.CONF & SPLUNKLIVE!

The State of Security: Reimagining Security Operations With Splunk Mission Control

When I joined Splunk five years ago, one of my first priorities was to grow a young security business. We were being driven into the security space by a group of savvy IT customers who knew then that Splunk had the potential to be the Data-to-Everything — including security — Platform.

Skip ahead to 2019 and Splunk’s security business has grown from $100 million in revenue to over $1 billion, our team has grown by over 700 percent and the industry recognition has followed. 

Splunk has been named a leader in the Gartner Magic Quadrant for SIEM six straight years and this year we were recognized as having the largest SIEM market share by IDC

Now we’re focusing on the next phase of our evolution: connecting everything in the security operations center (SOC). That’s why this week, we’re proud to introduce Splunk Mission Control — a cloud-based, unified experience for modernizing the SOC.

Why Mission Control Now

As the security landscape continues to evolve, thousands of organizations require a single source of truth to drive better, faster security decisions. Why does this matter? Time is of the essence when it comes to detecting and responding to security incidents. But when most analysts are spending too much time on mundane, repetitive tasks, or pivoting to different point solutions to gather all the required information, it leaves less time to spend on mission-critical activities. 

We understand the challenges you’re facing every day and we want to help your SOC perform at its optimal level of efficiency. Over the past year, we’ve been talking about the SOC of the future — one where we envision 90% of Tier 1 analyst work will be automated. This shift from spending time triaging alerts, will enable analysts to spend 50% more of their time fine-tuning detection and response logic, such as creating correlation rules or playbooks to further the automation process. 

Still, even with time saved, the need for intuitive tools to facilitate human-driven investigation is critical. We see a platform like Splunk, that connects your environment together so you have one platform where you can investigate, monitor, analyze and act all in one place.

Splunk Mission Control manages the entire security event lifecycle from a common work surface where you can detect, manage, investigate, hunt, contain and remediate threats and other high-priority security issues. 

We recognize that different roles within a SOC each have different responsibilities and areas of focus. An analyst is concerned about their queue and performing triage; a threat hunter needs to search iteratively through the data; a SOC manager may be concerned about SLAs and team performance; and of course, a chief information security officer (CISO) is concerned about overall security posture. No matter what your role, Splunk Mission Control provides you with one place for every team member to manage security events from start to finish. 


Splunk Mission Control connects Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA), and the new cloud-based automation service into a single unified experience to provide foundational elements to manage your SOC, perform advanced detection and streamline your processes. Splunk Mission Control integrates with all of your common SOC tools, such as Splunk and non-Splunk partner tools, performs investigations, and search across both on-premises and cloud-based Splunk and Splunk ES instances, as well as enables ChatOps collaboration, case management and automated response. 

This is really an industry-first, and helps boost productivity, especially in a hybrid on-premises and cloud-based environment. And best of all, it’s in early access beta now.

Ready to Evolve Your Security Journey with Us?

Be sure to watch the Security Super Session replay where I’m joined by Oliver Friedrichs, vice president of security products, to share what’s on the horizon for Splunk and security. 


Follow all the conversations coming out of #splunkconf19!

Haiyan Song
Posted by

Haiyan Song

Haiyan Song has been with Splunk since 2014 and currently serves as our Senior Vice President, Security Markets. From 2012 to 2014, Ms. Song served as Vice President and General Manager of HP ArcSight, a security and compliance management company previously acquired by Hewlett-Packard Company. From 2005 to 2012, she served as Vice President of Engineering at ArcSight. Ms. Song previously served as Vice President of Engineering at SenSage, an event data warehousing company, from 2004 to 2005. She started her career at IBM/Informix, a database software company. Ms. Song is one of the thought leaders of the cyber security industry in the US. She is named Top 50 most powerful women in Technology in 2016 and 2017. Ms. Song holds a M.S. from Florida Atlantic University and studied Computer Science in Tsinghua University in China.



TAGS

The State of Security: Reimagining Security Operations With Splunk Mission Control

Show All Tags
Show Less Tags

Join the Discussion