I Feel the Need, the Need for Speed!

Hey Splunk Community!

Welcome to .conf2017: The 8th Annual Splunk Conference!

If you’re joining us in D.C., it could be because you’re excited to up your technical knowledge at SplunkU or attend some of the many technical sessions this week. It could be because you want to be immersed in the passion and energy exuded by the 6000 enthusiastic Splunk fans taking over the Walter E. Washington Convention Center. These are great reasons to attend, but I’m betting it’s because you’re eager to hear more about an initiative near and dear to my heart: Adaptive Response (AR).

Since launch, Splunk’s Adaptive Response Initiative has expanded both in terms of customer adoption and new partners. We’ll have a host of sessions and opportunities to learn more about AR while at the show, but for now, let’s dig a little deeper:

Track customer/partner interest in AR actions by visiting this site!  

Customer adoption

We’re finding that customers using Adaptive Response are more efficient in collecting information from any environment and taking action. By leveraging a common interface for automating retrieval, sharing, and response in multi-vendor environments, customers can effectively address the challenges of complex cyber threats.

Today, we’re delighted to share how Adaptive Response has solved key customer challenges:

  • AFLAC is using ThreatConnect AR actions to call playbooks/blueprints which execute orchestration actions from Splunk notable events. This allows for auto-enrichment and indicator sharing with ThreatConnect threat intelligence platform.
  • Brown Foreman is using Forescout AR actions executed on CounterACT via policy. CounterACT then sends back action status to Splunk—synchronously or asynchronously.  
  • IDT is using Acalvio to communicate deception events and IOCs to Splunk to take action on the network devices for quick remediation. It also allows Splunk to send notable events to Acalvio for automated confirmation using fluid deception.
  • Lennar is using Palo Alto Networks AR actions to tag IP addresses within Splunk to send to the firewall for automated policy enforcement, e.g. to quarantine a particular host.

New Partners

What a difference a year makes! In this time, we’ve grown the initiative to include nearly 40 participants and ~70 actions. That said, I’m delighted to welcome the following partners to our initiative: Amazon Web Services, Atlassian, Booz Allen Hamilton, Corvil, Cylance, Gigamon, Illumio, Sailpoint, Signal Sciences, Swimlane, Resilient and Walkoff. Thanks to these partners, we have expanded representation across many existing domains of security featured in our Splunk Nerve Center framework.

More than 20 of all our AR partners are sponsors of .conf2017. I encourage you to walk the show floor to check out the latest actions and demos.

Let me close out by sharing opportunities to learn more while at .conf2017!

For questions on how to get involved (customer or partner):

For background and a complete list of partners/actions:

Read the Using Splunk Adaptive Response technical brief or visit Splunkbase.

See you on the show floor!

Follow all the conversations coming out of #splunkconf17!

Meera Shankar
Posted by Meera Shankar

Meera is an Alliance Manager for Splunk, focused on the security ecosystem. In her previous life, she worked in market research for a consumer products company. She has a Bachelor’s degree from Yale University and an MBA from the University of Virginia’s Darden School of Business. Her most successful days at work are the ones in which she laughs and learns something new at least twice a day.

Join the Discussion