The Gately Report: Splunk Partners Play Big Role in Security Business Growth

Splunk partners are playing a crucial role in helping the company grow its cybersecurity business and safeguarding customers from cyberattacks.

That’s according to Mike Horn, senior vice president and general manager of Splunk’s security business. He previously was president and CEO of TwinWave Security, which was acquired by Splunk last November.

At last week’s Conf23, Splunk unveiled numerous new offerings, including Splunk AI, new product innovations to Splunk’s security and observability platform, and Splunk Edge Hub, the first product exclusively for Splunk partners.

Biggest Threats Facing Splunk Partners, Customers

Supply chain-related attacks pose the biggest danger to organizations, and are especially difficult to prevent, detect and remediate, Horn said. The Clop ransomware gang’s massive MOVEit Transfer attacks were just the latest supply chain-related threats to wreak havoc on organizations.

Splunk’s Mike Horn

“We previously had Log4J and SolarWinds, the things where attackers are able to co-opt existing infrastructure distribution models,” he said. “They can kind of sneak in the back door, so to speak. I think that’s a really challenging one and something that can be a little bit harder to pick up on, a little more nuanced than the smashing at the front door with your ransomware document. So that is one that I think we’re going to continue to see more of. I hear customers asking about API security because it’s a new surface area that’s getting exposed. And any time you have something new, it’s less mature. We haven’t worked out all the bugs yet, which is what attackers take advantage of.”

One of the products unveiled at Conf23, Splunk Attack Analyzer, resulted from Splunk’s acquisition of TwinWave. It allows security teams to automate the analysis of malware and credential phishing attacks to uncover complex attack techniques used to evade detection.

“That’s my baby, and I take a lot of pride in what we’ve done there,” Horn said. “Ninety percent of the TwinWave customers were already Splunk customers so we had a lot of overlap and familiarity there. We had already built integration with Splunk products like Splunk Security, Orchestration, Automation and Response (SOAR). We had customers that were using Splunk products and TwinWave at the time, now Attack Analyzer, very effectively together. So I’m excited now that we’ve gotten to a point where we’re ready to bring it to all the Splunk customers.”

See our slideshow above for more from Horn and more cybersecurity news.