Adaptive Response: Beyond Analytics-Driven Security


Now that .conf2016 is in full swing, I’m excited to discuss one of my favorite topics – the Splunk-led Adaptive Response Initiative, which we first announced at the RSA Conference earlier this year. We made a big splash with a strong group of 8 founding participants representing key security technologies like Network Firewall, Endpoint Detection and Response, Privileged User Management, Threat Intelligence, and Incident Response. We are thrilled by the support from Splunk customers and strategic partners as we continue to enable organizations to operate multi-vendor adaptive security architectures and bring life to our vision for a security nerve center.

So here we are in Orlando, and I’m happy to share our latest Adaptive Response milestones:

  1. We have extended Adaptive Response controls into Splunk Enterprise Security 4.5 (ES)
  2. Vendor support has more than doubled, with over 20 partners (from 8 vendors when we launched just 6 months ago)
  3. Increased depth of coverage in domains including threat intelligence and endpoint
  4. Increased breadth of coverage to include CASB (Cloud Access Security Broker), Deception, IAM (Identity Access Management), NAC (Network Access Control), Vulnerability Management, and Network Forensics (traffic capture)

To provide some important background (see my Adaptive Response blog post from earlier this year for more context) – customers have been using Adaptive Response-like capabilities for some time now – many have developed and are using “bi-directional” communication to automate the more time-consuming aspects of responding to incidents, like getting more information from devices, sharing information to teams and devices, and taking action across devices in a semi-automated or automated manner — the associated actions needed to contain and disrupt threats.

The Adaptive Response Initiative now consists of: Acalvio, Anomali, Blue Coat + Symantec, Carbon Black, Cisco, CrowdStrike, CyberArk, DomainTools, ForeScout, Fortinet, Okta, OpenDNS, Palo Alto Networks, Phantom, ProofPoint, Qualys, Recorded Future, Splunk, Tanium, ThreatConnect, and Ziften. We are honored to be leading the Initiative, and proud to have market-leading security vendors join us to fulfill this very important need.

Haiyan Song
SVP, Security Markets

Follow all the conversations coming out of #splunkconf16!

Follow the .conf2016 live stream for interviews and keynotes throughout the week.

Haiyan Song
Posted by

Haiyan Song

Haiyan Song has been with Splunk since 2014 and currently serves as our Senior Vice President, Security Markets. From 2012 to 2014, Ms. Song served as Vice President and General Manager of HP ArcSight, a security and compliance management company previously acquired by Hewlett-Packard Company. From 2005 to 2012, she served as Vice President of Engineering at ArcSight. Ms. Song previously served as Vice President of Engineering at SenSage, an event data warehousing company, from 2004 to 2005. She started her career at IBM/Informix, a database software company. Ms. Song is one of the thought leaders of the cyber security industry in the US. She is named Top 50 most powerful women in Technology in 2016 and 2017. Ms. Song holds a M.S. from Florida Atlantic University and studied Computer Science in Tsinghua University in China.

Join the Discussion