Splunk + Phantom: Turning Security Data into Answers and Action

Today marks the beginning of an exciting new chapter for Phantom. With the acquisition of Phantom by Splunk now complete, we can begin integrating our two companies for the benefit of our users, customers, and partners

I recently sat down with Oliver Friedrichs, former CEO and Founder of Phantom, to talk about what’s in store for the community as we execute on a combined and accelerated vision for security operations.

Haiyan: Oliver, now that we’re officially working together, what are you most excited about?

Oliver: I’m most excited about bringing Phantom to the masses. At Phantom we had the privilege of protecting the world’s largest financial, technology, healthcare, and manufacturing organizations as well as the largest government agencies. We had almost 10,000 community users, over 200 apps, and support for over 1,000 APIs. Splunk will allow us to supercharge that, not only in the security space, but in the broader IT market as well.

Enterprises are in dire need of automation and orchestration to respond to threats faster. For the past year there’s been a saying around here that Phantom isn’t demand constrained, we’ve been capacity constrained. Splunk, with its over 3,000 employees, gives us the bench strength to service and deliver our platform to those who need it most. Splunk amplifies our message and raises awareness of our capabilities to a much broader market than ever before.

Splunk has become a leader for ingesting, storing, and analyzing machine data. Similarly Phantom has become a critical agent for taking action on that data. As machine data ages, it quickly becomes stale, even more so with operational security data. Taking action on that data becomes paramount, and doing so quickly is key. This is why Splunk and Phantom fit so well together. I’m excited to accelerate the execution on a vision for security operations that we started back in 2014. Combining our technologies will help customers stay ahead of threats by allowing them to respond faster to increasingly complex attacks.

Finally, our businesses and values are complementary: we are committed to making customers successful, we have passionate communities of users, customers, and partners that we nurture, and we both have powerful technologies that integrate together nicely.

Haiyan: What do you expect the first 90 days look like for you, the team, and customers?

Oliver: We expect everything in the short term to remain business as usual. The Phantom team will work with our counterparts at Splunk to support both new and existing customers. I’d expect the team to continue executing like before and deliver on our roadmap like we always have. Behind the scenes, we’ll begin to discover new opportunities for things that we can accomplish together. Customers will be able to use Splunk and Phantom technologies as integral parts of their Security Operations Center (SOC), accelerating incident response and other key functions while also addressing their skills shortages. The combination will help Security Operations (SecOps) teams to:

  1. Advance cyber defense and reduce organizational risk using analytics-driven security
  2. Respond faster by accelerating incident response
  3. Work smarter and reduce staffing and skills challenges

Haiyan: What are some of your longer-term goals as a result of the acquisition?

Oliver: Once Phantom is fully integrated with Splunk, our goal is to accelerate adoption of Security Operations Platforms in the market. Outside of security, IT teams will be able to leverage our automation capabilities to help solve automation challenges in a widening range of use cases, including Artificial Intelligence for IT Operations (AIOps). According to Gartner, “By 2022, 40% of all large enterprises will combine big data and machine learning functionality to support and partially replace monitoring, service desk and automation processes and tasks, up from 5 percent today.”

Haiyan: What do you mean when you say “Phantom for Everyone?”

Oliver: We want to drive adoption of automation and orchestration beyond just security. Another interpretation of “Phantom for Everyone” involves leveraging the larger community that we’ll have as we integrate the Phantom Community with the Splunk Community. We believe the union will create many more opportunities for collaboration.

Haiyan: How does the Phantom Community benefit from this?

Oliver: Splunk’s resources and reach delivers Phantom into the hands of more teams that need it, supercharging the community with an influx of new ideas for Phantom Playbooks, Apps, and other content. Today, the Phantom Community contributes a quarter of our published Phantom Apps, they inspire the majority of community playbooks, and they contribute valuable product feedback. With a bigger community, we fully anticipate more people making these contributions for the benefit of all.

Conclusion / Flip the Script

Oliver also had the opportunity to ask similar questions to Haiyan. Read about her perspective on the Phantom Blog. While you’re there, be sure to register to join the Phantom Community!


About Oliver Friedrichs, CEO and Founder, Phantom
With a remarkable record in building three successful enterprise security companies over the past two decades, Friedrichs served as the CEO of Phantom since 2014. Prior to Phantom, Friedrichs founded Immunet, acquired by Sourcefire in 2010 and a key component to Cisco's $2.7b acquisition of Sourcefire in 2013; now thriving as Cisco's Advanced Malware Protection (AMP) business. Friedrichs co-founded SecurityFocus (Bugtraq) and led DeepSight, the world's first Internet early warning system, acquired by Symantec in 2002, and a recognized leader in security intelligence to this day. He also co-founded Secure Networks and led Ballista (CyberCop), one of the industry’s first vulnerability management solutions, acquired by McAfee in 1998. Friedrichs architected and developed a prototype of the first commercial penetration-testing product, SNIPER, acquired by Core Security Technologies in 2001 and further developed into CORE IMPACT. He attended the University of Manitoba and is the co-author of three security books and recipient of 8 patents.

Haiyan Song

Posted by


Show All Tags
Show Less Tags