In February 2018, Splunk Inc. acquired Phantom Cyber Corp. for $350 million. The purchase brought Phantom’s security automation and orchestration technology into the fold and set the stage for the news this week that Splunk would partner with Amazon Web Services Inc. to roll out rapid threat detection tools.

“We’ve established an integration with AWS Security Hub,” said Oliver Friedrichs (pictured, right), vice president and general manager of security automation at Splunk and co-founder of Phantom Cyber. “You can now take a finding coming from Security Hub, pull it into Splunk Phantom, and run an automation playbook to be able to, at machine speed, take action on a threat.”

Friedrichs spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS re:Inforce event in Boston. He was joined by Haiyan Song (pictured, left), senior vice president and general manager of the security market at Splunk, and they discussed the important role of data for a successful security strategy and how automation can help threat analysts focus on critical tasks (see the full interview with transcript here).

Support for CloudWatch

An important focus of the partnership between AWS and Splunk involves data. The Splunk Enterprise and Splunk Phantom platform integrations announced this week analyze data rapidly to reduce threats. Splunk also rolled out an integration with Amazon CloudWatch Events, which provides customers with data mined directly from AWS Security Hub.

“We’re so glad we’re doing the integration,” Song said. “The data represents your business. Security in many ways is actually more about data than anything else.”

With Splunk Phantom providing the automation engine, the integration with AWS offers additional opportunity to unshackle security analysts from the daily mundane tasks that have become part of protecting the enterprise.

“There’s a lot of routine work that’s done today in the security operations center,” Friedrichs said. “We can free up about 50% of the analysts’ time to focus on proactive activities, things that actually matter.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event.

Photo: SiliconANGLE