Interview: Mark Brown – VP Solutions Engineering at Splunk

This week, I had the pleasure of running a Fireside Chat with Mark Brown, who leads the engineering team at Splunk. The chat was streamed live on Linked In and YouTube as part of Cisilion’s monthly technology chat show which has been running for more than three years.

This month, we took to the virtual stage to discuss the acquisition of Splunk by Cisco, the history and innovation that Splunk brings across security and data analytics and observability, and some of the huge success stories and customers of Splunk since the company’s founding in 2003.

Cisilion and Spunk – May Fireside Chat

In this month’s show, we delved into Splunk’s history and capabilities, its evolution over the last 20 years, and its role as a data analytics platform. We talked about Splunk’s diverse customer base, including huge “high street” brands like Siemens and Gatwick Airport, where we discussed how Splunk’s data analytics is helping to enhance operational efficiency and security at the airport and how by processing local traffic and weather data along with real time people traffic in the airport, they help to ensure that LGW meet their people flow SLAs of getting people from check-in and through security.

Finally we talked about why Cisco have acquired Splunk, the market opportuntiy it creates and how partners like Cisilion will be able to leverage this aquisition into the Cisco portfolio over time. Mark talks about this being a strategic move to integrate Splunk’s data analytics with Cisco’s network and security solutions, offering a comprehensive approach to observability and security and giving them a real competitive edge whilst, increasing their market share and making the solutions simpler for their customers.

Using the power of AI, I have used Microsoft Copilot to breakdown the key sections of the video and help you to navigate to areas you think might be useful to you.

(I have a video on how to do this which you can access -> here -<

Cisilion and Splunk Fireside Chat – Key Coversations

  • [00:01:18] Introduction of Mark Brown from Splunk
    • Leads the UK solution engineering team
    • Discusses Splunk’s recent acquisition by Cisco
    • Highlights the value Splunk brings to businesses
  • [00:03:00] Explanation of what Splunk is
    • Describes Splunk as a platform for searching logs in data centers
    • Evolved into a leader in security and observability
    • Known as the “Google for the data center”
  • [00:18:09] Cisco’s acquisition of Splunk
    • Seen as a natural fit with little overlap in technology offerings
    • Expected to enhance both Cisco’s and Splunk’s product portfolios
    • Acquisition aligns with Cisco’s strategy to expand software offerings
  • [00:08:14] Reference customers of Splunk
    • Splunk’s reference customers span 110 countries and includes major brands across various industries
    • Talking through examples including Siemens, Singapore Airlines, and Gatwick Airport
    • Talking about wider use cases that demonstrate Splunk’s adaptability and impact
  • [00:14:22] Splunk’s competition in the market
    • How and where Splunk competes with and partners with various tech companies such as Data Dog and Relic
    • How Microsoft Sentinel have also become a leader in the SIEM space in just two years and how Microsoft and Splunk are working together to deliver Splunk Solutions to customers in Azure.
    • How Splunk have been leaders for more than 10 years.
  • [00:17:46] Cisilion’s perspective on the acquisition
    • How Cisilion are excited about the integration and potential for new market opportunities and the alignment between Cisco and Microsoft, Cisilion’s two strategic partners.
    • How we see the acquisition as a way to complete the technology journey for clients bringing together multiple technnologies and creating a single pane of glass for security logs and observability.
    • Our forward looking view on the game-changing advancements in observability and security this aquisition could bring to Cisco.
  • 00:25:23] The chat continues around use cases, market trends and the future of security and observability

Welcome your views on the video and the discussion as always.

Microsoft and Splunk Lead in Gartner 2024 MQ for SIEM

The digital security landscape is constantly challenged by sophisticated threats, making the role of Security Information and Event Management (SIEM) systems more critical than ever. In the 2024 Gartner® Magic Quadrant™ for SIEM, Microsoft and Splunk have been recognised as leaders, demonstrating excellence in vision and execution in the SIEM space.

Gartner said in their 2024 report that “The SIEM market grew from $5.03 billion in 2022 to $5.7 billion in 2023 (see Market Share: All Software Markets, Worldwide, 2023), a 13% annual growth rate compared to a 22% increase the previous year. The primary drivers of a SIEM purchase are threat detection, response, exposure management and compliance. Buyers are seeking a SIEM ecosystem with broad and deep capabilities to satisfy multiple security and business use cases with capabilities to support a diverse environment.”

Image (c) Gartner 2024

The Significance of SIEM in Cybersecurity

SIEM technology is essential for organisations to effectively manage security events and information. It provides real-time visibility across an organisation’s information security systems (multi vendor), providing single pane of glass event log management, compliance reporting, and incident response capabilities. The ability to swiftly detect, analyse, and respond to security incidents is what makes SIEM a cornerstone of enterprise security strategies.

Friends and Foes?

In 2023, Splunk and Microsoft agreed to partnering to help build Splunk’s enterprise security and observability offerings on Microsoft Azure. This means that Splunk solutions are now available for purchase on the Microsoft Azure Marketplace as well as AWS Market place. This is great for both parties and Microsoft Partners who sell and deploy Azure Services to their clients.

Microsoft’s Leadership with Sentinel

Microsoft has been acknowledged as a leader in the Gartner Magic Quadrant for SIEM for its comprehensive, cloud-native solution, Microsoft Sentinel1. According to Gartner, Microsoft Sentinel stands out with its unified security operations platform, blending SIEM, XDR, AI, Threat Intelligence, and extended posture management into a single experience. This platform is powered by generative AI, offering end-to-end protection and consolidating various security operations tools into a coherent experience.

Strengths:

Best Fit for Sentinel:

Gartner cite Microsoft Sentinel as being best for organisations that require or demand a cloud-native SIEM solution with advanced AI capabilities and integration with other Microsoft security products will find Microsoft Sentinel to be an ideal fit. Sentinel works with a huge number of external cloud and on-premises data connectors (including Splunk).

Splunk’s Data-Centric Excellence in SIEM

Splunk remains a joint leader in the SIEM market, praised as always for their data-centric security analytics solution, The Enterprise Security application from Splunk is available both on-premises and as SaaS. Splunk provides pricing flexibility, which can be based on daily data ingestion or cloud workloads, referred to as Splunk Virtual Compute. Splunk primarily serves large enterprise organizations in North USA

Splunk have said they are launching a new AI Assistant for Security, which will be integrated with Enterprise Security to enhance detection and response functions. Cisco finalized the acquisition of Splunk on March 18, 2024 and we expect to see integration and cross pollenisation of their combined portfolio at somepoint in 2025.

Gartner point out that currently Splunk has a significantly higher-than-average cost compared to other vendors in their report, is more complex to deploy and configure (measured in pro services days) and currently low numbers of sales support staff outside the US – though with Cisco’s aquisiton of Splunk this is likely to change over the next 18-24 months.

Strengths:

  • Overall observability: The Splunk platform can integrate security, IT, application and other data sources. This, coupled with its federated search and analytics capabilities across third-party data stores, is a strength for clients seeking to build highly enriched queries and alerts.
  • Extensive integration: Splunk’s integration of SOAR enhances a wide range of common SIEM use cases. Clients wanting quick time to production automation for common SIEM operational functions will find Splunk’s library of playbooks a strength.
  • User interface: Splunk’s UI and dashboard provide significant customization. Clients requiring custom animations and visualization for specialized monitoring, such as OT or financial systems, will find the UI editor an overall strength

Best Fit

Splunk is particularly suited for very large organisations that value a data-driven approach to security and need powerful analytics to manage complex security environments. Microsoft is actually one of Spunk’s largest customers.

Conclusion

Microsoft and Splunk continue to lead the SIEM market with their innovative solutions. Sentinel offers a world-class leading, cloud-native, AI-enriched platform that simplifies operations and accelerates threat resolution.

Splunk provides a robust, data-centric approach to security analytics, enabling organizations to respond to threats with speed and precision and is ideally suited for the largest of enterprises as well as those who remain mainly on-prem and less “all in with cloud”. Splunk also has a strategic alignment and integration with Microsoft Sentinel.

As a Microsoft and Cisco leading UK partner, we are excited to be working with both Cisco and Splunk (Cisco) in this space with the abiluty to guide and consult around customer hosted, Azure hosted and cloud-native SIEM solutions. We also love ther fact that we can now meet customers on their ground with the ability to deploy Splunk on Azure via the market place to our clients.


Cisco and Splunk – For Security and Observability.

With the $28B aquisition now complete between Cisco and Splunk, both vendors will soon be in heavy marketing mode as they position their new combined offerings (under Cisco) to “unify the full power of network and endpoint data with leading Security and Observability solutions, all underpinned by our highly scalable, AI-powered data platform“.

The combination of Cisco and Splunk will provide truly comprehensive visibility and insights across an organization’s entire digital footprint, delivering an unprecedented level of resilience through the most extensive and powerful security and observability product portfolio on the market.

Gary Steele| VP Splunk.

So what does that mean?

Unification and Choice

According to the new Splunk website and publicly facing collateral, the combining of forces is destined to offer the following value and connected experiences to their combined customer base.

