Being an enterprise security professional has never been an easy job, but in many ways it’s harder than ever right now. SOCs are overwhelmed. Remote work environments continue to create and expose new threats. Security analysts struggle to glean actionable information from fragmented workflows and intelligence sources. And according to our upcoming Splunk State of Security Report, 78 percent of you expect another supply-chain attack of the same magnitude as SolarWinds — or worse.
No matter how difficult or tumultuous the threat environment, and no matter how often you encounter another unprecedented challenge, there is one key truth we’ve learned at Splunk from our experience providing security solutions to the world’s most successful organizations.
Security is a data problem.
Your network provides you with everything you need to keep it secure, in the form of data. The perennial challenge is how to take advantage of the priceless, real-time information available to you. As your networks grow to include on-prem, hybrid cloud and containerized nodes, the volume and complexity of the data grows as well.
That’s why today Splunk is announcing our intent to acquire TruSTAR, to extend our leadership in security analytics through cloud-native threat intelligence integration and automation.
Patrick Coughlin and Paul Kurtz launched TruSTAR in 2016 as a cloud-native solution designed to reduce complexity and drive more efficient threat detection and response. They share our passion for the value of data and the power of turning data into doing. I’ve been very impressed with the growth not only of their solution but of their business.
As a cloud-delivered solution designed for the modern threat environment, TruSTAR is perfectly suited to enhance the level of security in the cloud that Splunk offers today. More than 50 companies rely on TruSTAR’s solutions, including Rackspace, BNP Paribas, Box and LogMeIn.
In my view, TruSTAR’s industry-leading intelligence platform shares three core principles that align perfectly with Splunk’s.
1. Organizations need a unified, data-centric view across their cloud environments, paired with the right analytics at the right time, for intelligent detection and response.
Like Splunk, TruSTAR’s platform is data-centric, with an emphasis on integration and automation. TruSTAR’s cloud-native Enclaves and no-code Intel Workflows seamlessly prioritize and integrate intelligence into SIEM and SOAR workflows to provide a single, consolidated view. TruSTAR’s intelligence platform will be integrated into Splunk’s security portfolio (Enterprise Security, Phantom, Security Suites), allowing Splunk customers to enrich their SOC workflows with normalized threat intelligence from third-party sources and from their own historical events and investigations. Ultimately this will reduce the time it takes for customers to detect and remediate issues before they impact the business.
2. The most effective way to accelerate efficiencies in the SOC is to prioritize data with a focus on automation, improving your MTTD and MTTR outcomes.
Applying the power of your own data to normalized and prioritized threat intelligence makes it possible to effectively automate the detection and remediation of threats through reduced false positives and streamlined playbooking, leading to a faster and more effective response. Automation is indispensable to security, and a driver of business transformation in today’s Cloud era. Plus, automation enables your overwhelmed security analysts to concentrate on higher priority challenges.
3. Managing and integrating internal and external sources of intelligence accelerates outcomes across the security operations lifecycle, delivering customers critical and timely value.
TruSTAR shares Splunk’s view of the value of an API-first approach. Their API allows customers to bring intelligence to all stages of the incident response process. TruSTAR’s relationships with industry-leading technology partners and ISAC and ISAO communities means customers have immediate access to the latest threat information and security research. Combined with their robust user community, no platform is better able to bring together all the elements required for a comprehensive, unified, actionable threat intelligence solution.
I’m very excited to see the powerful effects of bringing TruSTAR into the Splunk family. TruSTAR is a member of the Splunk ecosystem and we’ve been able to see the value operationalized intelligence brings to our many mutual customers. I’m convinced that by working even more closely, we’ll be able to significantly advance both the technology and practice of data-centric security automation.