Re-inventing Enterprise Security - Splunk's latest objective

Profile picture for user slauchlan By Stuart Lauchlan September 6, 2015
Splunk's made Wall Street happy with good numbers. Now, can it re-invent the Enterprise Security sector?

Godfrey sullivan Splunk
Splunk CEO Godfrey Sullivan

With 10,000 customers worldwide, is Splunk now a mainstream proposition?

Certainly the use cases are becoming more and more impressive. For example, retailer Sephora used Splunk for deploying its in-store mobile point of sale (PoS) systems and reduced failed customer transactions by 95% as well as doubling revenue through mobile PoS.

In addition, the firm is producing numbers that have Wall Street investment analysts enthused. Last week, Splunk turned in a loss of $55.3 million, down from a year-earlier loss of $60.8 million, on revenues up 46% to $148 million from $102 million a year ago..

For Splunk CEO Godfrey Sullivan there are three priorities right now to build on the firm’s current foundation:

Number one is improving the technology from top to bottom of the stack. We continue to improve the core Splunk enterprise and all the core platform elements so that it can be the very best indexing engine and data analytics device known to man. But that also has to encompass the solutions business, hence our market groups. So being able to add solutions and apps on top of that like Enterprise Security, which has become such a force in the marketplace, like IT service intelligence and on and on. So making sure that we have the best whole product regardless of what the customers' use case is, so that R&D spend is job one.

Closely following that is cloud because the next major growth area for us is to make sure that we capture everyone's business regardless of where they want to deploy it and there are so many customers who have a lot of on prem business but also are putting new projects in the cloud and we're so uniquely positioned to help the company bridge their way from on prem to the cloud because of our hybrid approach and because of the flexibility of our software and our fast deployment times. There's nobody in the market place that can deploy and deliver success as fast as we can.

And the third is coverage. And it's all about field, it's about field expansion, it's about as Doug said it's about sales positions, technical positions, customer success, it's a highly technical world we live in and you can't just put salespeople on the street and be successful. You have to put a very strong technical team on the street to help the customer achieve success and really understand these complex issues and somehow Splunk magically translates all these very complex dated issues into very rapid deployment success.

New Enterprise Security

Spunk has also been investing in new tech areas, such as anomaly detection and behavioral analytics in the form of Metafor Software and Caspida, which are seen as add-ons to the current functionality and will be part of future iterations. Sullivan explains:

Metafor provides anomaly detection and behavioral analytics for IT operations use cases. Caspida provide data science driven behavioral analytics for security use cases. This acquisition is in line with our strategy of expanding our cyber security offerings and will enable us to bring more advanced analytical capabilities to our customers.

He adds:

They're important. Splunk’s reputation, Splunk's technology brand is built around highly flexible search. It’s fantastic, but customers don't want to be limited to just search. Like if I just keep searching I'll find the anomalies or I'll find the unusual patterns or I'll find the outliers. They want Splunk to tell them where those patterns are and to tell them where the outliers are to be able to compare known-versus-new so that you don't have to do everything through a query.

So it doesn't matter whether you're talking about security or IT operations or business analytics, the customer transactional sort of questions, any type of process analysis, you want to be able to compare new-versus-old or rare-versus- normal and those types of things. The whole notion of machine-learning, anomaly detection and the like is core to a whole new set of applications, of which insider threat and user behavior analytics are just two examples. But you have to have those core technologies in order to move from sort of query to pattern recognition.

splunk logo 2
Haiyan Song, Splunk Head of Security Markets, cites triple digit growth in Enterprise Security revenues year-on-year as proof that this is a sweet spot for Splunk moving forward:

Splunk is being increasingly viewed as the trusted security intelligence platform for breach response. This past quarter a high profile government agency and a well know university were both breached and subsequently purchased Splunk to beef up their security and breach response.

Song also points to the Caspida acquisition as an enabler for transformation of Enterprise Security expectations and capabilities:

It signifies our commitment to invest in accelerated innovation and extending our analytics driven security offering. Customers can benefit from Caspida's machine learning solution to detect advance threat from external attackers and malicious insiders. Recent breaches have shown us the significance of identify and user credentials as an attack surface.

Our first combined solution will focus on user and entity behavior analytic to help our customers with this critical security need.

As 451 research noted, this emerging techniques are fundamentally reshaping the nature of security analytics and are moving towards defining an architecture that goes well beyond Security Information Event Management (SIEM).

My take

Some interesting technology expansion moves in the field of Enterprise Security to add to an growing customer footprint.