Splunk wrapped up its .conf24 user conference in Las Vegas earlier this month, the first event since the company was acquired by Cisco last year.
Users and channel partners at the event witnessed the first manifestations of what the merged company and channel programs will look like in the months and years ahead as these two giants come together. Some may say these two companies together create a powerful partnership of equals that translates into stronger solutions, tools and business relationships across its network of MSSPs, MSPs and cybersecurity vendors.
The conference was host to approximately 5,500 attendees, including more than 40 sponsors and 1,000 partners.
MSSP Alert was there. Here's a wrap up of all the coverage from Splunk's annual event.
Splunk and Cisco Are All In on AI
During their keynote address on June 11, Cisco go-to-market president and Splunk GM Gary Steele Cisco CEO and Chair Chuck Robbins delivered the message that AI will have an enduring presence in everything Splunk and Cisco will do together to protect data, networks and more. Proclaiming a “new AI era,” Steele described AI as “the most transforming technology we’ll see in our lifetime” and exulted its “limitless potential.”
Hao Yang, Splunk’s vice president of AI, announced the debut of Splunk AI Assistant. He explained how new generative AI assistants in observability cloud and security offer security providers improved IT visibility and threat detection, defense and response.
“AI is the cornerstone of Splunk’s strategy for driving enhancements with our industry-leading security and observability solutions,” Yang said. “Our AI Assistants are designed to help users do their jobs easier and faster.”
Of course, with AI comes huge among of data and the needs to store the information. Therefore, Splunk introduced new data management innovations that provide customers richer, unified visibility across their enterprise and help achieve more comprehensive data ownership. Through the new Splunk Data Management portfolio, customers can send, share and process their data across Splunk Cloud Platform and Splunk Observability Cloud.
The SOC of the Future
Among Splunk announcements aimed at bolstering threat detection and security operations across multiple data sources were advancements to Splunk Enterprise 8.0, which empowers security teams to proactively manage and mitigate risks effectively. In addition, a new Federated Analytics feature analyzes data directly where it’s stored for threat hunting and frequent threat detection.
As organizations face increasingly sophisticated security challenges, a unified threat detection, investigation and response (TDIR) solution is crucial to power the security operations center (SOC) of the future. Splunk Enterprise 8.0 addressed this need by delivering comprehensive security visibility, accurate threat detection and streamlined workflows for rapid response, ultimately saving time with cost-effective solutions, according to the company.
As a benefit of Cisco’s acquisition of Splunk, security teams can harness the power of Cisco Talos threat intelligence across Splunk Attack Analyzer, Splunk Enterprise Security and Splunk SOAR for enhanced defense against known and emerging threats.
Applying Talos’ extensive intelligence network, Splunk customers can streamline threat detection and response processes, reducing alert fatigue and allowing security analysts to focus on critical threats. This enables quick identification and prioritization of real threats with global real-time outbreaks, contextual insights and advanced correlations.
Mike Horn, senior vice presidents and general manager of Splunk Security Products believes that the latest advancements in Splunk Enterprise Security 8.0 “revolutionize” the TDIR life cycle experience for analysts.
“Featuring a seamless investigation and case management solution that includes integrated automation with Splunk SOAR, our latest release empowers SOC teams to navigate the complexities of cybersecurity with efficiency,” he said. “Splunk Enterprise Security 8.0 serves as a foundation for the SOC of the future, driving proactive defense in an ever-evolving threat landscape.”
Expanded Partner Programs Drive Growth
The Global Partner Summit brought Splunk’s Partnerverse program into focus. In fact, 90% of the cybersecurity company’s revenues are impacted by its partnerships, channel chief Gretchen O’Hara, vice president of Worldwide Partners & Alliances, said during her keynote address.
“Splunk and our partners have had tremendous collaborative success this year — delivering greater value to over 500 new customers together,” O’Hara said. “Our strategy to capture our joint opportunity is working, and our focus for this year is how to continue that momentum. We will keep our go-to-market strategy consistent to help minimize disruption, but that doesn’t mean we’ll stop improving. This year, Splunk is making deeper investments in the Partnerverse program.”
The keynote session was also an occasion to introduce a new performance dashboard for partners, which will be available by the end of the year. The Partnerverse Performance Dashboard will enable partners to review key business and financial metrics and achievements.
Splunk is helping partners learn about Cisco's security portfolio to pursue opportunities. A new partner acceleration initiative is replacing legacy programs with easier migration. And the New Advise Motion program is designed to support system integrators and consultancy firms with use case solution development to help drive profitability by offering more comprehensive solutions.
Honoring its partners, the Splunk announced winners of its 2024 Splunk Partner Awards. The Global Partner of the Year award going to Accenture, which operates an MSSP business unit. See all award winners here.
Among the award winners was TekStream, an Atlanta, George-based MSSP. Bruce Johnson, senior director of Enterprise Security, who attended .conf24 (and source of an upcoming MSSP Alert story on TekStream) offers his take on his company’s relationship with Splunk:
“As an MSSP, a foundational value for clients is our ability to secure their assets in a collaborative and transparent way. We use Kaizen engineering for constant customization that leverages new approaches and new security appliances to make the client a true partner in our MDR program. This is only possible by investing massively and continually in the technology, people and processes we appropriate in our service packages. With Splunk, our investment is valued and is in alignment with the innovation commitment they have made. This will only grow with Cisco, and we are excited to see what the future holds.”
Research Reveals the Hidden Costs of Downtown
SURGe, a team of security experts dedicated to researching, responding to and educating about threats that impact the world, hosted Minicon. This session was an opportunity for “Splunkers” to learn about the most recent security research with actionable guidance to help security teams stay informed and ahead of attackers. SURGe alerts provide notifications when rapid response guides have been created for high-profile security incidents to help aid in detection, investigation and response workflows.
Speaking to MSSP Alert Mick Baccio, a member of the SURGe team who served as White House Threat Intelligence Branch Chief in both the Obama and Trump administrations, said, “When we publish something our white papers are all free, our research is all free. Our goal is to try and help security get a little bit better than they are now, and if our research can do that, great.”
According to research released during .conf24, Splunk calculated downtime for the Global 2000 companies at $400 billion annually, or 9% of their profits.