On the 12th June 2024, at their annual .conf24 convention in Las Vegas, Splunk, a leading company in cybersecurity and observability, showcased their latest products and services for secure data management. These have now been enhanced with new set of features and an unprecedented level of user convenience following Splunk’s recent acquisition by digital communications company, Cisco.
Together, Splunk and Cisco are pioneering to create a unified digital platform that provides ‘full stack observability’ across the whole pipeline of business operations. In a keynote speech at the conference, Tom Casey, Splunk SVP and GM of product and technology, outlined the company’s fundamental vision to provide visibility across all aspects of their customers’ digital footprints.
“Our product vision is to provide the visibility and the insights that you need across your entire digital footprint to power the actions that keep your systems safe and reliable, and, maybe most importantly, to allow you to focus on creating new value, being more agile, and creating more velocity. And when I say entire digital footprint, I mean the whole thing, it’s not just about managing the applications and devices, or the infrastructure, it’s also about reaching into the networks, the endpoints, the cloud services that you use as well, and understanding all of that.”
Tom Casey, Splunk SVP and GM of products & technology
Cisco will play a key role in enabling this vision to become a reality. According to Jeetu Patel, Executive VP and GM of Cisco, security is fundamentally ‘a data problem’, which requires data-driven solutions. For this reason, it is fundamentally through data management and analytics that Cisco is helping to further optimize Splunk’s already trusted products and services. As Casey highlighted in the keynote speech, increased access to data, and the insights that come with this, is a key benefit to come out of the Splunk-Cisco integration.
“To be most resilient, we have to see the whole picture. With Cisco, now we can – and this is really exciting because you get access to data and insights you’ve really never had. We are bringing together networking leadership from Cisco cloud visibility endpoint and other data insights lower in the stack that will reinforce observability in your regions, your zones, and your practices as well. And that will absolutely revolutionize resilience in your organisation.”
Tom Casey, Splunk SVP and GM of products & technology
What’s new?
Many of Splunk’s new features focus on optimizing data practices to bring increased efficiency to threat intelligence, and greater observability across company actions.
- Integration of Cisco’s App Dynamics and ThousandEyes Intelligence with Splunk’s observability cloud: this means that customers can now ingest data just once and send it to any Splunk tool for greater observability and visibility across business operations. This changes the way that customers are engaging with telemetry data, providing a simpler and more engaging user experience.
- A Federated Analytics feature with Amazon’s Security Lake: this provides a new and more connected data analysis service, enabling data to be analysed at the source where it resides, starting with an integration with Amazon’s Security Lake. This eliminates the need for businesses to relocate the data they need for threat hunting and detection, and provides a seamless data analysis service for faster threat detection and more context-rich insights. Users can now selectively fetch data from the security lake and build it into a short-term index for data analysis targeting a specific use case. The feature also sets the stage for integrations with other data sources, demonstrating Splunk’s commitment to driving ease-of-use and simplicity for users across the different platforms and the vendor services that most businesses are using.
- Additional data management capabilities: This includes pipeline builders, which streamlines the process of filtering, masking, and enriching data. It also includes an ingest processor, which unifies data management and across the Splunk platform and enables users to convert logs to metrics and route them to Splunk Observability Cloud as an endpoint.
- Generative AI assistant: this provides bidirectional SPL-natural language translation, enabling a broader range of users to access insights from data, and empowering each user to become a cybersecurity expert regardless of their ability to navigate the complex world of encrypted data. Splunk’s ultimate goal with Generative AI tools is to lower the bar for entry into the world of cybersecurity, and also drive efficiency for its security analysts. For example, by summarizing and analysing metrics, traces, and logs, the new AI assistant enables software engineers to gain valuable insights about an incident more quickly, which optimizes the processes of troubleshooting, root cause analysis, and incident response.
- Cisco’s Talos integration with Splunk tools: security teams are now able to harness the power of Talos’ leading threat intelligence, to gain enhanced insights into existing and emerging threats. This is helping to streamline the workloads for threat analysts, reducing alert fatigue and allowing them to focus on the critical tasks.
Simplifying data management
One of the key challenges for business efficiency in the digital age is the amount and complexity of tools and services, which has created a hyper distributed model for data management. With thousands of microservices to choose from which, along with hybrid service models, the market for software services has become inflated with an excess of choice for companies to navigate.
Jeetu Patel, executive VP and GM of Cisco, highlighted the prevalence of this issue, pointing out that most companies have between 50 and 70 vendors. In the long run, this is not a sustainable solution either in terms of finances or in terms of management. Together, Cisco and Splunk aim to simplify data management for businesses, providing them with one fully unified digital platform with a focus on security.
Guest speaker at the Keynote, Nimesh Bernard, Head of Observability at mortgage financing company, Fannie Mae (a Splunk customer) highlighted the complexity of navigating multiple different platforms/solutions as a key challenge, and pointed out that having “too many tools is not going to solve our problems”.
To help its customers deal with this issue, Splunk puts its focus on tool consolidation, rather than just creating a suite of new tools.
Tool consolidation refers to the practice of reducing the number of tools used by a business to monitor their data and applications, and typically involves combining data all different sources into a centralized repository of integrated data. For Splunk, it means integrating tool functions into their Observability Cloud, which now has assets such as an ingest processor, federated analytics, and an AI assistant for increased accessibility, which we explain in more detail below.
Bernard spoke to the real benefits of the Splunk’s tool consolidation that they had seen at Fannie Mae.
“We were analysing to see how much we were spending managing these capabilities and also the overhead cost to manage these platforms. We also analysed to see how much time we were spending managing the platform rather than enhancing the features. We found out that we were able to consolidate the tools without compromising on the capabilities, which is huge for us. The second thing is that we were able to get a return of investment on a licencing cost, and the third is that we were able to fit the tools we chose into Fannie Mae, starting with state architecture, and we were also able to consolidate data which is very important for us.”
Nimesh Bernard, Head of Observability at Fannie Mae
Is AI good or bad for the security landscape?
While the impact of AI on the cybersecurity landscape is a contested issue, Splunk is a company which is demonstrating the significant gains that AI is bringing to the cybersecurity landscape.
In a briefing with the press, Tom Casey shared his perspective on AI as a net positive for security, while also conceding the evolving nature of threats that AI is facilitating.
“So is generative AI a positive thing or a negative thing from a cybersecurity perspective? Look, everybody’s concerned about the threats from generative AI. It lowers the barrier to entry for bad actors to go and scale attacks in particular. And social engineering is always a threat, we’re seeing a lot of deepfakes, but that’s a general concern in the industry. The vast majority of our team tilt more optimistic than pessimistic when it comes to AI. Yes, there are threats, but there are also great gains in productivity that many are seeing from adopting AI. In the realm of security, one of the greatest restrictions to success and growth is finding enough talent. AI shifts the balance here by making natural language support part of everyday workflows, which lowers the barrier for people to participate in cybersecurity protection across complex sets of data. Over time, we think this not only levels the playing field, but actually tilts things in the favour of those trying to protect us.”
Tom Casey, Splunk SVP and GM of products & technology
As Casey points out here, one of the key benefits of AI is its democratization of knowledge. While we can’t prevent bad actors from also profiting from this benefit, companies such as Splunk illustrate that we can tilt the balance in favour of the good by utilizing AI to drive efficiency, increase access to security analysis, and provide greater observability into threat risk across the whole of a business’ operations.