Conf24: Splunk Unleashes Enterprise Security 8.0, More
Splunk's latest innovations provide big opportunities for partners, the company says.
![Splunk debuts Enterprise Security 8.0 at Conf24. Splunk debuts Enterprise Security 8.0 at Conf24.](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltaf8fbe88f84ab8c1/666a6fc65d4726699397d1cd/Splunk_Conf24_Day_2_Cover.jpg?width=700&auto=webp&quality=80&disable=upscale)
Gretchen O’Hara, Splunk’s vice president of worldwide partners and alliances, said Splunk's ongoing innovation serving customer needs and use cases is “something that always delights our partners.”
“They've been very vocal, quite frankly, in what customers are asking for and the road map is now delivered,” she said. “So I think opportunity first and foremost, that’s a big one. The second one is around the data. You heard a lot [at Conf24] about being able to capture so much of the data now that Cisco is in the mix [via its acquisition of Splunk]. That opens up a lot of opportunities for partners. When you think about data optimization, data governance, all the work around AI that they can bring to bear, this is one where many partners are saying, 'How do I get on top of ... the next and the new opportunity?' Those are two big areas where these announcements spell out delighting the customers, expanding use cases and then getting into new practice areas where they can actually build upon their business.”
Jeetu Patel, executive vice president and general manager of Cisco’s security and collaboration business, told attendees at Conf24 that Talos processes about 550 billion security events daily.
“What we wanted to do was make sure that we can enrich Splunk with Talos data across the entirety of the Splunk portfolio,” he said. “All [of you] should have Talos-enriched data so that you can make sure that you can more effectively process and analyze the data for emerging threats that are occurring in the market. You will actually see this come out over the course of the next few months. Talos [will] be integrated with Splunk, and all of the data from Talos will be enriched to Splunk so that you can have far better ability to go out and do detections and compress the time for investigation.”
Patel said he’s “excited” about all the potential of Cisco and Splunk have because “we don't have overlapping technologies between security and what Splunk does.”
“Great products get built by good companies, but movements get created by communities, and one thing that you folks should know about Cisco is we appreciate the passion with which, over the course of the past 20 years, this community has built this data movement,” he said. “I just want to commit to you that we are not going to screw up Splunk. We are going to get it way, way better than where we are right now. But more importantly, we're going to make sure that we nurture this community, because this is the heart and soul of Splunk. All of you should be really proud of this amazing movement that you've created in the industry, that we're just going to take larger and scale it to 8 billion people on the planet. We are so excited to make sure that we can work with each one of you.”
Splunk's Tom Casey said there are more Cisco-Splunk integrations coming around Cisco Identity Intelligence, Hypershield and more, “so stay tuned.”
O’Hara said partners are excited about the opportunities ahead from Splunk and Cisco.
“We've had our partner advisory councils across the globe and there's an overwhelming excitement,” she said. “If you were to summarize a couple things, one is opportunity. I think one is reach and scale. And I think our partners now see an opening with more innovation on the Cisco side to have a more holistic solution and be more competitive ... in the marketplace. So they feel like this is just a great opportunity to be in front and stay in front.”
Mike Horn, senior vice president and general manager of Splunk security products, said Enterprise Security 8.0 is “one of the biggest releases” Splunk has ever done in enterprise security.
“We talked about Mission Control last year in terms of streamlined workflows and integration with security orchestration, automation and response (SOAR) and all that good stuff. Now that the Mission Control investigation experience is going to live inside of Enterprise Security instead of having to install another application, you’ll be able to get the benefit of all those great new features that will be directly inside of Enterprise Security. So that means that analysts are going to be able to do things like run a SOAR playbook from within Enterprise Security, get the results back into Enterprise Security and never have to leave, which results in a much more seamless experience for them, which then helps them make better decisions and make them faster. You're going to hear that better and faster; that's a big focal point for me and the security team.”
Read more from Mike Horn in the upcoming June 17 edition of the Gately Report on Channel Futures.
During a press conference, Casey gave his thoughts on the good and bad of generative AI from a cybersecurity perspective.
“Everybody's concerned about the threats from generative AI,” he said. “It lowers the barrier of entry for bad actors to go scale attacks; in particular, social engineering is always a threat. We've seen a bunch of these deepfake-type of things, and that's a general concern in the industry.
"Talking to CISOs that are here right now, the vast majority of them are more optimistic than pessimistic when it comes to AI, and I think that's the right answer," he added. "Everybody recognizes this is a technology transformation, a new era that we are in with AI. And yes, there are threats, but the gains in productivity that many of them are seeing as well, from adopting AI with a clear set of guiding principles around its fair use and priorities within the organization, are meaningful. I had an [engineering] panel discussion talk about how organizations gained for early career individuals about a 30% productivity boost. That's pretty significant, especially when you consider, in the realm of security, one of the greatest restrictions to success and growth for people is hiring and finding enough skilled talent to come in and work in the SOC.