  • Power the SOC of the Future, by
    • improving the efficacy, efficiency, and economics of defending organisations and service providers against modern security threats, offering what they claim will be the  “most comprehensive security solutions for threat prevention, detection, investigation and response.”
    • Continuing to deliver Splunk’s existing  security and monitoring platforms, while adding Splunk technology to Cisco’s existing portfolio with enhanced network, endpoint and cloud data for” unparalleled insights and faster remediation“.
    • Enhancing Cisco’s security offerings across the board to help organisations secure users, protect infrastructure, and improve prevention, detection and remediation with Cisco’s User Protection, Breach Protection, and Cloud Protection suites which is fed from Cisco’s Talos data intelligence platform.
  • Enrich Observability across all and any environment by:
    • Offering a comprehensive full-stack observability solution, enhancing customers’ ability to deliver seamless digital experiences and prevent downtime across any environment, combining and joining Cisco Thousand Eyes and App Dymanics with Splunk’s portfolio of products.
    • Continue to offer choice to customers, by offering unified solutions as well as the individual Cisco and Splunk whilst providing unified management and insights.
    • Create a world leading observability platform through the Integration of the best of Cisco and Splunk technology leading to an holistic ability ability to detect and remediate incidents, empowering IT Teams to focus on enablement, security and digital transformation rather than troubleshooting performance and issues.

What about AI?

Yes… Cisco and Splunk also talk alot about AI empowerment and execution. After all, AI workloads are intense, drive traffic into different places and have a profound impact on how people use and access data and applications.

Aimed more at organisations who build and operate on their own data, rather than consume SaaS, the fuel of AI and its ability to provide information and serve requests is reliant on fast and secure access to models trained on huge volumes of the data.

Cisco beleive that their combined forces will bring an unmatched breadth of data through allowing organisations to build, scale and tune, highly scalable data platforms while ensuring performace and security at scale.

The competition?

The race to empower and secure both traditional and AI powered workloads continues up pace. Cisco have a great history of building arguably the best networking technologies in the world, have one of best SaaS performance monitoring platforms and now with the added arsenal of products from Splunk, puts them in a great position to win over customers, partners and MSPs with a unified offering.

Cisco have struggled to win hearts and minds with security for years but this combining of forces gives them an ACE card to play. Whether they will get this right (from a hearts and minds, price and integration) is yet to be seen, but Cisco have a great track record of integrating technologies from vendors their aquire.

More information

More information around the combined entity of Cisco and Splunk are coming in fast and late last week, Cisco ran a customer and partner briefing which is now available on demand here.

Continue reading “Cisco and Splunk – For Security and Observability.”

Cisco to Aquire Splunk

Cisco has announced that it will acquire Splunk, a cybersecurity and observability platform platform for $28 billion.

Cisco say that acquisition is expected to help them create the next generation of AI-enabled security and observability solutions, moving organisations from threat detection and response to threat prediction and prevention.

This will help build on the extensive full stack observability platforms Cisco have already including Thousand Eyes and Cisco App Dymanics.

We’re excited to bring Cisco and Splunk together. Our combined capabilities will drive the next generation of AI-enabled security and observability…. From threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient.”

Chuck Robbins | CEO | Cisco

This is the biggest acquisition in Cisco’s history and a massive push into software and artificial intelligence-powered data analysis. With three two complimentary services coming together it should help Cisco achieve it’s mission to “securely connect everything to make anything possible, and move from threat detection and response to threat prediction and prevention”.

Splunk President and CEO Gary Steele will join Cisco’s Executive Leadership Team reporting to Chuck Robbins.

What is Cisco’s Full Stack Observability offering?

Cisco’s Full-Stack Observability (FSO) solutions bring together performace and availability data from on-premises, cloud and SaaS applications allowing organisations to monitor traditional and modern applications, track performance of cloud-native applications, and correlate network metrics with application performance data and provide real-time insights and recommended actions for any performance related issues along with the potential. Impact to the business.

Cisco Full-Stack Observability is comprised of a single platform that brings together multiple solutions such including AppDynamics, ThousandEyes, and Cisco Secure Application. Splunk will soon be added to this!

The platform is open and extensible, API-driven, focused on OpenTelemetry, and anchored on Metrics, Events, Logs, and Traces (MELT).

You can find more information about Cisco Full-Stack Observability solutions on the Cisco website


You can read the announcement from Cisco below.

https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m09/cisco-to-acquire-splunk-to-help-make-organizations-more-secure-and-resilient-in-an-ai-powered-world.html