They say imitation is the sincerest form of flattery, so it was flattering that Oracle finally woke up to the power of machine data and the importance of security and has been attempting to take aim at Splunk this week with the announcement of the “Oracle Management and Security Cloud.” However, despite their attempt at a direct comparison to Splunk, their offering is so little like Splunk, that we’re only a little flattered.
The thing that worries me the most about Oracle’s apparent new data offering isn’t their deep misunderstanding of how and why Splunk is able to so effectively deliver amazing value to our customers - it’s their fundamental lack of knowledge and understanding of the security market. This is serious business that requires a community to support those amazing cyber warriors that live on the front lines daily. It’s not time for rhetoric from a company with a record of under serving and gouging their customers. After 10+ years of serving millions and millions of end users, in this vitally critical societal topic, we are very appreciative of what it takes to help our customers be successful. The Splunk platform is recognized by Gartner as a Leader in security and Splunk is one of the creators of AIOps. Here are some actual facts.
- "Oracle Management Cloud delivers a complete data architecture through a unified entity model that spans topology, associations, telemetry and threats. In contrast, Splunk has no real entity model and leaves data in many disparate vendor silos."
Like all database oriented people, your solution to building an integrated view of a complex situation is to centralize all the data into a single store. The scale and speed of today’s universe of millions of data feeds make that approach a non-starter. We have customers indexing petabytes of data a day from hundreds to thousands of data sources and using that same data for multiple use cases. Splunk turns data into answers, applying schema on read to give structure to the data when you ask the question and not force entities when you write it (presumably to an Oracle database which is... again… convenient).
Virtual integration is the new path, dynamically integrating data on a just-in-time basis as opposed to collecting it on a “just-in-case basis.” The data will stay in those disparate silos—the knowledge won’t.
But don’t take my word for it, we have a huge body of customers leveraging Splunk to ingest data from multiple sources across their organization. For example, Rackspace ingests nearly three terabytes of data per day across security, compliance, DevOps, business intelligence, application management and IT operations data sources.
- "Oracle Management Cloud provides real-time insight through out-of-the-box applied machine learning that is easy to operate and use. In contrast, Splunk provides a machine learning toolkit that requires data scientists."
Just wrong. We make machine data accessible, usable and valuable to everyone and we’re doing the same with machine learning. If you are a data scientist and want to build your own algorithms then, yes, we have a machine learning toolkit. But we’ve also seamlessly integrated machine learning for ITOA in Splunk IT Service Intelligence and the same for security with Splunk User Behavior Analytics. This puts answers directly into the hands of anyone in IT, security or the business, no data science degree required.
- "Oracle Management Cloud delivers integrated and automated remediation that helps eliminate human error. In contrast, Splunk has no remediation capability."
There is no such thing as a wall-to-wall Oracle customer. Companies live in a heterogeneous world. If you are focused on serving and adding value to customers, then any mission critical solution must recognize this. In contrast, Splunk acts as the Security and IT “nerve center” for our customers, built from the ground up to sense and respond to incidents with an ecosystem approach.
In security we have an ecosystem of 40 vendor partners through the Adaptive Response Initiative, which helps security analysts handle threats through direct integrations with the top security vendors, enabling a unified defense. For example, Splunk partners with ForeScout to help give Brown-Forman visibility and control of devices connecting to its network in order to detect threats and execute a response faster than ever before.
In IT, we integrate with industry-leading automation, provisioning, helpdesk and ticketing systems, so if Splunk spots an incident, we work with your heterogeneous IT landscape to take the right action. For example, triggering a ServiceNow ticket for an IT fix or spinning up new AWS instance when more capacity is needed.
Larry did get one thing right, and that’s that Splunk "kind of invented the log analytics category." We thank him for the compliment. What started as “Google for IT” has evolved into an enterprise machine data platform. We talk a lot about rapidly driving value for our customers here at Splunk, and our customers use our platform to make real differences to their business. Aflac has blocked over two million security threats with Splunk solutions. Gatwick Airport gets 95 percent of passengers through security in 5 minutes or less to maximise revenue. The State of Louisiana saved $70 million by accelerating modernization and consolidating legacy IT.
Finally, we’d like to just offer some (more) help. We’ve been bringing machine data from trains, planes and automobiles into Splunk for years. We can bring in boat data as well. There’s a free cloud trial of Splunk that could help you analyze the Oracle yacht data. We realize it’s a bit late for that this year. We’re happy to help you try and win the America’s Cup back next time you compete.