Splunk steps up its enterprise security game

Amid the user excitement, Splunk made several enterprise security announcements at its annual user conference.

Many Splunk users are absolutely gaga over the product and the company. And when they go to Splunk's annual user conference, Splunk.conf, they exchange use cases, give presentations, participate in panel discussions, and talk about the way they use Splunk today and their plans for the future. Heck, they even open up about what features they’d like to see Splunk adopt in the future.

Aside from the reunion-like vibe at this year's conference, held this week in Washington, D.C., Splunk did make a few announcements:

  • Splunk UBA 4.0: Splunk is doing its best to transform machine learning from geeky science project to useful security technology. This new version of UBA provides an SDK, so customers can develop their own machine learning models.  Splunk is also working to make machine learning more useable in core Splunk Enterprise and Enterprise Security products.
  • Splunk ES Content Updates. Enterprise organizations have too few cybersecurity resources and too many cybersecurity tasks. As a result, many firms never figure out how to use their security technologies to their full potential. Splunk hopes to lend a hand here with Splunk ES Content Updates — a subscription service of pre-packaged security content. 
  • Lightweight Splunk for specific use cases. For example, the company introduced a product called Splunk Insights for Ransomware in June, which comes with canned analytics and dashboards for detecting and responding to Ransomware attacks. Splunk also announced a new insights package for monitoring Amazon Web Services cloud workloads.
  • Security essentials for fraud detection. Since lots of customers use Splunk for fraud detection, the company decided to package up a free Splunk app for investigating fraud in industries such as healthcare.
  • Booz Allen Hamilton Cyber4Sight for Splunk: This offering from Splunk and BAH is tailored for threat hunting, primarily in the public sector. It’s worth mentioning that threat hunting was a major theme at the show. Splunk is working with many partners to transform threat hunting from an elite cybersecurity discipline to a common activity for the masses. 

Aside from hearing about these announcements, I came away from the Splunk conference with a few observations:

1. Splunk is committed to making its products more consumable and useable for customers through packaging, partnerships or enhancements such as improved analytics and automation. Given the global cybersecurity skills shortage, this should help promote the successful use of Splunk technologies. 

2. The company is doubling down in the public sector, its biggest vertical industry. In fact, Splunk hosted its event in Washington to accommodate government and education cybersecurity and IT professionals who shun events in Las Vegas. This strategy seemed successful, as there were 1,200 public sector attendees. My guess is Splunk will continue to do well in this vertical, especially with state/local government and large academic institutions. 

3. Splunk is moving in a similar direction as ESG's security operations and analytics platform architecture (SOAPA), an open, standards-based, security software architecture built for heterogeneous technology integration.  

4. Despite its growth and pressure from Wall Street, Splunk hasn’t lost its ability to charm its customers. 

To be clear, Splunk has some challenges ahead. There aren’t as many green field opportunities in cybersecurity or ITSM, so it needs to find new homes for its big data management and analytics capabilities. In security alone, Splunk faces a wide and growing field of competitors, spanning from open source DIY technologies to venture-backed startup products. Finally, Splunk’s pricing model can become a point of contention with large customers, as well.

Notwithstanding these challenges, Splunk continues to innovate and grow while maintaining its core culture. The company also remains intently focused on customer affinity and success. If these efforts continue, Splunk.conf should maintain its party atmosphere for the foreseeable future. 

SUBSCRIBE! Get the best of CSO delivered to your email inbox.