1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Splunk Intent on Extending Cybersecurity Leadership

Discussion in 'Network World' started by RSS, Sep 30, 2016.

  1. RSS

    RSS New Member Member

    I attending the Splunk user conference earlier this week (.Conf2016) and came away pretty impressed. Since I started watching Splunk years ago, the company climbed from a freemium log management and query tool for IT and security nerds to one of the leading security analytics and operations platform. Not surprisingly then, security now represents around 40% of Splunk’s revenue. Given the state of the cybersecurity market, Splunk wants to work with existing customers and get new ones to join in to build on this financial and market success.

    To that end, Splunk really highlighted three enhancements for its enterprise security product:

    1. An ecosystem and architecture for incident response. Splunk often acts as a security nexus for its customers, integrating disparate data into a common platform. It now wants to extend this position from analytics to incident response by building IR capabilities into its own software and extending this architecture to partners through APIs, workflows, and automation. Splunk calls this adaptive response. For now, Splunk doesn’t see itself as an IR automation and orchestration platform for complex enterprise environments (in fact Phantom and ServiceNow were both exhibiting at the event) but it does want to use its position and market power to make IR connections, data flows, and tasks easier and more effective for security and IT personnel alike.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page