Smarter, Faster, Stronger: Understanding the Need for Security Analytics

Data is exploding. With an average of 70+ data sources to manage, organizations are simply overwhelmed by data. Take the internet, for example: in just the last 60 seconds, Instagram users have posted over 46,000 pictures, there have been 3.6 million searches on Google and 15.2 million text messages have been sent (I’ll claim the first one million…). For any organization, big or small, that is a lot of data to manage.

Over the years, we’ve been fortunate to cultivate an incredible ecosystem of Splunk customers and technology partners, dedicated to helping us manage the influx of data. Each organization eagerly allocates both time and resources to building out Splunk integrations, reminding us that community is what elevates our successes to the next level. It truly is about the people, or as Curt Aubley from Crowdstrike says, “Mission first, people always. If you don’t have the right people, you can’t complete your mission.”  

Earlier this month, Splunk had the pleasure of hosting some of our security ecosystem experts to discuss how we can better collaborate with government agencies to combat cyber criminals. Splunk Adaptive Response Initiative partners Crowdstrike, Recorded Future and Symantec were joined by Splunk customer Johns Hopkins in the conversation. Moderated by Splunk’s SVP of Security Markets, Haiyan Song, panelists discussed the importance of a security ecosystem in combating the advanced cybercrime challenges being faced by customers today. Below are some key takeaways from the panel:

• Efficient workflow management is critical: Teams within Security Operation Centers [SOCs] continually face the challenge of gathering data from numerous sources, analyze it and identify high fidelity data as quickly as possible. Automation is a critical tool to elevate our ability to manage these workflows in a safe, timely and scalable manner. Symantec’s Aubrey Merchant-Dest said, “Let’s be able to take advantage of next generation work flows that we have yet to imagine but do it securely.”
• Ecosystem is key: “You have to be able to talk to other security platforms now. You can’t be an island anymore,” said Allan Liska of Recorded Future. Splunk’s Adaptive Response Initiative was established two and a half years ago to help customers drive efficiency across their security stack, regardless of tools. The need to convert to more automation comes from the simple fact that customers need a faster way to get end-to-end views and coordinated execution across their security stack. Moving forward, Splunk’s acquisition of Phantom will help accelerate capabilities in this area.
• Artificial Intelligence (AI) and Machine Learning (ML) technologies – our present and our future: “AI is the next evolution of thinking in the SOC...[so] how can we speed up the security process? We need to use these processes to defend better and faster,” said Harley Parkes from Johns Hopkins. It’s true that the basic concept of machine learning—applying algorithms to large data sets—is nothing new. However, the reason AI and ML are so prominent now is because of recent advancements in ML processes that exploit the abundance of data that is now available to us. These are not just trends that come and go in fleeting moments.

Today, more than ever before, we’re generating data with almost every activity we engage in. The problem is that not everyone knows how to access such disparate data. As more and more sources generate large amounts of data, there is a level of unpredictability that makes it even more difficult to manage. Therein lies the need to be more forward-looking with data aggregation.

Hearing the panelists discuss their evolving challenges in security is confirmation that Splunk's nerve center concept is key to enabling faster, more efficient data analysis. Never have we been more empowered and dedicated to providing the solutions to security’s biggest challenges, all on one platform.