Splunk, best known for its analytics software, delved deeper into the security realm this week when it released its new Splunk Security Cloud, a security operations platform that consists of security analytics, automated security operations, and integrated threat intelligence.
The move to a cloud-based platform reflects Splunk’s recognition that the migration to remote work last year caught many companies off-guard, leaving security teams struggling to keep up with an “evolving threat landscape and disparate tools and skill sets,” said Jane Wong, vice president of product management and security at Splunk.
Jon Oltsik, a senior principal analyst at the Enterprise Strategy Group (ESG) who covers security, said ESG’s research indicates that security analytics has moved to the cloud and the pace of this migration has increased because of the impact of the global pandemic.
“The Splunk security cloud aligns the company’s security operations solutions with the scale and processing power of the cloud, which should be an attractive combination – certainly for existing customers,” said Oltsik, acknowledging a lot of competition in the cloud security space. “It also took its integrations to the next level and changed its pricing model."
Frank Dickon, a program vice president at IDC who covers security, added that Splunk’s cloud initiative looks to leverage its recent TruSTAR acquisition to ingest, standardize and turn threat data into actionable threat intelligence.
“The future is to not only make threat data actionable, but to measure the value of threat data in ROI terms, allowing security professionals to compare the value of independent feeds,” Dickson said. “We use too many qualitative descriptors to communicate value. The value of threat intelligence needs to be assessed with metrics. Less words; more numbers.”