SECURITY
SECURITY
SECURITY
Splunk leverages automation in security solutions, integrates vendors
Time is a key element in preventing and responding to cybersecurity threats within an enterprise. To make the most of the security teams’ time, data analysis company Splunk Inc. has been leveraging automation to enhance its enterprise security solutions.
Built on the strengths of Phantom Cyber Inc., bought by Splunk in 2018, the Security Orchestration Automation and Response, or SOAR, technology enables the automation of much work that security analysts would perform manually.
“Typically, if analysts are looking at an event, it would take them 10 minutes best case, 11 hours worst case to analyze that and do all the work that they need to triage it,” said Oliver Friedrichs (pictured), vice president of security products at Splunk. “By automating, we are able to reduce that to a best case of a second and worst case of 10 minutes.”
Friedrichs spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed the role of automation in contemporary security solutions and how the increasing use of automation also by attackers can create a “robot war.”
Automation helps free up security analyst time
Automation targets many routine tasks to free up analysts to perform more proactive, higher-order activities, according to Friedrichs. “Things that actually require human thought versus the repetitive work,” he said.
But it is not just about replacing the daily tasks of analysts. For example, SOAR has become multipurpose and today integrates over 300 security vendors to allow for total security orchestration, automation and response.
“The typical large enterprise has maybe 60, 70 security products that they are all managing from a browser tab or a different log in,” Friedrichs said. “What SOAR platforms do is to tie those together and allow you to manage those products very rapidly in the case of an event.”
While automation is being effectively used in today’s security solutions, it’s important to remember that cyberattackers are also increasingly using automation, according to Friedrichs.
“We’re just starting to catch it up and use it effectively to defend ourselves; it will be very interesting to see where it goes,” he said. “Maybe one year from here we will have robot wars and then technologies battling each other to see who wins.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference.
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
