Splunk launches Splunk Security Cloud, nabs $1B from Silver Lake

Splunk today launched Splunk Security Cloud, bolstering its data security portfolio and furthering its effort to make all parts of its machine-generated data search platform available in cloud-native applications.

Separately, Splunk announced a $1 billion investment by private equity firm Silver Lake. Splunk, which is in the midst of a challenging platform shift to the cloud, said it will use the proceeds to fund growth and share buybacks. Silverlake chair and managing partner Ken Hao will take a position on Splunk’s board of directors. The San Francisco-based company also announced this week that it has completed its acquisition of security software developer TruStar. The acquisition adds TruStar’s cloud-native, cyber intelligence-sharing capabilities and automated processes to Splunk’s growing cybersecurity portfolio.

“Splunk Security Cloud is part of our transition to becoming a true cloud company, with the majority of our customers consuming ‘Splunk-as-a-service,’” Splunk president and CEO Doug Merritt told VentureBeat in an exclusive interview.

“There are so many more attack surfaces today than there were even a year ago. There are more devices, more wireless connections with remote workforces, more use of things like different speech-to-text protocols, all generating information about themselves which can be unstructured and chaotic,” he said, adding that the rush of data can create serious vulnerabilities.

“A cloud security platform can handle a broader array of today’s security challenges at much more effective pricing for our customers,” he continued.

Splunk Security Cloud is “the only data-centric modern security operations platform that delivers enterprise-grade advanced security analytics, automated security operations, and integrated threat intelligence with an open, unparalleled ecosystem,” he claimed.

Splunk said its new cloud security offering provides value to IT organizations in four key security information and event management (SIEM) areas:

• Advanced Security Analytics: The platform enables machine learning-powered analytics to detect and deliver key insights in multi-cloud environments
• Automated Security Operations: The key to faster time to detection, investigation, and response with tens of minutes shaved off alert times
• Threat Intelligence: The automatic collection, prioritization, and integration of all sources of intelligence to drive faster threat detection
• Open Ecosystem: The ability to correlate data across different vendors’ security tools for increased visibility into threat conditions, faster response times, and the enablement of prescriptive detection applications

Merritt emphasized the role TruStar’s data intelligence platform will play in Splunk Security Cloud, with further integration of TruStar “in the coming months” planned to help Splunk customers “enrich their SOC [security operations center] workflows with normalized threat intelligence from third-party sources and from their own historical events and investigations, reducing the time it takes for customers to detect and remediate issues before they can impact the business.”

Security as a team sport

Splunk is going to market with Splunk Security Cloud hand in hand with managed security service provider (MSSP) partners like BlueVoyant. A Splunk premier partner based in New York, BlueVoyant integrates Splunk SIEM technologies with its own proprietary data analytics solutions and technical expertise.

“BlueVoyant’s detection service offers a fast, easy-to-manage integration with Splunk Cloud, allowing customers to realize 24/7 SOC coverage in today’s high-risk cybersecurity environment,” Merritt said.

Sendur Sellakumar, chief product officer at Splunk, added that MSSPs and other solution provider partners are vital to ensuring that disparate, wide-ranging third-party security products work together in harmony.

“Security is a team sport, and no single product or service can solve all customers’ security needs,” Sellakumar said. “Enterprises we talk to have anywhere from 25 to 50 tools in their environments, including multiple control points, increasing operational costs, and complexity for their SOCs.”

“Organizations need a combination of solutions for their security needs, [which is] why we believe our partner ecosystem is so important, enabling faster solutions for their needs and cohesive solution sets for our joint customers.”

Customers implementing early versions of Splunk Security Cloud include the University of Arizona and business communications platform developer Slack.

Merritt described the university’s deployment as “very instructive and wide-ranging” because a college campus is “like a mini-city in its complexity and security needs.”

The Splunk CEO said Slack — whose $27.7 billion acquisition by Salesforce is expected to close next fiscal quarter — was another helpful use case for Security Cloud because the San Francisco-based company’s security challenges included the strain of rapid operational upscaling and the sudden need to provision an almost entirely remote workforce during the pandemic.