More than ever, businesses are facing an increasing number of threats across multiple vectors, as new criminal tactics, innovations and technology continue to develop and evolve.
Splunk has long claimed itself to be a leader in observability and security analytics across a wide variety of industries, with use cases of its platform ranging from government institutions to Formula 1 racing teams.
TechRadar Pro was invited to Splunk's .conf 23 event in Las Vegas to hear all about the new integrations the company is making, and its latest products with the aim of improving efficiency and increasing the coverage of its security right to the very edge of its customers' business.
New products and ideas
One such product that Patrick Coughlin, VP for Global Technical Sales, particularly enthused about was Mission Control, Splunk's new interface designed to unify detection, investigation and response across all of the company's SOC tools, to make it simpler to organize secure workflows.
"I'm really excited to see the way that our security capabilities are coming together in a unified user interface that will accelerate productivity for security analysts," he noted. "We spend so much time hunting and pecking, and copying and pasting across so many different tools and it kills us."
"The more productivity, the more automation, the more integration that we can bring across the different workflows and security leads to outsized returns in terms of productivity for enterprise security teams today. It’s so important to our customers."
"And so when we talk about productivity, it may seem like little things that we're doing or even obvious things, but it is just such a huge focus point for so many security leaders out there. So, I'm excited about the way we're bringing our security portfolio together."
Another new product that Splunk has launched is Attack Analyzer, formerly known as TwinWave before the company was acquired by Splunk in November 2022. It allows analysts to gain advanced insights into threats and even run them within a safe environment to see who the attack works.
Kirsty Paine, a Strategic Advisor in Technology and Innovation for Splunk’s EMEA region, gave her views on the tool:
"I think that we hear from customers a lot that they need a sandbox environment, they need somewhere safe to be able to process and look at these kind of malicious reports, and I have heard on more than one occasion where an organization and analyst has accidentally detonated something outside of the secure environment."
"I think the more you could put safeguards around that and put it into one seamless tool, you can go straight from detection right through to response, but that investigation piece has always been the skill of the analyst, and it's great to actually have a lot of things that will help support them [with] the most common things that they're dealing with, which is phishing and malicious URLs."
Paine also talked about the expansion of Splunk's Federated Search feature to include Amazon S3 incidences, allowing for the unified searching of data at rest contained within S3 buckets, without having to process that data through Splunk, and how new offerings like these mark a change of direction for the company:
"I suppose this goes for a shift in our strategy really; we used to think that Splunk was the center of the universe, and if you put all your data into Splunk, then that was great - that's where you would query it, and you'd get great results and it would be very fast and that's, of course, true. But as the data volumes increase, and we see more and more data sources and volumes, it just became not very practical, and we would see customers storing data… where it was cheaper to store it… (great example: Amazon S3)."
"So that new architecture really opens up a lot of possibilities and I think this goes towards the trend we see of organizations having a data strategy, which is something that they maybe didn't consider - and even now I talk to customers that don't have one, or they have one but they've never looked at it - and there's a real need to think about how your treating all these different types of data: you have your business critical [data] that needs to be very timely and you need to be quite agile with that data and able to do a lot with it."
"But then at some point that data becomes not so useful; it's usually an age thing - in security, you're probably most interested in the last 30 days, but you do still need to keep that data for the last however-many years for all of your compliance reasons. So we see that kind of moving through different tiers in the data strategy and that's where a lot of the data gets stored and as a huge volume of it gets stored in, well, S3 is one example, and so I think that's very exciting for a lot of our customers and should help a lot with some compliance and needs that they have as well. I think it’s just cool as a new way of thinking."
The Edge Hub
Of all the new products, though, Splunk's Edge Hub seems to be the most unique. Unlike its other launches, this is a piece of physical hardware designed to sit in spaces at the workplace that traditionally don't allow for the capture of data. The Edge Hub hopes to rectify that, as it can collect all sorts of data, from reading temperatures to sensing vibrations.
