Going Beyond Today’s Asset and Risk Intelligence: What’s New in Splunk ARI 1.2

In modern cybersecurity, visibility into your asset landscape is no longer a luxury-it's a necessity. Organizations cannot defend what they cannot see, and without clear visibility into their assets, vulnerabilities, and business context, security teams are left reacting blindly to threats. Splunk Asset and Risk Intelligence (ARI) brings precision to defense by continuously mapping assets, correlating them with risk exposure, and prioritizing what matters most. With the improvements within Splunk's ARI 1.2, organizations can further improve aligning their vulnerabilities, misconfigurations, and threat activity with the business value of each asset. ARI 1.2 empowers security teams to shift from generic alerting to truly risk-driven decisions, reducing noise, strengthening resilience, and ensuring critical systems are protected first.

Asset & Identity Investigation Enhancements

Within Splunk ARI 1.2, SOC Analysts and Incident Response teams can utilize the improvements in attack surface explorer to help those team members discover, map, and monitor all assets and their potential exposure to cyber threats. All of this actionable intelligence, helps those teams contain compromised assets/hosts faster and gives insights into other connected systems that are potentially at risk as well. It doesn't end there, ARI 1.2 uses information from Splunk Enterprise Security risk factors and other combined information to provide non-human identity (insights) coupled with tracking changes in the environment to spot newly added, misconfigured, or decommissioned assets within your organization. All of these capabilities help SOC teams reduce alert fatigue by providing a more comprehensive understanding of risks - focusing on high-risk assets and exposures.

Faster and More Efficient Response Management

A SOC Analyst's greatest strength is being able to respond quickly and accurately to threats that arise. Splunk ARI 1.2 now makes a SOC Analyst even stronger by giving them the ability to build responses with one or more actions within the platform. SOC Analysts, already able to identify unknown or known assets from above more quickly, can view detailed information and send it to ServiceNow, ensuring that unknown or unmanaged assets are routed to the correct business unit and eliminating one of the biggest blind spots in cybersecurity today. This also applies if a particular custom or known rule triggers an asset; it can be sent to another system for further review and analysis. This means that a SOC Analyst utilizing the new features and capabilities within ARI 1.2 can track, prioritize, and remediate with ease and accuracy.

Raising the Altitude: Improvements in the Cloud Ecosystem

Everything these days runs in the cloud, and organizations are moving to the cloud at a faster pace or even building their own private cloud instances. This pivoting and shifting are crucial, but they also leave gaps in what has been migrated or even spun up. ARI 1.2 is now adding even more cloud applications and data sources for organizations to track those cloud hosting vendors with ease, along with more granular information. ARI already can track vendors such as Azure, AWS, Google and Oracle, but providing even deeper insights into ephemeral assets such as EC2 instances, Azure VMs, Docker workloads, Kubernetes pods, etc., seeing what has been spun up and the timeframe of that usage. This helps SOC Analysts identify telemetry that could reveal anomalies such as unauthorized deployments, excessive privilege use or suspicious network connections all to close the visibility gap and reduce the attack surface.

That's Not Everything

Splunk ARI 1.2 offers several additional benefits to SOC teams and organizations, providing a genuine long-term advantage. ARI will now offer data retention and aging rules to enhance other regulations, such as HIPAA and PCI-DSS. This also means that SOC alerts aren't generated against decommissioned assets within the organization's inventory. Tying back into HIPAA and PCI-DSS with ARI, customers can now get asset and identity filtering that enables security teams to isolate specific devices, users, or entity groups during investigations, allowing for more granular exporting of targeted datasets. Finally, building off what ARI already has to offer around vulnerability disclosure reporting, organizations can now choose to track and also report on vulnerabilities by either CVE or signature.

Strengthening Your SOC with Continuous Asset Discovery and Risk Intelligence

Splunk ARI 1.2 is more than just an update; it's a significant leap forward in empowering security operations to be proactive, precise, and resilient. By enhancing asset and identity investigation, streamlining response management, and expanding cloud visibility, ARI 1.2 provides the critical insights needed to defend against today's evolving threats. The added compliance features and flexible vulnerability reporting further solidify its position as an indispensable tool for any security-conscious organization. With ARI 1.2, security teams can transform their approach from reactive chaos to strategic, risk-driven defense, ultimately safeguarding their most valuable assets with unprecedented clarity and control.

Check out the Splunk ARI Guided Tour and explore how to level up your A&I investigations.