Splunk Mission Control: A Security Operation Center Enhancement?
Splunk has unveiled Splunk Mission Control, a cloud-based SaaS software platform for security operations centers (SOCs). The move surfaces amid a highly fragmented market, in which dozens of SOC as a Service (SOCaaS) companies now promote their offerings to MSPs and MSSPs.
Mission Control, which surfaced at this week’s .conf19 customer conference, works in conjunction with the multiple tools — particularly:
- Splunk Enterprise Security (ES) security information and event management (SIEM),
- Splunk User Behavior Analytics (UBA) machine learning; and
- Splunk Phantom security orchestration, automation and response (SOAR) platforms.
Still, it’s unclear if the Mission Control offering will be promoted as a SOCaaS option for MSSPs in the enterprise and midmarket, and MSPs in the SMB sector. Mission Control is currently available in beta for early access customers, with general availability “coming soon.”
Security Portfolio Updates
Also at the conference, Splunk unveiled:
- ES 6.0: Features asset and identity framework enhancements, analytics reporting for security investigations, out-of the box reports for security metrics and an integration with Splunk’s Machine Learning Toolkit.
- UBA 5.0: Enables SOC teams to build advanced, customized machine learning models for baselining and tracking deviations across security environments and use cases.
- Phantom 4.6: Provides SOAR capabilities to mobile phone users and offers open source integration apps.
The company has a growing partner program — mostly serving data-driven enterprises. But Splunk also has the beginnings of a more formalized MSP engagement effort.
Additional insights from Joe Panettieri.