I am sure many of you have heard the term “cybersecurity is a team sport.” If you haven’t, I say get on the right team. Security is a complex, ever-changing game of skill and preparedness (never chance). As we like to say here at Splunk, it is all about cyber resilience. To best be prepared to win this game, we need the best team.
As with any team sport, there really needs to be other teams - after all what fun is it playing by yourself? I probably don’t need to go into who the opposition is, but I can assure you they are all operating as a team, and in some cases, multiple teams are teaming up against the team fighting the good fight and this is the team I am obviously most interested in being a part of, and helping.
If you hadn’t worked it out, the team I am referring to are the many who work day and night to protect infrastructure, data, systems, applications and physical infrastructure. Now more than ever, they need help to ensure they can continue in the fight. This team not only consists of members from security operations, security engineering, security architecture and gallantly led by the mightiest of all, the CISO, but also extends across the industry and importantly needs to include the technology providers and the broader ecosystem.
This is where I sit, and where I have for some time with the hope that vendors can not only singly provide smarter, more effective solutions to help our team members in our customer organisations be champions in this security sport. This, however, is not up to technology vendors in isolation, but through interoperable and well-integrated solutions that provide rapid time to outcomes, and include relevant out-of-the-box use cases to improve the ability of our team members to win.
Over the last little while in my role at Splunk, I have been working closely with a number of partners around how best to build smart, effective integrations that rapidly help our mutual customers solve security challenges. Now, a lot of this information to build integrations with Splunk is readily available from the various resources such as Splunk Education and the Splunk Developer Portal, but with this course we wanted to provide a quick start overview that focuses on the high-value integration points with the Splunk security solutions portfolio for our partners.
In this course, which will be launched via the Splunk Partner Portal, we will cover everything a technology partner needs to get started with developing product integrations with Splunk solutions. Initially the focus will be Enterprise Security (SIEM) and SOAR including how to Get Data In (GDI) and normalize data with the Common Information Model (CIM), enabling more effective threat detection with Risk Based Alerting (RBA) and building apps and playbooks for automation and orchestration to streamline incident response.
We plan to evolve this course over time and include additional modules. This is only a small part of our focus on improving customer outcomes through industry collaboration and standards. For some of the other initiatives, check out this great blog on the importance of standards and interoperability from Garth Fort, our Senior Vice President and Chief Product Officer.