Cybersecurity Roundup: Splunk, SonicWall, Bugcrowd, Exabeam
That’s a wrap for Splunk .conf19, the company’s 10th annual user conference that focused on all things data, including using data to gain better insight on and stopping cybercriminals in their tracks.
During the event, executives touted Splunk‘s efforts to offer new solutions through building, acquiring and investing in innovation. With its new Splunk Mission Control, customers gain a unified security operations center (SOC) experience that supports investigation and search across multiple on-premises and cloud-based Splunk Enterprise and Splunk Enterprise Security instances, ChatOps collaboration, case management and automated response.
In a Q&A at .conf19, Haiyan Song, Splunk’s senior vice president and general manager of security markets, talked about her company’s efforts to make SOCs more effective and its overall cybersecurity strategy.
Channel Futures: Tells us about the issues SOC analysts are facing. We’ve heard a lot about analyst burnout, if they could they would quit their jobs, and so on.
Haiyan Song: There are a couple of levels. One is on a very high level: The data is exploding and the number of technologies they have to learn and to manage, the average is like 75. That’s not very possible for a person. So I think that in many ways it’s really giving birth to technologies like what we bring to the market for security information and event management (SIEM) and Phantom, which is automation, and the Security Operations Suite. The other thing is, the burnout and things are also because we live in a time that the threats continue to evolve, and you figured you just learned some techniques and things, and then things are evolving. So I think this is when you really want to bring technology like [machine learning] and [artificial intelligence] to humans with that learning because they’re great at churning through a huge amount of data, and learning and getting insights, and finding anomalies. So I think those are probably the two that I feel like are most prevailing.
But I think what’s coming down the pipe is the cloud. It’s fundamentally changing how software gets built, how it gets deployed and consumed, and security in that world is really going to require a fundamental change, too. So that’s what I would really want our industry to put more focus on because we actually have an opportunity to do that right and make security by design, and that we understand the new digital economy, the API economy, the service-based economy. It also changes risk management … and how it has to be 24/7 because things are always changing. I think those are actually the things that we all should be paying a lot of attention to, whether we’re in the industry providing solutions or you’re the analyst who is doing the day-to-day. A very inspiring part is all the customers do understand that’s a big thing and they are open to adopting technologies like automation.
CF: Is mobility going to be increasingly important in cybersecurity?
HS: We live in a world where we can be anywhere and things can happen at any time. I think the most important thing is to enable the analyst to be able to take actions wherever they are. And that’s really the gist of the news from the security perspective, the mobility and what we’re trying to provide.
CF: How has Splunk’s Security Operations Suite evolved through the years?
HS: When Splunk started, it was not even a security company, but customers found that …