Paine believes there could be many use cases for the Edge Hub:
"I think that's quite a cool piece of tech and it's nice that we're investing in our innovation… we see a lot of customers that have very disparate geographic sites, they have large manufacturing plants, they have agriculture, they have data centers, where they need to be monitoring the temperature, the humidity, and the vibrations, the lights - just making sure things are working as they should. And I think that can do a lot, particularly in security, when you see the IToT security-convergence challenge - having more data coming in from those sites will really help your central security team be able to plug that gap a little bit more, map a few more things, and if there is an attack, they'll be able to see more quickly how that's affecting any manufacturing sites, which is a problem that we see in the manufacturing sector."
"I think it's interesting because IoT in general - these kind of end devices have been hyped for such a long time - you know, ‘imagine if!’ - and you do see them in some use cases in agriculture, where you can monitor the humidity of the soil… huge cost efficiencies, huge environmental savings, but we've never seen it at that kind of scale that I think Edge Hub could be doing, so it's a really exciting model, and because it's being sold through our partners, we should end up with a solution rather than just a load of devices gathering dust."
"There's a use case for all [industries]. So if you're in retail, if you want to monitor your shops, or… if you have a smart building, or you want to invest in smart buildings, you have lots of offices where sustainability is a real driver for a lot of our customers and that's another use case that will enable detecting if the lights are on and off at the right time - I just think there's quite a lot of potential and really the limit would be your imagination in what you can make you do."
Integration
All these new products aim to help integrate all the strands of the Splunk ecosystem together, something that Coughlin says has been in demand from its customers.
"In observability, we have some amazing capabilities... [but] the biggest demand that I've heard from customers is, ‘Man, this is fantastic - integrate this stuff! Bring this closer to the power of the platform. You get metrics and traces over here, but I get logs over here and I need to bring these things together. And then by the way, also some of that Infrastructure and application telemetry data that I'm getting from observability, well that's just visibility to my security teams, so help this be not just a portfolio of disparate parts, but really a truly shared data platform with different analytics and automation modules across the top.’"
"And I think the progress... from the observability team really shows that deeper integration; again it's going to pay dividends."
"In a world where I see security, IT and engineering having to work closer together, we can help them by bringing the data together, by bringing those workflows together, bridging those teams, so maybe if the teams haven't integrated or if the budget line items are still different at the customer, there's so much more that we can do to actually bring efficiencies and the economies of scale into the enterprise, and so for observability, that's something I'm incredibly excited about."
But how does Splunk integrate with the numerous other services and software that company's use in their everyday workflows?
"Historically, Splunk has been very much Switzerland on that front," says Coughlin, in reference to the company's stance on third-party integration.
"There’s Splunkbase and there's apps and integrations, and we don't pick favorites - we don't really help that community - but we don't hurt it either. If people want to build integrations on top of Splunk, great, go, do it, and if customers want to use them, great, do it."
"I think one of the things that the products and technology leadership has really been down on and our partner organizations have been down on over the last seven months is, ‘we can help our customers by making sure that those integrations are taking the most advantage of the capabilities that we're building at Splunk, and that means taking a more proactive step in terms of little things, like documentation for integration partners, but it goes even further, which is, you know, having relationships with independent software providers that are so frequently used across our customer base and making sure that they know what our roadmap is, and where we're going, so that as they're building integrations on top of Splunk, it's more seamless and it doesn't force the customer to have to fix the integrations and… each one is having to figure out their own tweaks and workarounds, but rather we can kind of collectively solve that problem with our partners."
"It's a mentality shift but it's super powerful because at the end of the day, Splunk sits within an ecosystem of vendors in every customer and that ecosystem is rapidly expanding, you know, I mean, most of our customers have well over 100 integrations into Splunk and so it's becoming increasingly important for us to play a more active role and ensuring that those integrations are world class and they’re functioning and our partners know what our roadmaps look like."
"I think it's a huge opportunity for us to continue to improve, but we've made a lot of great strides."
- Here is the best endpoint protection for your firm
