While Splunk started out as an on-prem company, they see the cloud as the future, and while customers aren’t being forced to move to the new cloud, it does become Splunk’s primary security offering.
Today, Splunk is announcing its new Splunk Security Cloud, a data-centric modern security operations platform that delivers enterprise-grade advanced security analytics, automated security operations, and threat intelligence through an open ecosystem.
“Historic Splunk was on prem, and even the newer products like Phantom and UBA were on-prem products,” said Eric Schou, Head of Security Marketing at Splunk. “Splunk Security cloud is where we are going, however.”
While not all customers are ready for the cloud today, enough were to push Splunk into making this move.
“This has been driven by our customers,” Schou said. “We have a large install base on-prem, and even many customers who have cloud as a strategy still want Splunk on-prem. The on-prem products aren’t going anywhere. But other customers have told us that they want to see this cloud transition happen.”
Schou said that Splunk expects to see the move to Splunk Security Cloud be gradual.
“We don’t see this as being like a light switch,” he stated. “This will happen over time. It’s tough to put down a number indicating the pace of adoption, but from what we are seeing, it has been more aggressive than we thought.”
Splunk Enterprise Security, the core SIEM product, is already in the cloud, as is Phantom, the pioneering SOAR company and product that Splunk acquired in 2018, although in the cloud it has been rebranded as Splunk SOAR.
“It’s part of a simplification of our branding,” Schou noted. “Phantom is a significant brand, but there are many customers who have no idea what Phantom is. The Phantom brand lasted three years after acquisition, which is pretty good.”
Schou also indicated that it can be deceptive to look on the shifting of on-prem products to the cloud as a simple migration process, because that’s generally not what’s happening.
“Not everything has to be a one for one product transfer,” he said. “Features can come in separately from the on-prem products. Our ability to add features in the cloud is easier than on-prem.”
Accordingly, the components of the Splunk Security Cloud focuses on these specific capabilities, rather than on-prem products in the cloud. They are emphasizing:
- Advanced Security Analytics, which includes machine learning-powered analytics to detect and deliver key insights into multi-cloud environments.
- Automated Security Operations which drives faster time to detection, investigation and response, so that alerts that used to take 30 minutes, now can take as little as 30 seconds.
- Threat Intelligence that automatically collects, prioritizes and integrates all sources of intelligence, driving faster detections.
- An Open Ecosystem that helps correlate data across all security tools, regardless of the vendor, for increased visibility and apply prescriptive detections and guidance to detect threats faster.
“We will be adding new features, including behavioral analytics, which are entirely new,” Schou noted.
“As part of this release, we are also launching Security Analytics for AWS,” he added. “The feedback the industry – not just us – has been for years that this capability in AWS is needed to be brought to more people, who don’t have the deep staff to do it themselves. That’s what this AWS product is designed to do.”
Schou said that Splunk Security Cloud will make it easier in some ways for partners to add value and make sales.
“The Splunk Cloud is designed to make our security easier for the customer to understand and consume,” he noted. “That will also make it easier for partners to position this, for some customers who thought they might not be interested in this at all. It will also open some doors on Go-to-Market and features.”