Interview: Mark Brown – VP Solutions Engineering at Splunk

This week, I had the pleasure of running a Fireside Chat with Mark Brown, who leads the engineering team at Splunk. The chat was streamed live on Linked In and YouTube as part of Cisilion’s monthly technology chat show which has been running for more than three years.

This month, we took to the virtual stage to discuss the acquisition of Splunk by Cisco, the history and innovation that Splunk brings across security and data analytics and observability, and some of the huge success stories and customers of Splunk since the company’s founding in 2003.

Cisilion and Spunk – May Fireside Chat

In this month’s show, we delved into Splunk’s history and capabilities, its evolution over the last 20 years, and its role as a data analytics platform. We talked about Splunk’s diverse customer base, including huge “high street” brands like Siemens and Gatwick Airport, where we discussed how Splunk’s data analytics is helping to enhance operational efficiency and security at the airport and how by processing local traffic and weather data along with real time people traffic in the airport, they help to ensure that LGW meet their people flow SLAs of getting people from check-in and through security.

Finally we talked about why Cisco have acquired Splunk, the market opportuntiy it creates and how partners like Cisilion will be able to leverage this aquisition into the Cisco portfolio over time. Mark talks about this being a strategic move to integrate Splunk’s data analytics with Cisco’s network and security solutions, offering a comprehensive approach to observability and security and giving them a real competitive edge whilst, increasing their market share and making the solutions simpler for their customers.

Using the power of AI, I have used Microsoft Copilot to breakdown the key sections of the video and help you to navigate to areas you think might be useful to you.

(I have a video on how to do this which you can access -> here -<

Cisilion and Splunk Fireside Chat – Key Coversations

  • [00:01:18] Introduction of Mark Brown from Splunk
    • Leads the UK solution engineering team
    • Discusses Splunk’s recent acquisition by Cisco
    • Highlights the value Splunk brings to businesses
  • [00:03:00] Explanation of what Splunk is
    • Describes Splunk as a platform for searching logs in data centers
    • Evolved into a leader in security and observability
    • Known as the “Google for the data center”
  • [00:18:09] Cisco’s acquisition of Splunk
    • Seen as a natural fit with little overlap in technology offerings
    • Expected to enhance both Cisco’s and Splunk’s product portfolios
    • Acquisition aligns with Cisco’s strategy to expand software offerings
  • [00:08:14] Reference customers of Splunk
    • Splunk’s reference customers span 110 countries and includes major brands across various industries
    • Talking through examples including Siemens, Singapore Airlines, and Gatwick Airport
    • Talking about wider use cases that demonstrate Splunk’s adaptability and impact
  • [00:14:22] Splunk’s competition in the market
    • How and where Splunk competes with and partners with various tech companies such as Data Dog and Relic
    • How Microsoft Sentinel have also become a leader in the SIEM space in just two years and how Microsoft and Splunk are working together to deliver Splunk Solutions to customers in Azure.
    • How Splunk have been leaders for more than 10 years.
  • [00:17:46] Cisilion’s perspective on the acquisition
    • How Cisilion are excited about the integration and potential for new market opportunities and the alignment between Cisco and Microsoft, Cisilion’s two strategic partners.
    • How we see the acquisition as a way to complete the technology journey for clients bringing together multiple technnologies and creating a single pane of glass for security logs and observability.
    • Our forward looking view on the game-changing advancements in observability and security this aquisition could bring to Cisco.
  • 00:25:23] The chat continues around use cases, market trends and the future of security and observability

Welcome your views on the video and the discussion as always.

Microsoft and Splunk Lead in Gartner 2024 MQ for SIEM

The digital security landscape is constantly challenged by sophisticated threats, making the role of Security Information and Event Management (SIEM) systems more critical than ever. In the 2024 Gartner® Magic Quadrant™ for SIEM, Microsoft and Splunk have been recognised as leaders, demonstrating excellence in vision and execution in the SIEM space.

Gartner said in their 2024 report that “The SIEM market grew from $5.03 billion in 2022 to $5.7 billion in 2023 (see Market Share: All Software Markets, Worldwide, 2023), a 13% annual growth rate compared to a 22% increase the previous year. The primary drivers of a SIEM purchase are threat detection, response, exposure management and compliance. Buyers are seeking a SIEM ecosystem with broad and deep capabilities to satisfy multiple security and business use cases with capabilities to support a diverse environment.”

