By Samuel A. - Cybersecurity Expert
Splunk is a major tool both in the world of cybersecurity and among Squad's clients. As consultants, we have a duty to actively monitor developments so that we can be proactive in our assignments. Squad encourages its consultants to stay at the forefront of knowledge, and it is thanks to this momentum that I find myself immersed in the heart of the Splunk event of the year.
The opening keynote invites us to "Thrive in the Age of Data"while setting the context. Structural changes in our lives have put significant pressure and strain on the global IT infrastructure.
As proof, internet traffic has increased by 70%, and the eCommerce sector has seen a 76% increase.
In the United States, teleworking jumped by 42% compared to 5% the previous year, increasing the number of videoconferences fivefold. Companies were forced to review their operational mechanisms and reprogram their supply chains using... data.
Companies that rely on their data are the companies that will thrive. Splunk offers to help them find their way through the maze of DATA.
This year, Splunk wants to shed its label as a cybersecurity tool and become the "Data to Everything" platform. This is a title that the tool is legitimately and technically entitled to claim.
And to do so, Splunk is investing resources and following the trend toward cloud computing.
1. The Cloud
The use of "Splunk Cloud" has just surpassed that of "Splunk Enterprise," the on-premise version of the same tool. The tool has been rewritten and optimized to meet the specific constraints of the cloud. Splunk has partnered with AWS (Amazon Web Services) and Google Cloud Platform to be at the forefront of the cloud transition.
Where the largest cloud companies have average growth of 48%, Splunk's growth is 89%. Technically, the solution handles ingestion peaks of over 10 PB and indexing volumes of over 100 TB.
Their largest instances juggle input data volumes exceeding 60 TB per day.
2. Data to everything platform
The platform that leverages your data, whatever its use.
In five points:
- A data stream processing tool called DSP (Data Stream Processor)
- Machine learning with SMLE (Splunk ML Environment)
- Scalable indexing, in parallel, with better performance
- Federated search (multi-cloud and on-premise) with its analysis language, SPL2 (Search Processing Language)
- Collaboration and orchestration
Even though Splunk wants to expand its audience, it hasn't forgotten its historical expertise in cybersecurity, IT, and observability.
The transition to the cloud requires careful monitoring because complexity means uncertainty, and resource usage generates additional costs.
Through the acquisition of Plumbr and Rigor, the observability platform has been enhanced in terms of user monitoring (Splunk Real User Monitoring), investigation, and synthetic analysis of logs and process traces.
Something to delight RUN and DEVOPS!
When it comes to cybersecurity, protection is becoming increasingly difficult in the face of growing complexity and vulnerabilities.
Cyber operational platforms are becoming centralized and SOCs are gaining importance. Splunk continues to be a driving force with its unified cloud security platform, Splunk Mission Control. On the on-premise side, Enterprise Security remains the entry point for SOCs.
Supported by machine learning with Splunk UBA (User Behavior Analytics) for anomaly and threat classification, Splunk Phantom for orchestration and response automation (SOAR).
Thanks to the strength of its offerings, Splunk continues to enjoy the confidence of leading audit firm Gartner, which ranks it in a number of its Magic Quadrants.
3. New licensing option
Let's finish this avalanche of announcements with one of the most interesting ones for both Splunk and its customers... The Splunk licensing model is expanding, and you no longer have to pay based on the amount of data ingested, but rather on the amount of data used.
This new option calculates the license price based on the power of the infrastructure.
CONCLUSION
That concludes our report, as accurate as possible, on the proposals presented at the Splunk 2020 conference. Spread over two days, the conference was packed with sessions, each as interesting as the next.
Many thanks to Squad for this wonderful opportunity. I look forward to commenting on and sharing the various workshops I had the pleasure of participating in in future articles.
