Trip Report, Splunk Conference 2017

Washington_DC.jpgThis week was Splunk’s annual user conference (.conf), which took place in Washington DC this year. Now Splunk.conf is different than lots of other user conferences, although it does remind me of some of the events I attended at the start of my career (dare I say DECWorld?). 

Many Splunk users are absolutely gaga over the product and the company. Splunk customers exchange use cases, give presentations, participate in panel discussions, and talk about the way they use Splunk today and their plans for the future. Heck, they will even open up about what features they’d like to see Splunk adopt in the future.

Aside from the reunion-like vibe, Splunk did make a few announcements including:

  • Splunk UBA 4.0: Splunk is doing its best to transform machine learning from geeky science project to useful security technology. This new version of UBA provides an SDK so customers can develop their own machine learning models. Splunk is also working to make machine learning more useable in core Splunk Enterprise and Enterprise Security products.
  • Splunk content updates. Enterprise organizations have too few cybersecurity resources and too many cybersecurity tasks. As a result, many firms never figure out how to use their security technologies to their full potential. Splunk hopes to lend a hand here with Splunk ES Content updates – a subscription service of pre-packaged security content. 
  • Lightweight Splunk for specific use cases. For example, the company introduced a product called Splunk Insights for Ransomware in June, which comes with canned analytics and dashboards for detecting and responding to Ransomware attacks. Splunk also announced a new insights package for monitoring AWS-based cloud workloads.
  • Security essentials for fraud detection. Since lots of customers use Splunk for fraud detection, the company decided to package up a free Splunk app for investigating fraud in industries like health care.
  • Booz Allen Hamilton Cyber4Sight for Splunk: This offering from Splunk and BAH is tailored for threat hunting, primarily in the public sector. It’s worth mentioning that threat hunting was a major theme at the show. Splunk is working with many partners to transform threat hunting from an elite cybersecurity discipline to a common activity for the masses. 

Aside from hearing about these announcements, I came away from the Splunk conference with a few observations:

  1. Splunk is committed to making its products more consumable and useable for customers through packaging, partnerships, or enhancements like improved analytics and automation. Given the global cybersecurity skills shortage, this should help promote the successful use of Splunk technologies. 
  2. The company is doubling down in the public sector, its biggest vertical industry. In fact, Splunk hosted its event in Washington to accommodate government and education cybersecurity and IT professionals who shun events in Vegas. This strategy seemed successful as there were 1200 public sector attendees. My guess is that Splunk will continue to do well in this vertical, especially with state/local government and large academic institutions. 
  3. Splunk is moving in a similar direction as ESG's security operations and analytics platform architecture (SOAPA), an open, standards-based, security software architecture built for heterogeneous technology integration.
  4. Despite its growth and pressure from Wall Street, Splunk hasn’t lost its ability to charm its customers.

To be clear, Splunk has some challenges ahead. There aren’t as many greenfield opportunities in cybersecurity or ITSM so it needs to find new homes for its big data management and analytics capabilities. In security alone, Splunk faces a wide and growing field of competitors spanning from open source DIY technologies to venture-backed startup products. Finally, Splunk’s pricing model can become a point of contention with large customers as well.

Notwithstanding these challenges, Splunk continues to innovate and grow while maintaining its core culture. The company also remains intently focused on customer affinity and success. If these efforts continue, Splunk.conf should maintain its party atmosphere for the foreseeable future. 

Topics: Cybersecurity SOAPA