Opinion

Splunk's position on SOAPA – Part 1

Splunk's Haiyan Song talks about security technology integration, Splunk’s strategy and customer benefits

By Jon Oltsik
CSO
May 22, 2017 7:33 AM PT

I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.

SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, Splunk's senior vice president of security markets, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:

  • SIEM’s role within SOAPA. Splunk sees SIEM as the “nerve center” for SOAPA for other types of security analytics and operations technologies. In other words, SIEM serves as the centerpiece in a hub-and-spoke security technology architecture.
  • Splunk as an ecosystem. Anyone who follows Splunk knows it works with lots of other security technology partners. Haiyan says this is a living example of SOAPA and Splunk’s nerve center concept. Customers benefits from tight technology integration, while Splunk partners can pivot off Splunk to help their clients gain additional value from their products.
  • Customers want help with incident response. Where are Splunk customers pushing on SOAPA? Incident response. Haiyan indicated that customers want to make analytics-driven decisions for incident response. Splunk is addressing this with “adaptive response.” This initiative looks a lot like SOAPA with an architectural framework, integrated components, partner participation, etc. The goal? Acceleration and automation of threat detection, investigations and incident remediation.
  • SOAPA benefits. Splunk likes to think in terms of customer outcomes and benefits rather than bits and bytes. For Haiyan, SOAPA represents an opportunity to increase industry innovation and ultimately deliver a security architecture that allows customers to increase productivity and accelerate actions while streamlining day-to-day security operations. 

For more detail, read the first part of my interview with Haiyan. More later this week.