Splunk Provides Solutions for Building Digital Resilience through Unified Security and Observability

Highlights:

• Along with introducing a new service called Splunk Edge Processor, the updates also bring new functionality to Splunk Observability Cloud and Splunk Mission Control.
• Regarding Mission Control, which combines the analytics tools from Splunk Enterprise Security with those from Splunk SOAR for automation, orchestration, and threat intelligence, improvements made here will enable users to identify, look into, and react to security threats more quickly through a unified work surface.

Splunk Inc., an observability and cybersecurity company powered by data analytics, unveiled significant updates to its platform that will make customers more resistant to attacks and issues with their applications and computing infrastructure.

Observability’s Senior Vice President and General Manager, Spiros Xanthos said, “What we see happening in the market is that security, IT, and observability are coming closer together. We’re trying to build a unified solution for safer and more resilient applications. At the end of the day, security and observability go hand in hand.”

Along with introducing a new service called Splunk Edge Processor, the updates also bring new functionality to Splunk Observability Cloud and Splunk Mission Control. The primary winner of today’s updates is Splunk Observability Cloud, a collection of observability tools that gains new features, including Splunk Incident Intelligence.

By giving teams the knowledge, they will quickly identify, fix, and restore any failing services before customers notice, the company claims that this will enable teams to increase on-call efficiency. Teams will profit from new autodetect features from Splunk APM that use machine learning to increase alert accuracy and decrease manual effort in problem-solving.

Xanthos said, “Instead of having users manually create thresholds, APM uses machine learning to baseline signals coming out of an application and set alerts based on historical data. It automatically understands when you have a problem as opposed to your having to set those thresholds yourself.”

From a click to purchase, a trace analyzer records every action in an application and uses machine learning to spot anomalies that could be signs of a security risk. Thanks to IM Network Explorer, teams will find it simpler to monitor, evaluate, and fix problems in cloud networks. According to the company, the new features in Observability Cloud are generally available right now and enable a more unified approach to incident response.

Filtering At the Edge

The Splunk Edge Processor, also generally accessible today, aims to give Cloud Platform users better control and visibility over streaming data before it leaves their network. The company claimed that Edge Processor, located at the network edge, filters, masks, and routes data to ensure more effective data transformation initiatives.

“It helps with data tiering so users don’t have to rely on a third party to manipulate their observability data,” Xanthos said. “Users can extract and aggregate log data as a real-time metric and pre-calculate to get notifications in real-time.” The most recent version of Search Processing Language, which has syntax similar to SQL, allows them to create queries to analyze data as it is received. “You can filter data out, mask data and route it intelligently to different storage tiers,” he said.

Regarding Mission Control, which combines the analytics tools from Splunk Enterprise Security with those from Splunk SOAR for automation, orchestration, and threat intelligence, improvements made here will enable users to identify, look into, and react to security threats more quickly through a unified work surface. Security teams will be able to combine the capabilities of Enterprise Security and SOAR in one location, gaining the advantages of streamlined security workflows and automated procedures that they can codify as response templates.

According to Duncan Brown, an analyst with International Data Corp., the updates are encouraging because the demand for enterprise resilience is rising as companies move forward with their digital transformation initiatives.

He added, “Splunk’s innovations in unified security and observability aid organizations in resolving this conundrum, by increasing digital resilience through advanced security analytics and better visibility across the tech stack. A holistic approach to security and observability is essential for any digital enterprise.”