducted in Excel through IRI CellShield produce an audit trail. That log information -- as well as any selected set of masked cell data -- can also be sent to Splunk indexes automatically through the logging integrations described here.
About IRI, The CoSort Company
IRI, Inc. is a leading US data management and protection ISV founded in 1978 and represented in 40 cities worldwide. Uniquely fast and versatile IRI data movement and manipulation engines -- and their Eclipse data and job control IDE -- provide highly price-performant and versatile data lifecycle solutions for BI/DW architects, data security and governance officers, DBAs, et al.
About Splunk
Splunk Inc. (NASDAQ: SPLK) helps organizations ask questions, get answers, take actions and achieve business outcomes from their data. Organizations use market-leading Splunk solutions with machine learning to monitor, investigate and act on all forms of business, IT, security, and Internet of Things data. Join millions of passionate users and try Splunk for free today.
Press inquiries to:
Craig Schein (craigs@iri.com)
IRI, The CoSort Company
+1 800-333-SORT, ext. 229