Cloud Security, Threat Management

Splunk adds integration to Mandiant and extends its cloud and SOAR platform

A visitor tries out a tablet computer next to a cloud computing and technology symbol at a technology trade fair in Germany. (Sean Gallup/Getty Images)

Splunk this week at .conf21 announced a series of enhancements to the Splunk Cloud Platform and Splunk Enterprise geared toward helping enterprises more effectively manage security in multi-cloud and hybrid environments and accelerate the ability to generate threat intelligence.

Splunk said while moving to the cloud offers organizations greater resilience and agility, it also adds more complexity. Tops on the list to help companies manage that complexity were integrations with Mandiant and an expansion of the Splunk Security Cloud and Splunk SOAR.

“This week’s .conf21 had a number of announcements that propeller-head security geeks like me love,” said Frank Dickson, program vice president for security and trust at IDC. "The integration with Mandiant is especially compelling as it brings insights of front-line responder threat data. I intentionally used the term ‘threat data’ as it does not become threat intelligence until the data is made actionable in your environment. The Splunk integration drastically accelerates the time to threat intelligence. Additionally, the improvements to Splunk Cloud increases the rate at which Splunk can deliver analytics improvements such as improved visualizations and risk-based alerting.”

Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group, said Splunk “gets” the overall migration to the cloud. 

“Between Splunk and its partners, it’s set up to monitor cloud security and take remediation actions using Splunk SOAR, formerly Phantom," Oltsik said. “This includes ‘shifting left’ by monitoring the CI/CD pipeline, at run-time, and across a hybrid infrastructure. Splunk won’t get into tactical cloud security, but rather focus on monitoring and securing an overall hybrid cloud enforcement.”

IDC’s Dickson added that the important macro themes of .conf21 were two-fold: First, legacy pricing models created disincentives to data ingestion. Smaller data sets limit the value that the analytics applied to that data for security purposes can create. New pricing models are removing obstacles and facilitating customers abilities to demonstrate an ROI more easily from their analytics initiatives.

“The second theme is pre-built integrations, automations and modules,” Dickson said. “Splunk delivers an incredibly flexible and powerful platform, but not everyone has the skills or resources to leverage its power. Splunk has been aggressive in making the on-ramp to value as short as possible. Every pre-built integration or automation quickens the time to value and enables customers to get to an ROI. Making customers successful is the path to acquiring more customers for Splunk, it’s a simple law for every business.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.