Splunk .conf19: Data Is Everything

Written by Edward Gately
October 22, 2019

The theme of the conference is "Turn Data into Doing."

… add value on top of the platform, Benmalek said.

“The second piece is really enablement, enablement, enablement, help us and enable us from an ecosystem point of view so we can develop the capacity and compatibilities in the marketplace because there is need for developing more expertise in the marketplace across security or IT operations and DevOps on the Splunk platform,” he said. “So enablement is a key element that is important.”

Anchored by the newly launched Splunk Mission Control, the Splunk Security Operations Suite is aimed at making it easier to manage security across the entire threat lifecycle. Mission Control is a new cloud solution that connects Splunk Security Information and Event Management (SIEM) (Splunk Enterprise Security), security orchestration, automation and response (SOAR) (Splunk Phantom) and user and entity behavior analytics (UEBA) (Splunk UBA) products into a single unified analyst experience.

Haiyan Song, Splunk’s senior vice president and general manager of security market, tells us Mission Control resulted from challenging customers to reimagine security operations and “let’s think about how we can automate more.”

“We asked customers, what are the key things it’s important to bring together, to put them in one common workspace,” she said. “It’s really about the whole journey through the security operations center (SOC). You get the events ingested, you use that for better detection and hopefully in the future better prediction. And then investigation, that’s the human biggest thing and that’s Spunk’s biggest thing, but you’ve got to work collaboratively. Investigate and collaboration are two of the key features, and then case management and reporting. You can’t improve if you don’t measure.”

Mission Control is “really that common workspace where we basically bring the entire Security Operations Suite together and we really pick the best of all the different products and put them in a unified presentation layer,” Song said.

“And the work is not done yet; this is just at the very beginning,” she said. “The other key element we don’t talk about as much is we’re doing all this in the cloud, and because we’re able to do that in the cloud and provide that security fabric and the connectivity, now we’re really unifying the work … and enabling people to work wherever they are.”

Splunk also announced new versions of Splunk Enterprise and Splunk Cloud, and the general availability of Splunk Data Fabric Search (DFS) and Splunk Data Stream Processor (DSP).

Splunk DFS accelerates and streamlines the data analytics experience by weaving together insights from massive data sets, across diverse data stores, into a single view. And Splunk DSP is a real-time stream processing solution that continuously collects high-velocity, high-volume data from diverse sources, turns data into valuable information or insights, and then distributes results to Splunk or other destinations typically within milliseconds, according to the company.

Query.AI has released an app on top of Splunk that helps customers get more value from the platform. Andrew Maloney, the company’s COO, said it’s nice to join Splunk in a partnership relationship instead of a competitive one. He also said his company’s had some “really good conversations with mutual prospects and customers.”

“A lot of folks are now switching to Splunk from other platforms and all the vendors in this space follow their own query structure and search language, and a lot of folks are now just transitioning into security and have to learn how to leverage these tools and what questions to ask,” He said. “So we’re an app on top of Splunk that allows them to simply do that using natural language processing.”