Number one on Snehan's list is what he labels "cybernomics."
"The cost of cyber attacks is 1/10th to 1/100th the cost of cyber defence," he said. This is because attack tools are freely distributed, the computing resources are stolen, and because the labour costs in state-sponsored attacks are typically low.
"This creates an unsustainable trajectory from a cyber-defence checkpoint. We have to fundamentally change the economics of cyber defence to a thousandth."
"This will be a collaboration not seen since the space race. I believe this will be the space race of our generation.
"This will be achieved through six levers," Snehal states. "Four of these exist in Splunk today. The fifth is an investment we made in a company, and number six is the dream."
a. concept of shift left, and security by design through secure software development, continuous delivery and architecture as cloud. This allows companies to "shift left" and catch bugs in source code immediately. Here, Snehal states, is where Splunk's own data-driven DevOps plays a key role.
b. frictionless operational model, for the security analysis to help them hunt and focus. The tools must be simple to deploy and use, enabling operators to get to business with as little effort as possible. This is seen in Splunk's Enterprise offerings, to drive innovation and change.
c. help your hunters hunt better through security analytics. Splunk now has unsupervised machine learning algorithms that help analysts catch typically really hard problems, and where Splunk's User Analytics drive adoption and innovation.
d. augmenting people with robots for automated incident response. This is seen in Splunk's adaptive response ecosystem.
e. accelerating ramp to productivity through the use of natural language processing and other techniques via Insights Engine, thus allowing a cyber defender to be more productive through natural language queries and other interfaces.
f. moving target defence. This is what Snehal describes as "the dream" in which a shapeshifting network can prevent reconnaissance attacks. In a software-defined networking model, a virtual IP address can be trashed and replaced with a new one, without disruption to the user, and with all connections being preserved. So, a shape-shifting network would deliberately destroy all IP addresses every 10 seconds. This disrupts reconnaissance attacks because a specific IP address may be a Windows box one moment, a Linux box another, a mainframe another.
Yet, this shapeshifting also disrupts IT and Security Operations. Snehal explains, "because Splunk has schema-on-read we can do dynamic resolution of shapeshifting techniques at a layer that is transparent to the end user."
2. Data storytelling
Snehal describes "data storytelling" as the last mile of analytics. "It will become absolutely critical," he states.
To explain the term, Snehal speaks of an energy provider's bill and how it might present a graph comparing energy usage against similarly sized residences in the nearby region. This graph required a lot of analytical work, and household residents who might not even know how to use a computer can immediately comprehend this information and can take actions based on it.
"Storytelling is getting these complex insights and analytics so as many people can consume the information as possible - it's truly telling stories of the data. That's the 'last mile' of analytics," he said.
3. IoT as a business data source
The Internet of Things - or IoT - is well-established with industrial systems and SCADA systems. Yet, Snehal sees it as a vital data source for business analytics in time and will drive much higher business outcomes.
Using IoT retailers can get a greater understanding of how people will interact with their store, for example. This empowers the business to think of new events and responses to protect the customer experience. Snehal sees this as applying equally across retail, insurance, Government and other areas.
"We are still inventing and dreaming," Snehal states. "No company in the world does all the above at this time."