Splunk’s Security Nerve Center SOARs to New Heights

Hey, Splunk fam!

.conf18 was incredible! Nearly 10,000 members of our community gathered in Orlando, making this year’s .conf the biggest in our history!

With 3 keynotes, 350 technical sessions and presentations, and 100,000 hours of education delivered, we hope you walked away feeling energized by the host of strategic and product announcements, as well as all the great learning delivered by Splunkers, customers, and partners.

For us, one of the most exciting reveals was during the Security Super Session, led by Splunk’s SVP of Security Markets, Haiyan Song. Why? Well, the launch of the Splunk Adaptive Operations Framework (AOF), of course! Sounds cool, right? If you’re already in the know—because you were with us last week—great! If not, let us break it down for you.

Many of you might be familiar with Splunk’s Adaptive Response Initiative (ARI) which launched a few years back: the goal of which was to help customers achieve a “security nerve center”—with customers being able to gain collective intelligence across their multiple tools and technologies—making it easy to make informed decisions and take appropriate actions. Since the inception of ARI, we amassed over 55 partners within the ARI ecosystem who have built nearly 100 actions within Splunk! And, with Splunk’s acquisition of Phantom (and their robust community) back in April, we added 220+ apps and 1,000 APIs currently integrated into Phantom’s Security Operations Platform. The pairing of these two ecosystems was a perfect fit.

In short: The Splunk AOF connects security products and technologies from our ecosystem of partners with Splunk’s leading security technologies—enabling customers to detect, investigate, and respond at machine speed.

In more detail: Customers, we have heard your challenges! You’re deploying an average of security products and technologies from 70 or more different vendors and with little integration between these products and technologies, a coordinated defense is nearly impossible. As such, SOC teams are facing challenges that go beyond blocking locally and preventing individual stages of an attack—the SOC team has challenges in dealing with running operations across multiple domains—including the ability to ingest data from relevant sources, drive collaborative decisions between disparate products and technologies, and take orchestrated action to address security events.

The Splunk Adaptive Operations Framework (AOF) helps you improve cyber defense and security operations by leveraging the industry’s largest open ecosystem of innovative security vendors who have built and developed integrations with Splunk’s leading security technologies. 

  • Gain insight and increase productivity by leveraging Splunk and Partner-built integrations to ingest structured or unstructured data from any source to be used across Splunk solutions: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics.
  • Drive collaborative decisions and actions supported by rich analytics with Adaptive Response actions in Splunk Enterprise Security.
  • Take orchestrated action across a comprehensive range of technologies in the SOC with Phantom Apps and Playbooks in Splunk Phantom.

Whether you’re a Splunk customer or a Splunk technology partner, the Splunk AOF has many benefits: 

  • For customers, the Splunk AOF enables you to detect, investigate, and respond at machine speed across their multi-vendor security environments using bi-directional integrations with Splunk security solutions—saving time, effort and reducing costs while improving cyber defense and security operations.
  • For technology partners, the Splunk AOF provides an open ecosystem with a flexible, API-driven framework that offers participating partners with more opportunities to collaborate with Splunk and others in the Splunk AOF ecosystem. With the largest published APIs and partner integration, participating in the Splunk AOF can help accelerate business engagement and customer success.

For more information, check out the "Make Your SOC Rock" presentation from .conf18 or the Technology Partner FAQ.

With more tools and resources now at your disposal, we wish you happy Splunking!  

Alexa & Meera

Posted by