Looks like Mission Control Isn’t Just for Space Travel
One of the more exciting moments at .conf2019 was when Splunk introduced the new Mission Control product.
In terms of space travel, Mission Control refers to the operations center that manages space flights and spacecraft operations. From launch to landing, it’s the unit on the ground that supports the mission. That sounds cool–but what does that mean in the Splunk realm?
Centralized Security Operations Control for Splunk
For Splunk, Mission Control is a software as a service (SaaS) solution that offers a unified experience for security operations. Similar to NASA’s Mission Control Center, a Security Operations Center (SOC) team works together to overcome challenges–in cyberspace.
Easy Viewing for Security-Related Events
Splunk’s Mission Control offers the ability to view security incidents OR notables, just like in Enterprise Security, then take that and run a Phantom playbook. This means there’s only one place security analysts and teams need to look for most of their security-related events.
Unified Drill Down Capabilities with Splunk UBA
You’re probably thinking, is that all? Nope! It also includes Splunk User Behavior Analytics (UBA) goodness and the ability to drill down into these events within Mission Control, allowing you to investigate or remediate the issue. No need to open multiple dashboards or different Splunk products, as everything is centralized in one place.
Enhanced Collaboration Across Teams
From what I noticed during the .conf demonstrations, this should make the life of a security analyst much easier, which is really cool. If you are an MSSP that offers security services to a customer who also has a dedicated SOC team, you will now be able to work side by side between both parties.