Splunk Unfurls Security Operations Center as Cloud Service

Splunk, after its recent announcement of intent to acquire TruSTAR to gain access to a cybersecurity analytics tool, today launched a security operations center (SOC) delivered as a cloud service.

Jane Wong, vice president of product management for security at Splunk, said the Splunk Security Cloud combines analytics enabled by machine learning algorithms, threat intelligence tools and other Splunk security tools in a way that reduces the time required to investigate an alert to less than 30 seconds. Splunk also committed to tightening the integration between the TruSTAR analytics platform and Spunk Security Cloud in the months ahead.

Splunk also unfurled today a security analytics tool for Amazon Web Services (AWS) to make it easier for security teams to surface issues involving, for example, misconfigurations. Built in collaboration with AWS, the Splunk Security Analytics for AWS tool provides lean security teams with greater visibility into AWS environments, said Wong.

At the same time, the company also revealed that the venture capital firm Silver Lake has invested $1 billion in Splunk in the form of convertible senior notes.

Splunk is making a more aggressive push into security at a time when cybersecurity teams are under intense pressure to improve their ability to thwart and contain cybersecurity attacks. Not only has the sheer volume of these attacks increased, but cybercriminals are also employing more sophisticated techniques to evade detection.

In response, organizations are trying more urgently to close the historic divide between security and IT operations teams. There simply are not enough cybersecurity professionals available to enforce cybersecurity policies without the aid of an IT operations team. Splunk, as a long-time provider of an analytics platform used widely by IT operations teams, sees an opportunity to help organizations unify workflows across those disparate teams, noted Wong.

That issue has become especially acute as responsibility for deploying and securing cloud applications has shifted further left toward developers. The issue is many of those developers have limited cybersecurity expertise, which is manifesting itself now in a rate of cloud misconfigurations that borders on chronic.

Ultimately, to address these and other pervasive security issues will require more collaboration; that is easier to achieve when everyone involved is working from a common pool of analytics data to provide the level of observability required to respond proactively to any given threat, noted Wong. Aggregating that data also sets the stage for training artificial intelligence (AI) models that might one day help level the playing field.

Of course, Splunk Security Cloud is not the first foray the company has made into the realm of cybersecurity. The challenge is many cybersecurity teams have already invested in a host of tools and cloud platforms that, in many cases, they may be reluctant to replace. However, as more cybersecurity teams opt to rely on cloud services to manage processes, many of them may lean toward a platform from a vendor that IT operations teams already know.

One way or another, cybersecurity and IT operations workflows are going to converge simply as a matter of survival. The only real question now is how much pain will be experienced before that goal is ultimately achieved.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard