Deloitte, Splunk Team Up for Security Monitoring, Response
Deloitte‘s cyber practice and Splunk now are providing automated security monitoring and response capabilities to enable a more rapid response to cyber adversaries and the challenges they present to organizations.
Deloitte’s Fusion Managed Services offerings with Splunk Phantom will help organizations achieve their security monitoring and response objectives in an efficient and cost-effective manner, according to Deloitte.
Andrew Morrison, Deloitte’s strategy defense and response leader, tells us the ideal customer for the new capabilities would be organizations that have a high number of incoming threats, but a lower likelihood of having a larger IT budget to manage those threats.
“The market today for managed services is reliant on taking known threats and known risks, and trying to optimize alerts,” he said. “Most of our competitors are in that space trying to optimize their alerting. What the alliance and working with Splunk does is lets us expand into more unknown threats and more unknown risks … looking for the hidden threat that you may not have known to look for.”
Rich Hlavka, Splunk’s director of development, global strategic alliances, tells us there may be several instances where Deloitte’s end-user customers may want to procure a full license to extend the use cases and playbooks that the MSSP will offer as part of their catalog of services.
“So when appropriate, Splunk’s channel partners can fulfill and transact those orders as a pull-through transaction,” he said. “For example, Splunk has customers that could use the MSSP to outsource a subset of their security operations center (SOC), such as phishing emails and monitoring, but advance use-cases and playbooks may require an organization to own their own instance. So Deloitte is the MSSP, but also the influencer for pull-through transaction that our channel can help fulfill.”
Fusion Managed Services combine threat intelligence, threat monitoring, attack surface identification and reduction, and incident response information to help organizations proactively detect and respond to unauthorized activity before it can adversely affect networks.
Splunk Phantom helps customers work smarter, respond faster and strengthen their defenses by combining security infrastructure orchestration, playbook automation and case management capabilities to integrate processes and tools together, according to Deloitte.
Using the security orchestration, automation and response (SOAR) capabilities of Splunk Phantom, Deloitte’s cyber analyst teams can help clients repurpose valuable time to other mission-essential tasks.
“Our alliance with Deloitte Risk and Financial Advisory’s cyber practice and Deloitte’s Fusion Managed Services team helps customers build customized, vertical-based use cases and associated automated playbooks,” said Aziz Benmalek, Splunk‘s vice president of worldwide partners. “These new offerings from Splunk and Deloitte can help customers establish a proactive cybersecurity practice that can enable organizations to reduce operating expenses and more efficiently address security issues to better allow organizations to focus on other priorities.”