Splunk Security Cloud is a security platform that Eric Schou, head of security marketing at Splunk, says takes the same approach to security as the rest of Splunk: data first. It includes the security orchestration, automation and response (SOAR) software that Splunk acquired in its 2018 purchase of Phantom.
“Overall, Splunk is a data company. Splunk’s value around what it does for customers is bringing data, ingesting data, normalizing data, and making it actionable for customers, whether that’s security, whether that’s in the DevOps space, or core IT,” Schou said in an interview. “The company was really rooted in the IT space and then as the company evolved, there were things that maybe started as a use case like security, and then customers quickly realized that visualizing and having access and doing things like analytics on top of that data to quickly understand where they are, what they can do, and taking proactive measures to protect themselves was really good — more than a use case.”
With Splunk Security Cloud, that data first approach includes machine learning-powered analytics, threat intelligence from Splunk’s numerous sources, and an automated approach that the company says improves “time to detection, investigation and response; alerts that used to take 30 minutes, now can take as little as 30 seconds.”
While Splunk Security Cloud closes the loop on the Phantom acquisition, Schou also highlighted the more recent acquisition of TruSTAR, a cloud native security company in the SOAR space that also takes a data-centric approach to security. Schou said it was precisely this focus on data that drew Splunk to acquire TruSTAR, which had previously been a partner.
“This technology will not only help in security analytics and what kind of data that we are processing and normalizing, but it’s also going to speed up the automation that our SOAR product is consuming,” said Schou. “They also have a very data-centric approach to how they go after this market. That is right in line with what Splunk is and who Splunk is. So we together are reinforcing that data is a security problem, security is a data problem.”
Schou credits the TruSTAR acquisition with the improved automation capabilities that are part of this release, which enables companies to speed up response times “without the army of people needed to do that same work.” Along these same lines, Splunk also released Splunk Security Analytics for AWS, a simplified security analytics solution designed for lean security teams running on Amazon Web Services, which will be available in the AWS Marketplace on June 29.
“We see a lot of the consumers of legacy SIEM being relatively large, well-staffed enterprises. That’s been the case for quite some time,” said Schou. “We wanted to prioritize making this experience around security analytics easier to consume, easier to manage, easier to get up to speed faster, and to be able to do it with a team that’s not really expansive and large.”
Currently, Schou said there are no similar plans to speak of for bringing Splunk to other cloud provider marketplaces.
Moreover, another benefit of moving Splunk security capabilities into the cloud was the ability for the company to more easily iterate on the product moving forward, he said.
“They’re getting the same, if not better, product today, but they do not have to have the burden of doing it on-prem with hardware. There’s a lot more flexibility today,” Schou said. “And then we see into the future, just having a cloud-first mentality will enable our ability to bring in features quicker to market. Taking feedback from customers and translating that into features will just be at a faster curve.”
Amazon Web Services is a sponsor of The New Stack.