Splunk User Behavior Analytics (UBA) 5.4 Delivers FIPS Compliance and Advanced Anomaly Detection

Security Fernando Jorge

Splunk’s latest User Behavior Analytics (UBA) product update, version 5.4.0, brings enhancements and new features designed to streamline operations and improve threat detection accuracy. Let’s see what’s new!

Achieving New Standards with FIPS Compliance

With version 5.4.0, Splunk UBA now meets compliance requirements for Federal Information Processing Standards (FIPS), ensuring that data handling and encryption processes adhere to rigorous federal guidelines. This milestone underscores Splunk’s dedication to security and compliance, and expands the potential for government, public sector, and regulated industry customers to leverage Splunk UBA in their security operations.

Enhanced Integration with Splunk Enterprise Security for Risk-Based Alerting

Splunk UBA is now more closely integrated with Splunk Enterprise Security (ES) through the Risk-Based Alerting (RBA) framework and feature set. “But wait… what is RBA?” you ask? RBA uses the existing Splunk Enterprise Security correlation rule framework to collect interesting and potentially risky events into a single index with a shared language, which is then used for alerting. Events collected in the Risk Index produce a single “risk notable” only when certain criteria warranting an investigation are met. This increases security visibility, closes gaps, and reduces the volume of low fidelity alerts. This process transforms traditional alerts into potentially interesting observations which correlate into a high-fidelity security story for analysts to investigate.

In Splunk UBA 5.4, users can create and forward risk events from UBA-detected anomalies and threats directly to Splunk Enterprise Security. This integration ensures that organizations can maintain a more holistic view of their security posture, streamline responses, and enable more dynamic risk management.

Innovations in Anomaly Detection with the False Positive Suppression Model

Addressing one of the most challenging aspects of threat detection, the new False Positive Suppression Model significantly reduces the noise of false alerts. Utilizing advanced self-supervised deep learning algorithms, this offline batch model learns from user-tagged false positives to enhance its detection capabilities. By automatically identifying and tagging similar future anomalies, the model helps security teams focus on genuine threats without overlooking potential risks. This model exemplifies how machine learning can transform anomaly detection, providing a smarter, user-friendly way to manage alerts.

Detecting Anomalies in File Access with Precision

The newly introduced model for detecting unusual volumes of file access events per user will help users refine their data analysis. This model identifies outliers in the daily counts of file-related events per user, enhancing the ability to spot potential data exfiltration or unauthorized access activities within vast datasets.

Scalability and Performance Enhancements

The scalability and performance of the Account and Device Exfiltration models in Splunk UBA have seen significant improvements in Splunk UBA version 5.4:

These improvements ensure that Splunk UBA operates more efficiently, providing rapid, reliable analytics to help security teams act quickly.

Upgrade to Splunk UBA 5.4 Today

Splunk UBA 5.4.0 is now available, offering organizations the tools to detect insider threats and cyber attacks more effectively than ever. As cyber threats evolve, so do our solutions. Splunk UBA 5.4 is part of our ongoing commitment to deliver solutions that protect our customers in an ever-changing digital landscape.

To learn more about Splunk UBA, we encourage you to visit the product webpage, take a tour, and review our latest Splunk UBA 5.4 documentation.

Related Articles

What’s Cyber Security Week like for Splunk? it-sa gold!
Security
1 Minute Read

What’s Cyber Security Week like for Splunk? it-sa gold!

Two gold awards and a successful it-sa event - that's how Splunk does Cyber Security Week!
Security Insights: Jenkins CVE-2024-23897 RCE
Security
5 Minute Read

Security Insights: Jenkins CVE-2024-23897 RCE

In response to CVE-2024-23897, the Splunk Threat Research Team has developed new security detections and hunting queries to support defenders.
Splunk and DTEX Systems Leverage Human Telemetry and Zero Trust to Mitigate Insider Risks and Account Compromise
Security
3 Minute Read

Splunk and DTEX Systems Leverage Human Telemetry and Zero Trust to Mitigate Insider Risks and Account Compromise

Splunk and DTEX Systems have partnered to offer an integrated solution that captures, analyzes and streams a single, noise-free endpoint data signal.