It’s hard to believe that RSA Conference 2019 was just earlier this month; it came and went with so much energy and activity. As the largest global security event of the year, Splunkers were among over 50,000 attendees who came to San Francisco to connect and share all the latest in cyberthreats and solutions—including Alexa and myself.
In such a massive expo hall, it can be difficult to stand out amongst all the hullabaloo, buzzwords, and attention-grabbing tactics (hello, arcade games and VR simulators!) from all the established and emerging security vendors. Thankfully, the Splunk booth gets plenty of attention. While our demos, booth presentations, and coveted one-line t-shirts help us stand out, Splunk has a lot of momentum in the industry—and people are curious.
Our favorite part of coming to any conference is talking to all of you: customers, partners, those who know a lot about Splunk, and those who are just getting started in their Splunk journey. We love it. We love hearing about what problems you’re facing, nodding in amazement about all the cool stuff you’re doing, and seeing the light bulb go off when you realize that Splunk can help you do that.
One of the more popular sessions at the Splunk booth is always our Q&A panel with Haiyan Song, SVP and General Manager of Security Markets. This year was no exception as she was again joined by Oliver Friedrichs, VP of Security Automation and Orchestration. Haiyan and Oliver talked about how a security operations center (SOC) will look like in 2020: a single platform that allows security teams to investigate, monitor, analyze, and act.
While we continue to innovate and work towards this vision, organizations don’t have to wait a whole year to build and run a SOC of the future. Haiyan spoke about how Splunk security solutions uniquely combine an advanced data platform with security analytics, machine learning, and automation and orchestration technologies to help SOCs work smarter, not harder. Oliver drove this message even further during his RSAC Thursday morning session—to a full audience of over 250 people!—by discussing 10 essential capabilities that comprise a modern SOC.
This year, we asked Joel Fulton, our Chief Information Security Officer, to set the place on fire by joining us in the booth for a fireside chat (no worries, we didn’t actually set the place on fire) moderated by our own Meera Shankar. As folks sipped hot chocolate by our digital hearth, we were fortunate to have Joel share how he continues to build and improve upon the cybersecurity culture and practices within Splunk itself. Among the many insightful thoughts he shared, Joel emphasized a risk-based approach when it comes to security, no matter how large or small your organization is. To sum it up (and to borrow from what the youths say nowadays): Joel’s panel was “lit."
We also had plenty of partner and customer activity at this year’s event. Splunk presented at a few partner booths: Cisco, Symantec, Crowdstrike, BlackBerry-Cylance, and SentinelOne to name a few, and we were happy to host AWS and Accenture to speak in ours. A stand out moment was our customers from Intel IT, Jac Noel and Eric Monroe, who came by to share how Intel is transforming their approach to security with the deployment of a new Cyber Intelligence Platform (CIP) based on leading-edge technologies, including Splunk and Kafka. As our own Girish Bhat so eloquently says, “What we’re looking forward to is taking that [sophistication Intel has built] to our customers, continuing the collaboration, and helping our customers optimize their security operations.”
Now is the time to optimize #security operations and address #infosec challenges. Learn more about how @Intel is transforming our IT and Security Infrastructure with #DataIntelligence and @Splunk. #RSAC #RSAC2019 pic.twitter.com/tksPUNbZ1l— Intel Security (@IntelSecurity) March 11, 2019
Data, especially in the context of security, is messy and chaotic...and that’s okay. We believe that all data is security-relevant. And because all data is security-relevant, Splunk can be used across multiple use cases and business units. Our solutions help you derive data-driven detections, decisions, and actions. Combined with an open ecosystem of partners and a robust user community, it’s no secret why all eyes are on Splunk.
Here are a few ways to learn more about Splunk aside from trying our products:
- If you’re thinking about a security information and event management (SIEM) solution, be sure to consider the 7 SIEM trends to watch this year.
- Already have a SIEM? Awesome. Have you thought about adding user and entity behavior analytics (UEBA) to your SIEM? Lucky for you, there are 4 reasons why you should.
- Ready to SOAR above the rest? Make sure you evaluate all the criteria before settling on a Security Orchestration, Automation and Response (SOAR) solution.
- Stay ahead of advanced and insider threats by applying advanced analytics. Check out this on-demand webinar to learn how.
- Need hunting help? Check out John Stoner’s talk at BSidesSF, “Don’t Boil the Ocean: Using MITRE ATT&CK to Guide Hunting Activity” (now with video!)
Until next time, happy Splunking!
– Ale & Alexa