Splunk beefs up its observability and incident response tools

BIG DATA

Data analytics-powered observability and cybersecurity firm Splunk Inc. today announced some key enhancements to its platform in order to help customers become more resilient to attacks and problems with their applications and computing infrastructure.

“What we see happening in the market is that security, IT and observability are coming closer together,” said Spiros Xanthos, senior vice president and general manager of observability at Splunk. “We’re trying to build a unified solution for safer and more resilient applications. At the end of the day, security and availability go hand in hand.”

The updates include new features for Splunk Observability Cloud and Splunk Mission Control, as well as the launch of a new service called Splunk Edge Processor. The main beneficiary of today’s updates looks to be Splunk Observability Cloud, a suite of observability tools that gains new capabilities, including Splunk Incident Intelligence.

According to the company, this will empower teams to increase on-call efficiency by providing them with the intelligence they need to diagnose, remediate and restore any failing services quickly, even before customers notice. Teams will also benefit from new autodetect capabilities from Splunk APM that use machine learning to improve the accuracy of alerts and reduce manual effort in resolving issues.

“Instead of having users manually create thresholds, APM uses machine learning to baseline signals coming out of an application and set alerts based on historical data,” Xanthos said. “It automatically understands when you have a problem as opposed to your having to set those thresholds yourself.”

A trace analyzer collects every transaction that happens in an application — from a click to a purchase — and applies machine learning to identify outliers that may indicate a security risk. Meanwhile, IM Network Explorer will make it easier for teams to monitor and assess cloud network health and resolve issues there. The new capabilities in Observability Cloud are generally available today, enabling a more unified approach to incident response, according to the company.

Filtering at the edge

Splunk Edge Processor, also generally available starting today, is meant to provide its Cloud Platform users with better visibility into, and control over, streaming data before it leaves their network. Edge Processor sits at the network edge and works by filtering, masking and routing data, ensuring more efficient data transformation initiatives, the company said.

“It helps with data tiering so users don’t have to rely on a third party to manipulate their observability data,” Xanthos said. “Users can extract and aggregate log data as a real-time metric and pre-calculate to get notifications in real-time.” They can also write queries to analyze data as it arrives using the latest version of Search Processing Language, which uses an SQL-like syntax. “You can filter data out, mask data and route it intelligently to different storage tiers,” he said.

As for Mission Control, which bundles Splunk Enterprise Security’s analytics tools and Splunk SOAR’s automation, orchestration and threat intelligence capabilities, enhancements here will help customers detect, investigate and respond to security threats more quickly through a unified work surface. Security teams will be able to leverage Enterprise Security’s and SOAR’s capabilities from one place, benefiting from simplified security workflows and automated processes that they can codify as response templates.

Duncan Brown, an analyst with International Data Corp., said the updates are encouraging because the need for enterprise resilience is growing as they proceed with their digital transformation initiatives.

“Splunk’s innovations in unified security and observability aid organizations in resolving this conundrum, by increasing digital resilience through advanced security analytics and better visibility across the tech stack,” he said. “A holistic approach to security and observability is essential for any digital enterprise.”

With reporting by Paul Gillin

Photo: Splunk