UPDATED 12:36 EST / NOVEMBER 21 2017

CLOUD

Splunk’s big data chops bite into automated security

Security at the digital data level is a hot topic now, since firewalls alone can’t cut it in dispersed, multicloud environments. Data security provider Splunk Inc. got a jump on big data analytics before it was a buzz term, and now they’re applying hard-earned wisdom to that security layer, deploying a “nerve center” with multiple detection points.

“It’s one thing to have a capability,” says Monzy Merza (pictured, left), head of security research at Splunk. “But it’s another to leverage that capability along with another capability and combine the forces together.” Thus, the security nerve center is born. A cyber attacker must tread a path, as it were, to reach a target and breach, steal or otherwise compromise data, Merza said. “The attacker has to work within that terrain; they cannot escape that terrain,” Merza said. When detection points along the path are linked together, they form the nerve center, which allows a bird’s-eye view of the attacker, he explained.

Merza joined Haiyan Song (pictured, right), senior vice president and general manager of security at Splunk for an interview at Splunk .conf2017 in Washington, D.C. in late September. They spoke to John Walls (@JohnWalls21) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio. (* Disclosure below.)

The nerve center is not a single product or service, says Song. Splunk’s security portfolio, however, can help companies on the journey to completing one, she said. Chief information security officers, seeing data’s central importance in new defense models, turn to Splunk for its expertise, she said. “Being analytics-driven is really top of mind for people.”

Machine learning and automation help hasten remediation in the event of an attack, Song said. “The more readily available the data is for you when you are facing an incident, the faster you can get to the root cause and start remediating,” she said.

No time like real time

To make data more quickly available for security, remediation and other purposes, Splunk’s partnered with Amazon Web Services Inc. At Splunk .conf2017, the companies announced that AWS’ real-time streaming data engine, Kinesis, will support Splunk. Users can employ the real-time streaming ingestion service to get data into Splunk clusters, Ray Zhu, senior product manager at AWS, told theCUBE. “Starting up a Kinesis stream — it’s like 15 seconds on the average consul,” Zhu said.

For certain time-sensitive tasks, like threat detection, only real-time will do. “Data never loses its value; it always has historical value for machine learning, for understanding trends over time,” says Roger Barga, general manager at Amazon Kinesis services at AWS. “But the insights that data has are actually very, very perishable.” The window to extract business insights, for example, can be as brief as an hour, he said. Kinesis streams allow users instant insight into their businesses, processes and customers, Barga said.

DevOps & Security automation affinities

Another Splunk partner, Atlassian Corporation Plc, helps joint customers scan and fix issues quickly — not just in security, but also in DevOps, or Development Operations. Together, they offer a connector — half Splunk app, half Atlassian marketplace — which can send events from Atlassian Jira service desk to Splunk to be indexed.

“So you have a data model that ties in and allows you to get some metrics out of those events,” Michael Lauricella, director of business development at Atlassian, told theCUBE. Based on real-time searches, alerts, et cetera, users can trigger the creation of issues in Jira, he said.

Atlassian, which specializes mainly in collaboration software, also uses Splunk in-house. Splunk’s logging management for security has won unanimous praise from its security team. “Which says a lot, because our security team doesn’t normally like much of anything, especially if it’s not homegrown,” Lauricella said. The real-time logging solution has even spread to Atlassian’s cloud team and developers. “It’s become that uniform fabric.”

And the automated security remediation in Splunk also works well for debugging DevOps projects, says Brooke Gravitt, vice president of engineering and chief software architect at Forty8Fifty Labs. The automation and machine learning in Splunk can cut down on the sensory overload that plagues both DevOps and security teams, he said. This is especially significant in security, Gravitt said, where trifles can show up on the dashboard indistinguishable from disasters. “It’s low priority, but it’s high visibility, and it’s just noise.” Splunk’s ML automation can turn down the static by refining what actually shows up, he says.

Forty8Fifty Labs trains businesses on how to streamline DevOps successfully. DevOps, like security, demands responsibility from all departments, he said; no one is allowed to rely solely on software.”The big challenge is, it’s a multidisciplinary effort,” Gravitt said.

Watch the complete video interviews, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Splunk .conf2017. (* Disclosure: TheCUBE is a paid media partner for the Splunk .conf2017 event. Neither Splunk Inc., the event sponsor, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU