SOAR, Generative AI, Channel partner events, Security Operations, Event logging

Splunk Product Innovations: Powering the SOC of the Future

From left, Cisco go-to-market president and Splunk GM Gary Steele was joined on stage by Cisco CEO and chair Chuck Robbins, discuss new product offerings during Splunk .conf24.

Splunk’s .conf24 event in Las Vegas last week was an occasion to unveil several new security innovations aimed at helping its 2,200-plus partner ecosystem of MSPs, MSSPs and cybersecurity vendors advance threat detection, investigation and response (TDIR) and security operations across multiple data sources.

These innovations are crucial to powering the security operations center (SOC) of the future, according to Splunk executives.

Introducing Splunk Enterprise Security 8.0

Among the advancements is Splunk Enterprise 8.0, which empowers security teams to proactively manage and mitigate risks. With standardized terminology and unified automation via Splunk SOAR, Splunk said that Enterprise Security 8.0 improves the SOC workflow experience. The new version also integrates cloud-native Mission Control simplifying how quickly and productively security analysts can detect, investigate and respond to threats.

Mike Horn, senior vice president and general manager of Splunk Security Products, said the latest advancements in Splunk Enterprise Security 8.0 revolutionize the TDIR lifecycle experience for analysts.

“Featuring a seamless investigation and case management solution that includes integrated automation with Splunk SOAR, our latest release empowers SOC teams to navigate the complexities of cybersecurity with efficiency,” Horn said. “Splunk Enterprise Security 8.0 serves as a foundation for the SOC of the future, driving proactive defense in an ever-evolving threat landscape.”

Splunk Enterprise Security 8.0 is now in private preview, with general availability coming in September 2024.

Federated Analytics Feature Unveiled

Splunk also introduced to private preview a new Federated Analytics feature. This security element analyzes data directly where it’s stored for threat hunting and detection. Customers can analyze data directly where it resides, beginning with Amazon Security Lake, a service that centralizes an organization's secrity data from across Amazon Web Services (AWS) environments, other SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake from threat hunting and bringing specific data into Splunk for frequent threat detection. The setup lets organizations detect and investigate security incidents without the need to relocate data.

By integrating with Amazon Security Lake, Federated Analytics ensures context-rich data analysis and enhances operational agility, setting the stage for future expansions to additional data platforms.

“With Amazon Security Lake and Splunk’s Federated Analytics, customers now have access to significant advancements in data security and accessibility, supporting SOC use cases such as monitoring and threat hunting,” said Mark Terenzoni, general manager, Security Services, at Amazon Web Services. “We are enthusiastic about our collaboration with Splunk to enable customers to perform just-in-time indexing for large volumes of data sources without requiring data movement for investigative use cases.”

Federated Analytics feature will become available in private preview starting in July 2024.

Splunk’s Data Management Innovations

Splunk has advanced its data management capabilities to provide its customers with a “richer, unified visibility across their enterprise while helping achieve more comprehensive data ownership.” The new Splunk Data Management portfolio allows customers to send, share and process their data across Splunk Cloud Platform and Splunk Observability Cloud.

Tom Casey, Splunk’s senior vice president and general manager of Products & Technology, explained that the centralized experience gives security and IT teams greater control over the shape, volume and destination of their data and unifies the collection of their metrics and logs.

“Not all data is created equally, and its value changes over time,” Casey explained. “Organizations need solutions that simplify the data management experience while enabling them to retain control and ownership of their data. That’s why we are thrilled to launch these new data management capabilities so organizations can harness true control over their data pipeline.”

Available or upcoming innovations within the new Splunk Data Management portfolio include:

  • Pipeline Builders enables customers to filter, mask, transform and enrich their data, helping to simplify data processing and reduce incurring weighty costs.
  • Ingest Processor unifies data management across Splunk Platform and Splunk Observability Cloud. This innovation introduces the ability to convert logs to metrics and route them to Splunk Observability Cloud as an endpoint, in addition to Splunk Cloud Platform or Amazon S3.

Splunk, Cisco Advance Security Integrations

Splunk .conf highlighted the integration of Splunk and Cisco , including plans for the companies to advance the application of AI in their joint security offerings. Splunk announced the expansion of its AI capabilities with new generative AI assistants in observability cloud and security. To provide customers with improved IT visibility and enhanced proactive threat mitigation capabilities, Splunk AI Assistant for SPL is now generally available. Splunk also unveiled new AI capabilities for IT Service Intelligence (ITSI).

Recent integrations announced at .conf24 have enabled Splunk and Cisco security teams to use Cisco Talos threat intelligence across Splunk Attack Analyzer, Splunk Enterprise Security and Splunk SOAR. Through Talos’ intelligence network, Splunk customers can streamline threat detection and response processes, reducing alert fatigue and allowing security analysts to focus on critical threats, according to the companies.

The technical integration of Talos real-time intelligence is underway across Splunk’s portfolio, including Splunk Enterprise Security, Splunk SOAR and Splunk Attack Analyzer.

The Cisco Talos threat intelligence integration with Splunk Enterprise Security, Splunk SOAR and Splunk Attack Analyzer will be made available soon.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.