“We are not gonna screw up Splunk!”

Bam! Take it to the hoop, Jeetu!

Oh yeah, Cisco’s EVP and GM of Security and Collaboration, Jeetu Patel, scored those two power-packed points with thousands of Splunkers at the .Conf event in Las Vegas today. That was music to their ears about Cisco’s $28 billion acquisition of Splunk.

Chuck Robbins, CEO of Cisco noted: “Cisco has visibility to 1 billion endpoints. We see 400 billion security events a day. We’ve got massive information coming out of the network. With ThousandEyes, we see everything going on in the internet, everywhere. We can actually predict where there are going to be outages. So when you talk about digital resilience and you take all the insights that we have that Cisco had before, and we feed it into what you already do with Splunk, that just makes it better.”

The keynote speakers all made brass-tacks, down-to-earth announcements about what the company has been doing, and how that will impact the lives of practitioners. There was no fluff, no nonsense, just practical proclamations about new functionality and novel developments.

“You absolutely cannot secure or optimize what you cannot see.” So noted Tom Casey, SVP of Products & Technology for Splunk. He said their mission is three-fold: 1) enable users to access data quickly; 2) apply the right analytics to understand what it means; and 3) ultimately accelerate the right action, to get things done.

And it’s all about the data! “Today we are changing the game with how you are managing data with splunk! Metrics, logs, traces: we have new, unified data ingestion capabilities within Splunk.” Being able to ingest all kinds of data into the Splunk platform is job #1.

A key theme at the show? Digital resilience! In a security world now fueled by GenAI, the white hats have new tech, but so do the black hats. Being able to keep abreast of nefarious activity will require comprehensive visibility across systems, platforms, clouds and data centers.

That’s where the nexus of data from Splunk and Cisco should be a major game-changer. Correlation is a cornerstone of resilience. By combining data from these two industry veterans, significant advances in detection and remediation capabilities should be imminent.

Oh, and let’s not forget the overarching protocol that promises to unite the entire industry: OpenTelemetry! Splunk is a strong supporter of OpenTelemetry and views it as a key component in the future of observability. Splunk has invested heavily in OpenTelemetry by:

• Creating a Splunk Distribution of OpenTelemetry Collector: This distribution simplifies the collection and export of telemetry data (metrics, logs, and traces) to Splunk Observability Cloud, making it easier to get started.

• Providing extensive documentation and resources: Splunk offers comprehensive guides and tutorials on using OpenTelemetry with Splunk products, ensuring users can effectively leverage this open-source standard.

• Actively contributing to the OpenTelemetry project: Splunk participates in the development of OpenTelemetry, helping to drive its growth and adoption in the industry.

Simply put: OpenTelemetry aligns with Splunk’s vision of providing a unified observability platform that can collect, analyze, and visualize data from any source.

Announcements Aplenty

As with most vendor conferences, Splunk made numerous announcements:

AI Assistants

Splunk unveiled a suite of AI-powered assistants designed to streamline complex tasks and empower users across various domains. The AI Assistant in Observability Cloud leverages generative AI to help engineering teams quickly detect, explore, and investigate issues through a natural language interface. The AI Assistant in Security accelerates security analysts’ investigations by providing AI-assisted guidance and summarizing incident data. Additionally, the Splunk AI Assistant for SPL enables customers to interact with Splunk’s data analytics platform using natural language, enhancing analyst productivity and decision-making effectiveness.

IT Service Intelligence (ITSI)

Splunk introduced new AI capabilities for IT Service Intelligence (ITSI), including a Configuration Assistant that leverages advanced AI and machine learning to optimize configurations and proactively identify potential issues. ITSI also received Drift Detection for KPIs and entity-level Adaptive Thresholds, allowing for early detection of anomalies and the creation of dynamic baselines at an entity level.

Enhanced Security Innovations for SOC

Splunk reinforced its commitment to security with new innovations aimed at bolstering threat detection and security operations. Splunk Enterprise Security 8.0 simplifies threat detection and response with a unified interface and standardized terminology, while a new Federated Analytics feature enables the analysis of data directly where it’s stored, starting with Amazon Security Lake. This integration allows for efficient threat hunting and frequent threat detection without requiring data movement. Additionally, the integration of Cisco Talos threat intelligence across Splunk Security products empowers security teams with real-time threat information and enhances defense against known and emerging threats.

The Hidden Costs of Downtime

A new report released by Splunk in collaboration with Oxford Economics revealed the staggering costs of unplanned downtime for Global 2000 companies, estimated at $400 billion annually. The report highlights the direct and hidden costs of downtime, including lost revenue, regulatory fines, diminished shareholder value, stagnant developer productivity, delayed time-to-market, and tarnished brand reputation. The report also provides insights into the origins of downtime and strategies employed by resilience leaders to bounce back faster.

Next-Generation Data Management

Splunk also unveiled new data management innovations that provide customers with richer, unified visibility across their enterprise to help achieve more responsible data ownership. The new Splunk Data Management portfolio enables customers to send, share, and process data across Splunk Cloud Platform and Splunk Observability Cloud, thus streamlining data processing and ideally reducing costs. Innovations include Pipeline Builders, Ingest Processor (which unifies data management), and Federated Analytics (which enables data analysis across Splunk and certain external data lakes).

Yes, it was a busy day at the Venetian! And the future of observability and enterprise resilience looks good. To quote Patel: “1 plus 1 doesn’t equal 3. It equals 11!”