I think it’s just cool as a new way of thinking." The Edge Hub So we see that kind of moving through different tiers in the data strategy and that's where a lot of the data gets stored and as a huge volume of it gets stored in, well, S3 is one example, and so I think that's very exciting for a lot of our customers and should help a lot with some compliance and needs that they have as well. "But then at some point that data becomes not so useful it's usually an age thing - in security, you're probably most interested in the last 30 days, but you do still need to keep that data for the last however-many years for all of your compliance reasons. "So that new architecture really opens up a lot of possibilities and I think this goes towards the trend we see of organizations having a data strategy, which is something that they maybe didn't consider - and even now I talk to customers that don't have one, or they have one but they've never looked at it - and there's a real need to think about how your treating all these different types of data: you have your business critical that needs to be very timely and you need to be quite agile with that data and able to do a lot with it." But as the data volumes increase, and we see more and more data sources and volumes, it just became not very practical, and we would see customers storing data… where it was cheaper to store it… (great example: Amazon S3)." "I suppose this goes for a shift in our strategy really we used to think that Splunk was the center of the universe, and if you put all your data into Splunk, then that was great - that's where you would query it, and you'd get great results and it would be very fast and that's, of course, true. Paine also talked about the expansion of Splunk's Federated Search feature to include Amazon S3 incidences, allowing for the unified searching of data at rest contained within S3 buckets, without having to process that data through Splunk, and how new offerings like these mark a change of direction for the company: "I think the more you could put safeguards around that and put it into one seamless tool, you can go straight from detection right through to response, but that investigation piece has always been the skill of the analyst, and it's great to actually have a lot of things that will help support them the most common things that they're dealing with, which is phishing and malicious URLs." "I think that we hear from customers a lot that they need a sandbox environment, they need somewhere safe to be able to process and look at these kind of malicious reports, and I have heard on more than one occasion where an organization and analyst has accidentally detonated something outside of the secure environment." Kirsty Paine, a Strategic Advisor in Technology and Innovation for Splunk’s EMEA region, gave her views on the tool: It allows analysts to gain advanced insights into threats and even run them within a safe environment to see who the attack works. So, I'm excited about the way we're bringing our security portfolio together."Īnother new product that Splunk has launched is Attack Analyzer, formerly known as TwinWave before the company was acquired by Splunk in November 2022. "And so when we talk about productivity, it may seem like little things that we're doing or even obvious things, but it is just such a huge focus point for so many security leaders out there. "The more productivity, the more automation, the more integration that we can bring across the different workflows and security leads to outsized returns in terms of productivity for enterprise security teams today. "We spend so much time hunting and pecking, and copying and pasting across so many different tools and it kills us." "I'm really excited to see the way that our security capabilities are coming together in a unified user interface that will accelerate productivity for security analysts," he noted. One such product that Patrick Coughlin, VP for Global Technical Sales, particularly enthused about was Mission Control, Splunk's new interface designed to unify detection, investigation and response across all of the company's SOC tools, to make it simpler to organize secure workflows. conf 23 event in Las Vegas to hear all about the new integrations the company is making, and its latest products with the aim of improving efficiency and increasing the coverage of its security right to the very edge of its customers' business.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |