Splunk, the data analytics security specialist, has added security orchestration, automation and response (SOAR) capabilities to its security information and event monitoring (SIEM) platform. The company announced the new capabilities at its Splunk.conf 2018 customer conference in Orlando, Florida.
Security analysts now can use Splunk's SIEM platform to monitor, visualize, detect, investigate and act on internal and external cyber threats, according to a prepared statement. They also can take action on their data via SOAR technology from Phantom, a security automation platform provider acquired earlier this year.
Introducing Splunk AOF
Splunk this week launched the Adaptive Operations Framework (AOF) built on technologies from an open ecosystem of security vendors. Organizations can leverage AOF in conjunction with over 240 security technologies to ingest structured or unstructured data and use it to make informed decisions, the company said.
Furthermore, Splunk has announced the following product upgrades at the conference:
- Splunk Enterprise Security (ES) 5.2: Features event sequencing, which groups correlation searches and risk modifiers to help security analysts quickly detect threats and speed up threat investigations, and a Use Case Library that provides relevant, actionable security content.
- Splunk Phantom 4.0: Provides clustering support, which helps security analysts scale their operations, and a new indicator view.
- Splunk UBA 4.2: Offers single-sign-on (SSO) authentication support to help security operations center (SOC) teams maintain compliant access controls.
Phantom 4.0 is now available as a free download, and ES 5.2 and UBA 4.2 will be generally available Oct. 16.
Splunk Unveils Partner+ Program Upgrades
In addition to the aforementioned announcements, Splunk unveiled the following Partner+ Program enhancements at the conference:
- Expanded global Rebate Incentive.
- New Splunk Certification Program exam content and certifications.
- New program tracks, including original equipment manufacturer (OEM) and systems integrator (SI) offerings.
The Partner+ Program provides support, tools, resources and investments to more than 1,600 partners worldwide, including MSSPs, managed service providers (MSPs) and value-added resellers (VARs). It also offers access to the Partner+ Portal, which enables partners to manage, grow and execute their operations.
Splunk CISO Perspectives
Amid all those updates, Splunk CISO Joel Fulton offers some refreshing advice to IT consultants, VARs and MSSPs that are moving into the security market.
In a meeting with MSSP Alert today, Fulton expressed concern about partners positioning themselves as trusted security advisors to end-customers.Trust, he noted, has to be earned.
Instead of selling security, Fulton believes partners need to better understand customers' business needs and the data associated with those business needs.
Splunk's software, he noted, is flexible for all types of use cases. But that flexibility means customers run the risk of moving in too many different directions."Doing everything and anything means doing nothing," says Fulton. "If the customer doesn't have a plan, then elicit it from them. Put them in a position to give you direction."
Additional reporting from Joe Panettieri.