Splunk at RSAC 2017 - Analytics Is The New Norm

Last month saw Splunk at yet another incredible security conference, and my personal favorite, RSA Conference; it was full of enthusiasm and vigor, with an action packed show-floor, and with some of the most literal keynotes. But what still amazes me, are the marketing buzz words that twinkle from Moscone’s fifty-foot ceiling. This year’s show messaging wasn’t as conclusive as last, but a few things that caught my eye were: Analytics, Machine Learning, and Automation & Orchestration. Well, it makes sense to me, being part of the security vendor industry, I wouldn’t shy away from using these terms either; instead, my goal is to help you embrace them.

At Splunk, we put lots of wood behind the arrow - the word Analytics; in fact, our tagline for this year was Analytics-Driven Security.


Today, businesses are responding to the growing sophistication and number of security threats by deploying tools that extend the capabilities of their current security infrastructures.  Besides deploying deeper network defenses and endpoint protections, enterprise are increasingly  focusing on deploying tools and technology to collect, filter, integrate and link diverse types of security event information to gain visibility and more comprehensive view of their security posture; essentially, correlating events to detect suspicious patterns of activity that span multiple devices.

At Splunk, our goal is to shorten the security analytics cycle by providing a single “source of truth” for security insights – analysts and SOC teams can analyze all machine data, including log and event data from applications, endpoints, network devices, login to perform rapid investigations, find meaningful insights, understand root cause, draw historical trends and share insights, thereby, organizations can improve detection speed, analyze impact, and respond quickly. With analytics, organizations can minimize negative impact of threats by more actively managing their security posture – from continuous monitoring to deep forensic analysis, to automated action / response, and rich contextualization.


We announced Adaptive Response Initiative (ARI) last year, at RSAC 2016, and since its launch, the Adaptive Response Initiative has helped security community to imagine new ways to gain end-to-end context and improve security posture through automation. In fact, this Splunk led-initiative has grown to include participation from over twenty-five vendors. And this year, I am pleased to announce five new members - AlgoSec, Demisto, Red Seal, Resolve Systems and Symantec ATP. We welcome our new Adaptive Response members and look forward to working with all ARI vendors to satisfy this critical market requirement.

RSA crowd Haiyan Song speakingACTION ON THE EXPO FLOOR

I was very impressed with the energy on the show floor, our very own Splunk booth was packed, all the time; standing audience for every in-theatre session, rows of customers waiting in line for demos, and long lines for our snazzy t-shirts. Once again we broke the record number of visits to our booth; the bar is moving higher and higher with each RSAC, in fact, our team gave hundreds and hundreds of demos over the course of the week.

I am also much honored to see Splunk prominently featured in many of our partner booths giving presentations, demos, or having a SME on-demand, another record set for this year. Our executive walk-through was fun as usual; I along with other members of the Splunk executive team was able visit our strategic partners, check out their demo and most importantly thank them for their tremendous support for Splunk.


Most of my time went in executive level one-on-one meetings with our customers and strategic partners; I had the best time and learned a lot, but what really resounded, was to see how well attended our customers events were. We are extremely grateful and blessed to have many trusted CISOs and avid users, who spent their day with us, provided valuable insights and engaged with thought provoking discussions s during our advisory board meetings.

We not only had an incredible Thought Leadership Dinner and Customer & Partner Appreciation Dinner, but also hosted a cybersecurity roundtable at Splunk HQ; heads of large federal agencies and senior representatives from the financial and energy sectors came to discuss ways to strengthen government-industry collaboration.

Our Technical Advisory Council and CISO Customer Advisory Board were a hit. We had the most avid Splunk security technical users attend and at our CISO CAB we had our closest CISOs spend the entire day with our team helping to influence our product strategy. This culminated in another dinner with our security experts and executives. We also co-sponsored a highly engaging reception with the Herjavec Group, a special luncheon with Verizon.

Last but not the least, Splunk was honored with the 2017 SC Magazine Award for Best Enterprise Security Solution and named a finalist for Best SIEM Solution and Best Behavioral Analytics/Enterprise Threat Detection. I am so proud of my team’s accomplishments.

It was once again a very busy week and I am proud of our team for the outstanding effort and an amazing RSA Conference.  As we all learned, “the reward for great work is more work” and I am looking forward to what our Splunk team puts on for Blackhat and DEFCON in July! See you in Vegas!

Haiyan Song

Posted by