Image (c) Gartner 2024

The Significance of SIEM in Cybersecurity

SIEM technology is essential for organisations to effectively manage security events and information. It provides real-time visibility across an organisation’s information security systems (multi vendor), providing single pane of glass event log management, compliance reporting, and incident response capabilities. The ability to swiftly detect, analyse, and respond to security incidents is what makes SIEM a cornerstone of enterprise security strategies.

Friends and Foes?

In 2023, Splunk and Microsoft agreed to partnering to help build Splunk’s enterprise security and observability offerings on Microsoft Azure. This means that Splunk solutions are now available for purchase on the Microsoft Azure Marketplace as well as AWS Market place. This is great for both parties and Microsoft Partners who sell and deploy Azure Services to their clients.

Microsoft’s Leadership with Sentinel

Microsoft has been acknowledged as a leader in the Gartner Magic Quadrant for SIEM for its comprehensive, cloud-native solution, Microsoft Sentinel1. According to Gartner, Microsoft Sentinel stands out with its unified security operations platform, blending SIEM, XDR, AI, Threat Intelligence, and extended posture management into a single experience. This platform is powered by generative AI, offering end-to-end protection and consolidating various security operations tools into a coherent experience.

Strengths:

Best Fit for Sentinel:

Gartner cite Microsoft Sentinel as being best for organisations that require or demand a cloud-native SIEM solution with advanced AI capabilities and integration with other Microsoft security products will find Microsoft Sentinel to be an ideal fit. Sentinel works with a huge number of external cloud and on-premises data connectors (including Splunk).

Splunk’s Data-Centric Excellence in SIEM

Splunk remains a joint leader in the SIEM market, praised as always for their data-centric security analytics solution, The Enterprise Security application from Splunk is available both on-premises and as SaaS. Splunk provides pricing flexibility, which can be based on daily data ingestion or cloud workloads, referred to as Splunk Virtual Compute. Splunk primarily serves large enterprise organizations in North USA

Splunk have said they are launching a new AI Assistant for Security, which will be integrated with Enterprise Security to enhance detection and response functions. Cisco finalized the acquisition of Splunk on March 18, 2024 and we expect to see integration and cross pollenisation of their combined portfolio at somepoint in 2025.

Gartner point out that currently Splunk has a significantly higher-than-average cost compared to other vendors in their report, is more complex to deploy and configure (measured in pro services days) and currently low numbers of sales support staff outside the US – though with Cisco’s aquisiton of Splunk this is likely to change over the next 18-24 months.

Strengths:

  • Overall observability: The Splunk platform can integrate security, IT, application and other data sources. This, coupled with its federated search and analytics capabilities across third-party data stores, is a strength for clients seeking to build highly enriched queries and alerts.
  • Extensive integration: Splunk’s integration of SOAR enhances a wide range of common SIEM use cases. Clients wanting quick time to production automation for common SIEM operational functions will find Splunk’s library of playbooks a strength.
  • User interface: Splunk’s UI and dashboard provide significant customization. Clients requiring custom animations and visualization for specialized monitoring, such as OT or financial systems, will find the UI editor an overall strength

Best Fit

Splunk is particularly suited for very large organisations that value a data-driven approach to security and need powerful analytics to manage complex security environments. Microsoft is actually one of Spunk’s largest customers.

Conclusion

Microsoft and Splunk continue to lead the SIEM market with their innovative solutions. Sentinel offers a world-class leading, cloud-native, AI-enriched platform that simplifies operations and accelerates threat resolution.

Splunk provides a robust, data-centric approach to security analytics, enabling organizations to respond to threats with speed and precision and is ideally suited for the largest of enterprises as well as those who remain mainly on-prem and less “all in with cloud”. Splunk also has a strategic alignment and integration with Microsoft Sentinel.

As a Microsoft and Cisco leading UK partner, we are excited to be working with both Cisco and Splunk (Cisco) in this space with the abiluty to guide and consult around customer hosted, Azure hosted and cloud-native SIEM solutions. We also love ther fact that we can now meet customers on their ground with the ability to deploy Splunk on Azure via the market place to our clients.