MDR, Channel partner events, MSSP

MSSP TekStream Guides Customers Through Splunk MDR Paradox


Managed detection and response (MDR) providers that use Splunk tools and services as part of their security solutions can sometimes fail to use them to their full potential, say the tech pros at TekStream, an MSSP and that also works as a business consulting firm, helping enterprises with Splunk implementations. TekStream is also a Splunk "Elite Partner.”

In a recent white paper written jointly with Splunk, entitled The Cybersecurity Paradox: Billions Spent but Breaches Boom, TekStream looks at the false security that can be provided by the concept of MDR-as-a-service. The company says that MDR providers are different and not all of them follow the same standards.

TekStream said that some MDR providers use Splunk as a database with proprietary solutions bolted on, and that's not a cost-effective approach for a few reasons. First, this approach relies on solutions that improperly digest data and distort the view of the security threat surface. Second, these customer companies end up paying for their MDR twice.

Finding the Right MDR Partner

Speaking to MSSP Alert on the subject at the recent Splunk .conf24 event in Las Vegas, Bruce Johnson, senior director for Enterprise Security at TekStream, believes that navigating an increasingly complex security landscape requires a organizations using Splunk to find a solid MDR partner that can tailor the solution to the specifications of an organization’s requirements. However, finding an MDR partner with a sufficient number of certified Splunk engineers is difficult in a tight labor market.

TekStream's customers include commercial businesses as well as state, local government and education customers. The company offers security professionals with advanced certifications and strong technical backgrounds in critical security technologies, including Splunk and CrowdStrike.

“We enable Splunk clients to build their own environments with Splunk products, whether it's its IT focused or security focused,” Johnson said. “Whatever is our client wants to do with Splunk, we pretty much get involved.”

Getting the Most Out of MDR

TekStream’s MDR service recognizes that each client’s security environment and requirements are unique. TekStream implements “out of the box” use cases and playbooks to shorten adoption and then customizes those templates to fit each client’s specific needs.

Johnson emphasized that strong security today boils down to the effective use of AI. That was also the message during a keynote address on June 11 when Cisco go-to-market president and Splunk GM Gary Steele and Cisco CEO and Chair Chuck Robbins explained how AI will have an enduring presence in everything their two companies will do together to protect data, networks and more in the future.

Proclaiming a “new AI era,” Steele described AI as “the most transforming technology we’ll see in our lifetime” and exulted its “limitless potential.” Moreover, AI is what will help power the security operations center (SOC) of the future.

Just as importantly, the next generation of cyber pros needs the appropriate training on AI’s effective application.

“AI is phenomenal tool. Everybody's using it and sees the power inherent in it,” he said. “The challenge for us in the workforce development, which makes the gap even wider. AI is 90% right, but knowing that 10% of AI is wrong requires you to have a lot of expertise. We actually have to give students more and more training and more exposure to these advanced techniques and tools for them to be ready to get a job.”

Johnson notes that Splunk is coming under some market pressure. It's also finding new channels that are opening up with complimentary solutions.

“And it's hard to read a tea leaves for how all of that strategy falls out when Splunk is bundling its products in new and innovative ways,” he said. “So I think that’s something that we're watching pretty closely right now.”

TekStream a Winner with Splunk

TekStream was a triple winner in Splunk’s Partner of the Year Awards: Outstanding Partnership – 2024 Global Social Impact Partner of the Year, 2024 Public Sector Technology Innovation Partner of the Year, and 2024 Americas Technology Innovation Partner of the Year.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.