Conf24: Splunk Unleashes Enterprise Security 8.0, More

Gretchen O’Hara, Splunk’s vice president of worldwide partners and alliances, said Splunk's ongoing innovation serving customer needs and use cases is “something that always delights our partners.”

“They've been very vocal, quite frankly, in what customers are asking for and the road map is now delivered,” she said. “So I think opportunity first and foremost, that’s a big one. The second one is around the data. You heard a lot [at Conf24] about being able to capture so much of the data now that Cisco is in the mix [via its acquisition of Splunk]. That opens up a lot of opportunities for partners. When you think about data optimization, data governance, all the work around AI that they can bring to bear, this is one where many partners are saying, 'How do I get on top of ... the next and the new opportunity?' Those are two big areas where these announcements spell out delighting the customers, expanding use cases and then getting into new practice areas where they can actually build upon their business.”

Jeetu Patel, executive vice president and general manager of Cisco’s security and collaboration business, told attendees at Conf24 that Talos processes about 550 billion security events daily.

“What we wanted to do was make sure that we can enrich Splunk with Talos data across the entirety of the Splunk portfolio,” he said. “All [of you] should have Talos-enriched data so that you can make sure that you can more effectively process and analyze the data for emerging threats that are occurring in the market. You will actually see this come out over the course of the next few months. Talos [will] be integrated with Splunk, and all of the data from Talos will be enriched to Splunk so that you can have far better ability to go out and do detections and compress the time for investigation.”

Patel said he’s “excited” about all the potential of Cisco and Splunk have because “we don't have overlapping technologies between security and what Splunk does.”

“Great products get built by good companies, but movements get created by communities, and one thing that you folks should know about Cisco is we appreciate the passion with which, over the course of the past 20 years, this community has built this data movement,” he said. “I just want to commit to you that we are not going to screw up Splunk. We are going to get it way, way better than where we are right now. But more importantly, we're going to make sure that we nurture this community, because this is the heart and soul of Splunk. All of you should be really proud of this amazing movement that you've created in the industry, that we're just going to take larger and scale it to 8 billion people on the planet. We are so excited to make sure that we can work with each one of you.”

Splunk's Tom Casey said there are more Cisco-Splunk integrations coming around Cisco Identity Intelligence, Hypershield and more, “so stay tuned.”

O’Hara said partners are excited about the opportunities ahead from Splunk and Cisco.

“We've had our partner advisory councils across the globe and there's an overwhelming excitement,” she said. “If you were to summarize a couple things, one is opportunity. I think one is reach and scale. And I think our partners now see an opening with more innovation on the Cisco side to have a more holistic solution and be more competitive ... in the marketplace. So they feel like this is just a great opportunity to be in front and stay in front.”

Mike Horn, senior vice president and general manager of Splunk security products, said Enterprise Security 8.0 is “one of the biggest releases” Splunk has ever done in enterprise security.

“We talked about Mission Control last year in terms of streamlined workflows and integration with security orchestration, automation and response (SOAR) and all that good stuff. Now that the Mission Control investigation experience is going to live inside of Enterprise Security instead of having to install another application, you’ll be able to get the benefit of all those great new features that will be directly inside of Enterprise Security. So that means that analysts are going to be able to do things like run a SOAR playbook from within Enterprise Security, get the results back into Enterprise Security and never have to leave, which results in a much more seamless experience for them, which then helps them make better decisions and make them faster. You're going to hear that better and faster; that's a big focal point for me and the security team.”

Read more from Mike Horn in the upcoming June 17 edition of the Gately Report on Channel Futures.

During a press conference, Casey gave his thoughts on the good and bad of generative AI from a cybersecurity perspective.

“Everybody's concerned about the threats from generative AI,” he said. “It lowers the barrier of entry for bad actors to go scale attacks; in particular, social engineering is always a threat. We've seen a bunch of these deepfake-type of things, and that's a general concern in the industry.

"Talking to CISOs that are here right now, the vast majority of them are more optimistic than pessimistic when it comes to AI, and I think that's the right answer," he added. "Everybody recognizes this is a technology transformation, a new era that we are in with AI. And yes, there are threats, but the gains in productivity that many of them are seeing as well, from adopting AI with a clear set of guiding principles around its fair use and priorities within the organization, are meaningful. I had an [engineering] panel discussion talk about how organizations gained for early career individuals about a 30% productivity boost. That's pretty significant, especially when you consider, in the realm of security, one of the greatest restrictions to success and growth for people is hiring and finding enough skilled talent to come in and work in the SOC.

