Go automate: Splunk treats US customers to new security cloud

Go automate: Splunk treats US customers to new security cloud

Data analytics and security vendor Splunk has extended its portfolio by introducing security operations platform Splunk Security Cloud into the mix. 

Following an observability cloud announced in May, the data-driven offer is meant to cover use cases ranging from security monitoring and threat detection, to auditing and compliance scenarios. It promises insight into the security status of multi-cloud environments through analytics of streaming data backed by machine learning, and faster detection of — and response to — security incidents through automation via playbooks and workflow orchestration. 

Templates for most common automations are reportedly part of the package. Splunk also gave a preview of a visual editor for building custom processes by combining actions, utilities, formats and similar building blocks into flow diagrams.

The automations are meant to free up capacities so that security teams can focus their efforts on problems that need human interaction rather than doing repetitive work. Of course company infrastructures are widely variable and made up of all kinds of components, which makes centralising data for automation tricky. Splunk claims that pre-built apps, plug-ins and connectors should be enough to take care of that. 

Dashboards are part of the platform as well, and can be used to get an idea of the status of various events and report things like the number of incidents solved and the mean time it took to do so. That’s a feature which might be more of interest to management, though.

For now, Splunk Security Cloud is available in the US only, with EMEA planned to follow suit in autumn and APAC in early 2022. Pricing will be based upon the company’s workload pricing approach, details for which are available on request.

While the Splunk Security Cloud is geared towards larger enterprises with complex setups, the company recently partnered with AWS to come up with a Security Analytics for AWS product for smaller teams, with a focus on the Amazon cloud. The result, which is also heavy-set on accelerated threat detection and response, is promised by the end of the month.

More money to grow

The new products were launched alongside Splunk’s announcement of a $1 billion investment from tech investor Silver Lake. The money is meant to “support the continued transformation” of Splunk’s business, with the company looking to use the proceeds from the investment to “fund growth initiatives and manage its capital structure”.

The company is indeed growing, at least personnel-wise, as it just completed the takeover of cloud-native security company TruSTAR it announced in May 2021. TruSTAR’s threat intelligence tooling is planned to be integrated into Splunk products to “improve alerts and automation playbooks with multiple sources of intelligence”.

Other financial plans include a newly authorised share program, which is planned to be “executed over time”. Kenneth Hao, Chairman and Managing Partner of Silver Lake, will be appointed to Splunk’s Board of Directors in connection with the investment, increasing the Board’s member count to 11.