"So AI shifting to natural language support, being part of the everyday workflows, and being able to lower the barrier for people to participate, but to participate across vast sets of data and the depth of the network effectively, that not only levels the playing field, but we think over time tilts things in the favor ... of those trying to protect systems rather than those attackers.”
During the Global Partner Summit, O’Hara said about 70% of Splunk’s business was impacted by partners, and that has since increased to 90% year to date.
She said a few things are fueling the increase in partner-led business.
“First of all, we set on a three-year journey to really transition our partners with Splunk,” O’Hara said. “And one of the things we needed to do was move away from a transactional engagement, meeting at the cash register, and really move to value-add selling and the engagement there. As we made that shift, our sellers understood that partners are the critical linchpin to actually bringing that value into the customers, maintaining and growing, and ultimately renewing for success there, because our partners are there day in and day out. They also bring very unique use cases and great capabilities, the last mile, to security and observability, and the extension of our platform. So I think that one is a really big area for them.”
In terms of looking ahead, partners are now focused on AI, she said.
“One of the big things that everyone is talking about is AI and generative AI, obviously,” O’Hara said. “... All of our partners are looking at how we now bring AI as that practice area within my core business. And I think every conversation I've had, that's a place that most partners are betting on at this point, if they haven't already.”
Blackwood, a Maryland-based technology broker specializing in cybersecurity and data analytics, has partnered with Splunk since 2009. Ryan Morris, its president, said the secret to a lot of his company’s growth resulted from having deep Splunk expertise.
“Obviously, if you're going to enable outcomes in security, it can't just be Splunk,” he said. “Splunk can give you a lot of good ideas on what to do and help to actuate those things, but you also need enforcement points. You need sensors to give you the right telemetry data. So we've expanded our portfolio over time. But for the entire 15-year period, it's been very centered around Splunk and that's a lot of the reason that we've seen the growth that we have.”
![Blackwood's Ryan Morris Blackwood's Ryan Morris](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt65746f051dcc6756/666a7468cb88736a1825876c/Morris_Ryan_Blackwood_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
Blackwood's Ryan Morris
Morris said he’s excited that it was Cisco that acquired Splunk because “I think that they have a healthy respect for the culture, the software, the tools, the process, everything they bought beyond the software, they truly respect it.
"And it couldn't be more complementary because if you think about it, you have Cisco that has all of the data and infrastructure, and then Splunk that has an elegant software approach to making sense and performing data analysis,” he continued. “So that's the underpinning for really strong, viable AI. And to really be competitive in an AI-based market when there are others that are just so big – Microsoft, AWS, Google – who have really leaned into it with bottomless bank accounts, the only way you really compete and ensure that you are able to support your customers is to ... join forces. So it is the right marriage, period.
"I've just got to figure out how I work in it. I'm still figuring that piece out," he added. "The good news is, they have decided to maintain both channel programs. That's really important because they're complementary and both companies need to continue to execute. They will continue to become more collaborative over time and bring the best elements into each, but that's where I spend most of my time right now in my engagement with both of those organizations about what the future looks like so we can ... prepare.”
Also during Conf24, Splunk announced its 2024 Partner Awards. O’Hara said the awards are a “testament to the partners of the Splunk community who have made significant strides in creating positive social impact, delivering breakthrough solutions and showcasing customer success.”
“These partners, recognized in specific categories, are an integral part of the Splunk Partnerverse Program, enabling our joint customers to unlock innovation, fortify security and build resilience with Splunk solutions tailored to their unique business needs,” she said. "We thank every Splunk partner for driving successful business outcomes with our shared customers. On behalf of the Partnerverse and Splunk leadership teams, we want to celebrate our entire partner community on an outstanding year and congratulate the 2024 Splunk Partner Awards winners."
2024 Splunk Partner Awards Winners include:
Global Partner of the Year – Accenture
Global Services Partner of the Year – NCC Group
Global Joint Selling Partner of the Year – Amazon Web Services (AWS)
Global Technology Innovation Partner of the Year – Recorded Future
Global Social Impact Partner of the Year -- TekStream
AMER Regional Partner of the Year – Guidepoint Security
AMER Emerging Partner of the Year – World Wide Technology (WWT)
AMER Services Partner of the Year – SP6
AMER Technology Innovation Partner of the Year – TekStream
APAC Regional Partner of the Year – JDS Australia
APAC Emerging Partner of the Year – EY
APAC Distributor Partner of the Year – Macnica
APAC Services Partner of the Year – Hyperion3
APAC Technology Innovation Partner of the Year – CyberCX
EMEA Regional Partner of the Year – Orange Group
EMEA Emerging Partner of the Year – FullStacks GmbH
EMEA Distributor Partner of the Year – Arrow France
EMEA Services Partner of the Year – NCC Group
EMEA Technology Innovation Partner of the Year – Accenture EMEA
Public Sector Regional Partner of the Year – Blackwood
Public Sector Emerging Partner of the Year – Conducive
Public Sector Distributor Partner of the Year – Carahsoft
Public Sector Services Partner of the Year – Qmulos
Public Sector Technology Innovation Partner of the Year – TekStream
Also during Conf24, Splunk announced its 2024 Partner Awards. O’Hara said the awards are a “testament to the partners of the Splunk community who have made significant strides in creating positive social impact, delivering breakthrough solutions and showcasing customer success.”
