X
Contrast ADR is seamlessly integrated with Splunk, providing real-time data from inside live applications directly to Splunk to fully illuminate the application layer.
This allows security teams to analyze and respond to applications, all within their familiar Splunk environment.
To learn more about the integration and how it can benefit your organization, check out this three-minute demonstration from Pranoy De, Principal Sales Engineer at Contrast Security.
Hello and welcome. Today we're going to talk about Contrast Security's new integration with Splunk.
For those of you that don't know Contrast, we are one of the leading providers of ADR in the market and what we do is we give you application layer visibility directly from your production instances and now can feed that information directly into Splunk when someone's attacking your application, when you have vulnerabilities in your application, and most importantly when you want to prevent those attacks, you can do all that directly through workflows enabled with our Splunk integration right now.
When you go into the Contrast dashboard inside Splunk, you can already get a snapshot of what the real state is for your current application layer. You can see the types of events that are getting directed to your application, whether you're being exploited, whether contrast is helping block your attacks, so on and so forth.
For the purposes of this video, let's go and investigate a single attack event that gets thrown to your application. As soon as someone exploits your app, Contrast can identify that and notify you immediately. In this attack event, you can already see Contrast has identified that in your production environment someone has successfully exploited a SQL injection. While that is already extremely useful information, Contrast is going to give you a lot more than that. You can open up your responses and then get access to our out-of-the-box runbooks where we will give you step-by-step information on what you have to do to respond to this attack.
While this is a SQL injection attack that's got directed at your application, that's the exact runbook that we'll open up for you and the runbook is built like a decision tree so you can click the exact pieces that are relevant to you and Contrast will outline the steps that you have to take. In this case, this is an exploited event so Contrast will talk you through your mitigation and containment options.
Now while we can outline a few different options for you, the most exciting piece here is going to be blocking this attack using Contrast directly. As you go back to your Splunk integration, you can see as well a link that's going to take you to the contrast console that's going to give you even more information about this attack.
As I open this up, you will see this attack event pop up in my contrast dashboard where I can see the exact attack value the attacker used. I can get the exact vector analysis for where the exploit took place. I can see the entire attack chain or stack trace for this attack, the method that was used to get the final exploit and of course the file that was impacted.
Finally, you can also directly tell Contrast to stop such attacks from taking place, taking entire classes of vulnerabilities off the table. In this case, you can go ahead and just tell Contrast to block this attack without the need for writing any signatures whatsoever. All this detail that you saw on the contrast dashboard is also available directly inside Splunk making this an extremely easy workflow for most sock and incident response analysts.
Having said that, if this was exciting and interesting to you, please visit our website, book a demo so we can show you more. Thank you so much.
Schedule a demo and see how to eliminate your application-layer blind spots.
Book a demo
