Press Release

.conf24: Splunk Introduces New Security Innovations to Power the SOC of the Future

Unified Security Ecosystem Enables Comprehensive Visibility, Accurate Threat Detection, and Rapid Response Capabilities


Cisco Talos Boosts Security Teams with Real-Time Threat Intelligence


Splunk, the cybersecurity and observability leader, today announced new security innovations aimed at bolstering threat detection and security operations across multiple data sources. These advancements include Splunk Enterprise 8.0, which empowers security teams to proactively manage and mitigate risks effectively, and a new Federated Analytics feature, which analyses data directly where it’s stored for threat hunting and frequent threat detection.


As organisations face increasingly sophisticated security challenges, a unified threat detection, investigation, and response (TDIR) solution is crucial to power the Security Operations Center (SOC) of the future. Splunk’s latest offerings address this need by fortifying foundational elements, delivering comprehensive security visibility, accurate threat detection, and streamlined workflows for rapid response, ultimately saving time with cost-effective solutions.


Splunk Enterprise Security 8.0: Streamlining Threat Detection and Response


Now with Mission Control natively integrated, Splunk Enterprise Security 8.0 simplifies how security analysts detect, investigate and respond to threats from one modern interface for additional operational efficiency and speed. With standardised terminology and unified automation via Splunk SOAR, Splunk Enterprise Security 8.0 expedites alert triage and investigations, enhancing detection with advanced analytics. As a result, security analysts can leverage streamlined workflows, faster responses and improved productivity.


With the new enhancements in Splunk Enterprise Security 8.0, security teams can:


  • Leverage a seamless workflow experience: Splunk Enterprise Security 8.0 offers a unified work surface and response plans to help customers identify, assess and respond to threats.
  • Drive more efficient investigations: One click, modern aggregation and triage capabilities to automatically aggregate findings based on preset criteria for a comprehensive view of critical insights.
  • Save time by focusing on critical incidents: Enhanced detection delivers turnkey capabilities to understand and implement a risk-based alerting strategy, generating high-confidence aggregated alerts for investigations.
  • Communicate more effectively and take rapid action: Clear, concise terms that align to each phase of a security workflow within Splunk Enterprise Security 8.0.


“The latest advancements in Splunk Enterprise Security 8.0 revolutionise the TDIR life cycle experience for analysts,” said Mike Horn, SVP & GM, Splunk Security Products. “Featuring a seamless investigation and case management solution that includes integrated automation with Splunk SOAR, our latest release empowers SOC teams to navigate the complexities of cybersecurity with efficiency. Splunk Enterprise Security 8.0 serves as a foundation for the SOC of the future, driving proactive defence in an ever-evolving threat landscape.”


Federated Analytics: Empowering Data Analysis Across Splunk and External Data Sources, Beginning With Amazon Security Lake


Splunk’s Federated Analytics feature, available in private preview on Splunk Cloud Platform and cloud deployments of Splunk Enterprise Security, introduces a new approach to data analysis. This solution enables customers to analyse data directly where it resides, beginning with Amazon Security Lake, a service that automatically centralises an organisation’s security data from across their Amazon Web Services (AWS) environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake, for threat hunting and bringing specific data into Splunk for frequent threat detection. By seamlessly integrating with Amazon Security Lake, Federated Analytics empowers organisations to efficiently detect and investigate security incidents without the need to relocate data. This capability ensures swift, context-rich data analysis and enhances operational agility, setting the stage for future expansions to additional data platforms.


With Federated Analytics, security teams can:


  • Analyse data wherever it resides: Ensure timely access to and analysis of data across storage locations, maintaining data integrity and reducing latency.
  • Unify security visibility across your data: Integrate and analyse data from Splunk and Amazon Security Lake with a seamless analyst experience, providing a holistic view of security data, and reducing costs and logistical complexities.
  • Increase efficiency and cost-effectiveness: Optimise operational costs through smart data management strategies such as data tiering and selective data ingest, significantly lowering expenses associated with data management.


“With Amazon Security Lake and Splunk’s Federated Analytics, customers now have access to significant advancements in data security and accessibility, supporting SOC use cases such as monitoring and threat hunting,” said Mark Terenzoni, Director of Risk Management at Amazon Web Services. “The Federated Analytics solution empowers organisations to leverage the comprehensive capabilities of Amazon Security Lake while maintaining robust security measures. We are enthusiastic about our collaboration with Splunk to enable customers to perform just-in-time indexing for large volumes of data sources without requiring data movement for investigative use cases. Federated Analytics and the Open Cybersecurity Schema Framework (OCSF) underscores our shared vision of driving innovation and efficiency in cybersecurity.”


Enhancing Security Defense: Cisco Talos Integration with Splunk Security Products


Following Cisco’s acquisition of Splunk, security teams will be able to harness the power of Cisco Talos threat intelligence across Splunk Attack Analyzer, Splunk Enterprise Security and Splunk SOAR for enhanced defence against known and emerging threats. Cisco Talos is one of the most trusted threat intelligence teams in the world, composed of world-class researchers, analysts, incident responders and engineers.


Leveraging Talos’ extensive intelligence network, Splunk customers can streamline threat detection and response processes, reducing alert fatigue and allowing security analysts to focus on critical threats. This enables quick identification and prioritisation of real threats with global real-time outbreaks, contextual insights and advanced correlations.


The technical integration of Talos real-time intelligence is underway across Splunk’s portfolio, including Splunk Enterprise Security, Splunk SOAR and Splunk Attack Analyzer.


Product Availability


Splunk Enterprise Security 8.0 is now in private preview, with general availability coming in September 2024. Splunk’s Federated Analytics feature will become available in private preview starting in July 2024.


The Cisco Talos threat intelligence integration with Splunk Enterprise Security, Splunk SOAR and Splunk Attack Analyzer will be made available soon.


For more details on all of Splunk’s .conf24 announcements, please visit our newsroom. Availability dates and regions are subject to change.


About Splunk Inc.

Splunk, a Cisco company, helps build a safer and more resilient digital world. Organisations trust Splunk to prevent security, infrastructure and application issues from becoming major incidents, absorb shocks from digital disruptions, and accelerate digital transformation.

Splunk and Splunk> are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2024 Splunk Inc. All rights reserved.