“These partners, recognized in specific categories, are an integral part of the Splunk Partnerverse Program, enabling our joint customers to unlock innovation, fortify security and build resilience with Splunk solutions tailored to their unique business needs,” she said. "We thank every Splunk partner for driving successful business outcomes with our shared customers. On behalf of the Partnerverse and Splunk leadership teams, we want to celebrate our entire partner community on an outstanding year and congratulate the 2024 Splunk Partner Awards winners."
2024 Splunk Partner Awards Winners include:
Global Partner of the Year – Accenture
Global Services Partner of the Year – NCC Group
Global Joint Selling Partner of the Year – Amazon Web Services (AWS)
Global Technology Innovation Partner of the Year – Recorded Future
Global Social Impact Partner of the Year -- TekStream
AMER Regional Partner of the Year – Guidepoint Security
AMER Emerging Partner of the Year – World Wide Technology (WWT)
AMER Services Partner of the Year – SP6
AMER Technology Innovation Partner of the Year – TekStream
APAC Regional Partner of the Year – JDS Australia
APAC Emerging Partner of the Year – EY
APAC Distributor Partner of the Year – Macnica
APAC Services Partner of the Year – Hyperion3
APAC Technology Innovation Partner of the Year – CyberCX
EMEA Regional Partner of the Year – Orange Group
EMEA Emerging Partner of the Year – FullStacks GmbH
EMEA Distributor Partner of the Year – Arrow France
EMEA Services Partner of the Year – NCC Group
EMEA Technology Innovation Partner of the Year – Accenture EMEA
Public Sector Regional Partner of the Year – Blackwood
Public Sector Emerging Partner of the Year – Conducive
Public Sector Distributor Partner of the Year – Carahsoft
Public Sector Services Partner of the Year – Qmulos
Public Sector Technology Innovation Partner of the Year – TekStream
SPLUNK CONF24 — On day two of Conf24, Splunk unveiled new security offerings that include Enterprise Security 8.0 and a new Federated Analytics feature.
A unified threat detection, investigation and response (TDIR) solution is crucial to power the security operations center (SOC) of the future, according to Splunk. The latest offerings from the company address this need by delivering comprehensive security visibility, accurate threat detection and streamlined workflows for rapid response, ultimately saving time.
Now with Mission Control integrated, Enterprise Security 8.0 simplifies how security analysts detect, investigate and respond to threats. With standardized terminology and unified automation via Splunk Security Orchestration, Automation and Response (SOAR), Enterprise Security 8.0 expedites how security pros triage alerts, and enhances detection with advanced analytics. As a result, security analysts can access streamlined workflows and respond more quickly.
Beyond Enterprise Security 8.0
Splunk's Federated Analytics feature, available in private preview on Splunk Cloud Platform and Splunk Enterprise Security cloud deployments, introduces what the company says is a new approach to data analysis. This solution allows customers to analyze data directly where it resides, for threat hunting and bringing specific data into Splunk for frequent threat detection. By integrating with Amazon Security Lake, Federated Analytics allows businesses to detect and investigate security incidents without the need to relocate data. This capability ensures swift, context-rich data analysis and enhances operational agility, setting the stage for future expansions to additional data platforms, Splunk said.
In addition, following Cisco’s acquisition of Splunk, security teams can now access Cisco Talos threat intelligence across Splunk Attack Analyzer, Splunk Enterprise Security and Splunk SOAR for enhanced defense against known and emerging threats. Cisco Talos Threat Intelligence Group is a team composed of researchers, analysts and engineers.
Leveraging Talos’ intelligence network, Splunk customers can streamline threat detection and response processes, reducing alert fatigue and allowing security analysts to focus on critical threats. This enables quick identification and prioritization of real threats with global real-time outbreaks, contextual insights and advanced correlations, according to Splunk.
Data Management Innovations
In addition, Splunk unveiled new data management innovations that provide customers with unified visibility across their enterprise and help achieve more comprehensive data ownership. Through the new Splunk Data Management portfolio, customers can send, share and process their data across Splunk Cloud Platform and Splunk Observability Cloud.
Tom Casey, Splunk’s senior vice president and general manager of product and technology, said the age of AI requires greater resiliency.
![Splunk's Tom Casey Splunk's Tom Casey](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt32830e38324693c3/66690cfff311eb0421f48c81/Casey_Tom_Splunk_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
Splunk's Tom Casey
“That requires us to drive change in our environments quickly,” he said. “We need to catch issues while they’re small so that we can focus on our work. We need to have stronger analytics that we can bring to bear so we can find new opportunities as well. All of this requires broad and deep visibility into the environments that we’re operating in, and demands efficiency and productivity from each of us. This is exactly what Splunk delivers.”
Scroll through our slideshow above for more from day two of Conf24.
About the Author(s)
You May Also Like