"So AI shifting to natural language support, being part of the everyday workflows, and being able to lower the barrier for people to participate, but to participate across vast sets of data and the depth of the network effectively, that not only levels the playing field, but we think over time tilts things in the favor ... of those trying to protect systems rather than those attackers.”

During the Global Partner Summit, O’Hara said about 70% of Splunk’s business was impacted by partners, and that has since increased to 90% year to date.

She said a few things are fueling the increase in partner-led business.

“First of all, we set on a three-year journey to really transition our partners with Splunk,” O’Hara said. “And one of the things we needed to do was move away from a transactional engagement, meeting at the cash register, and really move to value-add selling and the engagement there. As we made that shift, our sellers understood that partners are the critical linchpin to actually bringing that value into the customers, maintaining and growing, and ultimately renewing for success there, because our partners are there day in and day out. They also bring very unique use cases and great capabilities, the last mile, to security and observability, and the extension of our platform. So I think that one is a really big area for them.”

In terms of looking ahead, partners are now focused on AI, she said.  

“One of the big things that everyone is talking about is AI and generative AI, obviously,” O’Hara said. “... All of our partners are looking at how we now bring AI as that practice area within my core business. And I think every conversation I've had, that's a place that most partners are betting on at this point, if they haven't already.”

Blackwood, a Maryland-based technology broker specializing in cybersecurity and data analytics, has partnered with Splunk since 2009. Ryan Morris, its president, said the secret to a lot of his company’s growth resulted from having deep Splunk expertise.

“Obviously, if you're going to enable outcomes in security, it can't just be Splunk,” he said. “Splunk can give you a lot of good ideas on what to do and help to actuate those things, but you also need enforcement points. You need sensors to give you the right telemetry data. So we've expanded our portfolio over time. But for the entire 15-year period, it's been very centered around Splunk and that's a lot of the reason that we've seen the growth that we have.”

Blackwood's Ryan Morris

Morris said he’s excited that it was Cisco that acquired Splunk because “I think that they have a healthy respect for the culture, the software, the tools, the process, everything they bought beyond the software, they truly respect it.

"And it couldn't be more complementary because if you think about it, you have Cisco that has all of the data and infrastructure, and then Splunk that has an elegant software approach to making sense and performing data analysis,” he continued. “So that's the underpinning for really strong, viable AI. And to really be competitive in an AI-based market when there are others that are just so big – Microsoft, AWS, Google – who have really leaned into it with bottomless bank accounts, the only way you really compete and ensure that you are able to support your customers is to ... join forces. So it is the right marriage, period.

"I've just got to figure out how I work in it. I'm still figuring that piece out," he added. "The good news is, they have decided to maintain both channel programs. That's really important because they're complementary and both companies need to continue to execute. They will continue to become more collaborative over time and bring the best elements into each, but that's where I spend most of my time right now in my engagement with both of those organizations about what the future looks like so we can ... prepare.”

Also during Conf24, Splunk announced its 2024 Partner Awards. O’Hara said the awards are a “testament to the partners of the Splunk community who have made significant strides in creating positive social impact, delivering breakthrough solutions and showcasing customer success.”

“These partners, recognized in specific categories, are an integral part of the Splunk Partnerverse Program, enabling our joint customers to unlock innovation, fortify security and build resilience with Splunk solutions tailored to their unique business needs,” she said. "We thank every Splunk partner for driving successful business outcomes with our shared customers. On behalf of the Partnerverse and Splunk leadership teams, we want to celebrate our entire partner community on an outstanding year and congratulate the 2024 Splunk Partner Awards winners."

2024 Splunk Partner Awards Winners include:

Also during Conf24, Splunk announced its 2024 Partner Awards. O’Hara said the awards are a “testament to the partners of the Splunk community who have made significant strides in creating positive social impact, delivering breakthrough solutions and showcasing customer success.”

“These partners, recognized in specific categories, are an integral part of the Splunk Partnerverse Program, enabling our joint customers to unlock innovation, fortify security and build resilience with Splunk solutions tailored to their unique business needs,” she said. "We thank every Splunk partner for driving successful business outcomes with our shared customers. On behalf of the Partnerverse and Splunk leadership teams, we want to celebrate our entire partner community on an outstanding year and congratulate the 2024 Splunk Partner Awards winners."

2024 Splunk Partner Awards Winners include: