“Automation and collaboration are very important this year,” Haiyan Song, senior vice-president, Security Markets, told iTWire.
Splunk began life as a machine data log file aggregator, capturing unstructured information from devices all across the enterprise, allowing detailed drill-down and discovery and helping technology departments correlate events and fault-find effectively.
Yet, Splunk customers found they could equally well apply the product - and importantly, its insights and visualisations - to any data at all, providing business users with the same depth of capability to query their data, even helping different departments get answers to different questions.
“I am super excited we have enriched our portfolio,” Song said. “Splunk can take the customer on a smooth and effective journey and deliver on this portfolio.
“Phantom and automation are very hot topics for many of customers,” Song said. “The value our customers are looking for is security orchestration with detection and protection at machine speed.”
Externally, Song finds business awareness around security has increased due to the European General Data Protection Regulation, forcing customers to bolster their breach capabilities because they are compelled to report to the authorities and thus require greater mechanisms and systems in place, and an ability to understand the situation.
“Phantom provides complementary power to complete the loop and provide a very scaled solution for automation, going back to what Splunk is all about, delivering a nerve centre for security. That capability is now completed by having the orchestration and automation platform at scale. It’s a big differentiator for us to have that platform and scale,” she said.
Within the last year, Splunk has continued to develop its Security Essentials product, growing from “about 80 different use cases to 200 now”, with customers leveraging it in different vertical markets. Splunk has further increased content updates from “about every six weeks to every two weeks, delivering the latest actionable intelligence to customers helping them on their journey”, Song said.
“Phantom allowed us to really start building the response part of the story, which are ‘playbooks’ for Phantom. It becomes part of a big planning exercise, to bring the technology and people together and deliver to customers in a holistic way so they can start at the beginning and end with playbooks to automate.”
Automation is important. Phantom’s research identified a human analyst takes around 40 minutes to go through the entire process of analysing an email, correlating the recipients, validating sources and purging it from the mail system. “Once you can automate it, it takes less than 30 seconds,” Song said.
“This is a good metric for people to think about. An incident response has to go from hours to tens of minutes down to seconds. There is interesting data from a ransomware event last year at one of the world's biggest shipping giants in Europe.
"From the time the ransomware entered, it took seven minutes to paralyse the organisation. If in the best use case an analyst can respond in 10 minutes, there is no way you can get ahead of future attacks coming at you unless you have an automated response and can respond in machine speed. That’s how fast the attacks are coming at you,” she said.