I attended the Splunk user conference earlier this week (.Conf2016) and came away pretty impressed. Since I started watching Splunk years ago, the company climbed from a freemium log management and query tool for IT and security nerds to one of the leading security analytics and operations platform. Not surprisingly then, security now represents around 40 percent of Splunk’s revenue. Given the state of the cybersecurity market, Splunk wants to work with existing customers and get new ones to join in to build on this financial and market success.
To that end, Splunk really highlighted three enhancements for its enterprise security product:
1. An ecosystem and architecture for incident response. Splunk often acts as a security nexus for its customers, integrating disparate data into a common platform. It now wants to extend this position from analytics to incident response by building IR capabilities into its own software and extending this architecture to partners through APIs, workflows and automation. Splunk calls this adaptive response. For now, Splunk doesn’t see itself as an IR automation and orchestration platform for complex enterprise environments (in fact Phantom and ServiceNow were both exhibiting at the event), but it does want to use its position and market power to make IR connections, data flows, and tasks easier and more effective for security and IT personnel alike.
2. An enterprise-class commitment to machine learning. Splunk gained machine learning capabilities with its 2015 acquisition of Caspida for UBA, but this is a separate product for a specific use case. Fast forward to 2016, and Splunk is adding machine learning capabilities to its core platforms, including ITSM and security. Yes, machine learning is still an immature area, but Splunk is jumping in with both feet by adding “data scientists in a box” that allow security professionals to change threat investigations or risk management tasks without having to twiddle bits in machine learning algorithms. Splunk declared that its goal is to marry machine learning with enterprise scale, and judging from some of my meetings, it is hiring resources to make this vision a reality.
3. Simplify security analytics and operations with intuitive tools. According to ESG research, 46 percent of organizations have a “problematic shortage” of cybersecurity skills in 2016. To address this growing shortage, Splunk is intent on making its software more intuitive so its users can be more productive. To that end, Splunk introduced something it calls “Glass Tables” that allows Splunk administrators to customize their views of the data and pivot from one data point to another without needing to master the Splunk Processing Language (SPL). For example, Splunk demonstrated something called Insight Engines for cybersecurity investigations, a Glass Tables view for improving the efficiency of senior security analysts and onboarding newbies.
While I was impressed with all of the new feature/functionality, Splunk’s real core value slaps you across the face at .Conf. Splunk customers tend to love the company, which sets its user conference apart from the parade of boring, PowerPoint-centric, status quo industry events we all attend. Splunk customers really want to help educate and support one another, and the company does a great job in facilitating this collaboration, making .Conf a spirited but educational annual gathering.
In addition to its users, the Splunk conference also attracts an army of partners that really do collaborate with the company. These include vendors from endpoint security (Carbon Black, Crowdstrike, Cylance, Ziften), network security vendors (Cisco, Corvil), threat intelligence (Recorded Future, ThreatConnect, ThreatQuotient) and incident response (Phantom, ServiceNow). These vendors actually integrate and add value to the core Splunk platforms.
Splunk has become a big publicly traded company, and this is evident by the increasing glitz factor of its user conference over the past few years. Nevertheless, Splunk demonstrated that it is committed to advancing its cybersecurity capabilities in a way that benefits the company as well as its customers, partners and the industry at large. Pretty good metrics if you ask me.