When I joined Splunk five years ago, one of my first priorities was to grow a young security business. We were being driven into the security space by a group of savvy IT customers who knew then that Splunk had the potential to be the Data-to-Everything — including security — Platform.
Skip ahead to 2019 and Splunk’s security business has grown from $100 million in revenue to over $1 billion, our team has grown by over 700 percent and the industry recognition has followed.
Now we’re focusing on the next phase of our evolution: connecting everything in the security operations center (SOC). That’s why this week, we’re proud to introduce Splunk Mission Control — a cloud-based, unified experience for modernizing the SOC.
Why Mission Control Now
As the security landscape continues to evolve, thousands of organizations require a single source of truth to drive better, faster security decisions. Why does this matter? Time is of the essence when it comes to detecting and responding to security incidents. But when most analysts are spending too much time on mundane, repetitive tasks, or pivoting to different point solutions to gather all the required information, it leaves less time to spend on mission-critical activities.
We understand the challenges you’re facing every day and we want to help your SOC perform at its optimal level of efficiency. Over the past year, we’ve been talking about the SOC of the future — one where we envision 90% of Tier 1 analyst work will be automated. This shift from spending time triaging alerts, will enable analysts to spend 50% more of their time fine-tuning detection and response logic, such as creating correlation rules or playbooks to further the automation process.
Still, even with time saved, the need for intuitive tools to facilitate human-driven investigation is critical. We see a platform like Splunk, that connects your environment together so you have one platform where you can investigate, monitor, analyze and act all in one place.
Splunk Mission Control manages the entire security event lifecycle from a common work surface where you can detect, manage, investigate, hunt, contain and remediate threats and other high-priority security issues.
We recognize that different roles within a SOC each have different responsibilities and areas of focus. An analyst is concerned about their queue and performing triage; a threat hunter needs to search iteratively through the data; a SOC manager may be concerned about SLAs and team performance; and of course, a chief information security officer (CISO) is concerned about overall security posture. No matter what your role, Splunk Mission Control provides you with one place for every team member to manage security events from start to finish.
Splunk Mission Control connects Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA), and the new cloud-based automation service into a single unified experience to provide foundational elements to manage your SOC, perform advanced detection and streamline your processes. Splunk Mission Control integrates with all of your common SOC tools, such as Splunk and non-Splunk partner tools, performs investigations, and search across both on-premises and cloud-based Splunk and Splunk ES instances, as well as enables ChatOps collaboration, case management and automated response.
This is really an industry-first, and helps boost productivity, especially in a hybrid on-premises and cloud-based environment. And best of all, it’s in early access beta now.
Ready to Evolve Your Security Journey with Us?
Follow all the conversations coming out of #splunkconf19!