14 June 2024

Splunk .Conf24 Wrap Up

SIEM, Splunk

Well, Splunk .conf24 is over and it’s time to take home all of the news, updates and learning from the event. You can find some deeper dives on everything new, such as new integrations and AI developments from the opening keynote, and a deeper dive on data ingestion and refinement from the second day of the event.

Looking at everything together, it’s clear this event was about three main themes:

  • Platform Integration
  • Observability
  • Data Management

 

Cisco and Splunk: Working Together

As the event has come to a close, it’s apparent that platform innovation and integration were a focus of .conf24. Coming directly from Chuck Robbins (Cisco CEO) “Our job is not to screw up anything that you guys do really well today, but to bring you incremental capabilities”. The aim here is to integrate Cisco’s existing product stack with Splunk’s and a timeline for this that benefits both platforms overall.

At the highest level, Cisco’s CEO, Chuck Robbins, officially handed over the observability leadership to Gary Steele, the former CEO of Splunk. Robbins expressed immense confidence in Steele’s ability to lead this integration, emphasising the strategic value Splunk brings to Cisco’s decision-making process.

So how will this look? We understand that Observability Cloud will become the core of Cisco’s observability strategy, replacing Cisco’s existing Full-Stack Observability (FSO) platform. This transition will be interesting, as it leverages Splunk’s mature offerings in infrastructure monitoring and microservices application performance monitoring. This is also showing the significant benefits of open telemetry, allowing these two huge products to align so closely in just 10 weeks.

The integration will merge AppDynamics, Cisco’s application performance management (APM) tool, into Splunk’s ecosystem. This will allow for seamless data flow between the platforms, enhancing the observability capabilities for both current Cisco and Splunk customers. Existing customers of the Cisco Observability Platform will be supported through this transition, ensuring a smooth migration path.

Finally, Splunk’s announced integration with Talos Threat Intelligence has the potential to offer Splunk clients a commercially attractive threat intelligence option.

 

 

Looking Ahead – Observability

While the full integration details are still emerging, the enhanced collaboration between Cisco and Splunk is also changing things up in the Observability space.  

For large organisations, maintaining seamless operations across diverse and distributed systems is a significant challenge. Observability tools provide a comprehensive view of an organisation’s digital footprint, encompassing everything from traditional applications to modern microservices, across private and public networks. This holistic visibility is crucial for preempting issues, optimising performance, and ensuring a smooth user experience.

With Splunk at its core, Cisco aims to enhance these capabilities, providing customers with an integrated solution that covers the entire IT stack, using AppDynamics specifically, connecting Splunk’s Observability Cloud with log observer connect. The greater use of Open Telemetry has allowed rapid adoption between the two and with Gary Steele (Splunk CEO) leading the initiative, it will interesting to see where things head next.  

The combined strengths of both companies promise to deliver a robust, scalable, and comprehensive observability solution tailored to meet the needs of modern enterprises. The continued development of an AI assistant is a boon for accessibility, allowing analysts to interact more easily with Splunk using natural language.

As this partnership evolves, it will be exciting to see how it shapes the future of digital infrastructure management. Apto (along with the rest of the industry) will keep a close eye on deprecation and the inevitable cost implications that have to come with such an acquisition. We aim to comment on specific trends, features and pitfalls as they emerge over the next 6 months and keep our clients up to date.

 

The Growing Complexity of Data

As our clients know, data is typically proliferating at unprecedented rates across edge, on-premises, and cloud environments. Managing this influx is a challenge for large organisations, especially in sectors with high compliance requirements such as Finance and Healthcare. Organisations often grapple with fragmented tools and services, which can lead to costly downtime. 

Downtime can cost Global 2000 companies an estimated $400 billion annually, with stock values potentially plummeting by up to 9% following a single incident. Therefore, achieving complete visibility across an enterprise is crucial for optimising investments, improving data economics, and enhancing resilience.

Effective data management empowers organisations with a cohesive experience, enabling them to preprocess data through a unified pipeline. This holistic approach provides SecOps, ITOps, and engineering teams with enhanced control over the shape, volume, and destination of their data. By unifying the collection of metrics and logs, these teams can better manage their data, bolster their security posture and improve efficiency.

New Splunk Data Tools

Tom Casey, Splunk’s SVP, emphasised the significance of these advancements, stating, “Not all data is created equally, and its value changes over time. Organisations need solutions that simplify the data management experience while enabling them to retain control and ownership of their data” 

The new Splunk Data Management portfolio includes several features designed to streamline data processing and enhance visibility:

Pipeline Builders – Powered by SPL2, Pipeline Builders allow customers to filter, mask, transform, and enrich their data. This simplifies data processing and reduces costs. ts.

Ingest Processor – This feature unifies data management across the Splunk Platform and Splunk Observability Cloud. It enables the conversion of logs to metrics and routing to various endpoints, including Splunk Observability Cloud, Splunk Cloud Platform, and Amazon S3. This facilitates better volume control and response times.

Federated Analytics – Announced at AWS re:Inforce 2024, this feature allows customers to analyse data across Splunk and external data lakes, beginning with Amazon Security Lake. It will be available in a private preview in July 2024.

Next Steps For Implementation

We’ll have more views on all of these new features and possibilities soon, but we are confident that these will be beneficial to many organisations and we’re looking forward to seeing how these can be applied in real-world scenarios for our clients. 

For further updates straight to your inbox, please subscribe here.

Stay updated with the latest from Apto

Subscribe now to receive monthly updates on all things SIEM.

We'll never send spam or sell your data, see our privacy policy

See how we can build your digital capability,
call us on +44(0)845 226 3351 or send us an email…