Fix Faster, Ship Safer with Secure Application on Splunk Observability Cloud

It’s a familiar cycle for any application, SRE, or engineering team. Your sprint is planned, your feature roadmap is set, and then the list arrives from the Application Security team: a long tally of "critical" vulnerabilities that need to be fixed. Your charter is to fix them and keep the business secure, but it comes at a cost—balancing this massive remediation workload against your primary goals of delivering innovation and meeting business SLAs.

This isn't just a feeling; it's a critical industry-wide challenge. The data paints a stark picture:

• With 84% of codebases containing at least one open-source vulnerability, the attack surface is massive, leading to a staggering 784% year-over-year increase in attacks targeting these weaknesses.
• Security teams often rely on tools that lack runtime context, creating a flood of findings. This is why 59% of organizations report that siloed processes between security and development are creating bigger risks and overwhelming friction.
• The result? Your team is pressured to fix a large volume of issues, derailing development velocity and putting SLAs at risk, all while wondering if every item on that list poses a genuine threat.

What if your security team could send you a shorter, smarter, and more accurate list of priorities? What if you could trust that every vulnerability ticket that lands in your backlog represents a real, validated risk to your running applications?

Splunk Observability Cloud, with its industry-leading Application Performance Monitoring (APM), already gives you unparalleled, real-time visibility into the performance, dependencies, and health of your services. Today, we are extending that same powerful, real-time context from performance to security. We are thrilled to announce the upcoming preview of Secure Application on Splunk Observability Cloud, a new capability designed to bridge the gap between security findings and development reality.

From a Flood of Findings to Actionable Fixes

Getting this new capability requires no additional OpenTelemetry instrumentation. Secure Application is deployed using the same Splunk distribution of OpenTelemetry you already have in place for Application Performance Monitoring (APM). This embeds security directly into the observability fabric, providing security teams with runtime application vulnerability detection by seeing which code libraries are actually loaded and used by your applications in real time.

This is the context that has been missing. By integrating with Cisco Vulnerability Management, part of the world-class Cisco Security portfolio, Secure Application enriches its runtime findings with comprehensive security intelligence. This gives your security counterparts the power to distinguish between a statically called vulnerability in a library and a genuine, exploitable risk in your production environment.

For your team, this means the list of vulnerabilities you receive has already been filtered for noise. You’ll see vulnerabilities mapped directly to the specific microservice they impact right within the Splunk Observability Cloud APM map.

^{Secure Application maps vulnerabilities to application services in real time within the Splunk Observability Cloud service map.}

When a ticket is created, it comes with rich, actionable detail, including the specific library, the risk of exploitability, and the exact path to the vulnerable code. This eliminates guesswork and allows you to fix what matters, faster.

^{Secure Application provides details of impacted library, vulnerabilities, including the risk of exploitability, source path, and recommended remediation version}

Unlock a More Secure and Efficient Workflow

Secure Application is built to deliver tangible value by improving the entire security workflow, which directly benefits your team:

• Better SLA Compliance: By providing security teams with runtime context, Secure Application helps them drastically shrink the list of 'must-fix' vulnerabilities. This means your team receives fewer, more critical tickets, making it far easier to meet remediation SLAs without sacrificing development velocity.
• Proactive Risk Mitigation: Your team’s effort is focused on vulnerabilities that pose a real, runtime risk. This allows the entire organization to shift from a reactive posture to proactively hardening the applications that are truly exposed.
• Enhanced Workflow Efficiency: It breaks down the silos between security and application teams. When your team receives a vulnerability ticket, you can trust it’s based on real, validated risk, eliminating the time-consuming debates over priority and impact and accelerating the remediation cycle.

Join the Preview and See It Live

Secure Application empowers your organization to focus its efforts, allowing your team to fix what matters faster and build more resilient applications without slowing down innovation.

Be among the first to experience this powerful new capability. We invite our Splunk Observability Cloud customers and all interested application, engineering, and SRE teams to join the upcoming preview.

Sign up today to register your interest: voc.splunk.com

Want a Deeper Dive? Learn More at .conf25!

Join our session to see how we’re bringing security and observability together to create a more efficient workflow for everyone.

Session ID: OBS1237
Title: Securing Applications & Simplifying Workflows: Cisco + Splunk Better Together

This is just the beginning, and we can’t wait to partner with you. Stay tuned for more updates soon.

Follow all the conversations coming out of #splunkconf25!

Follow @splunk