Main content

Splunk .conf24 - Novuna talks financial security, among a wealth of user tales

Chris Middleton Profile picture for user cmiddleton June 19, 2024
Last week’s Splunk user conference – the first since Cisco bought the company – revealed a number of enterprise case studies.


At last week’s .conf24 Splunk user conference in Las Vegas, there were a number of best practice user exemplars to be found. These revealed two vital things - first, the broad spectrum of Splunk’s customer base; and second, the critical importance of ensuring that the firm's relationship with Cisco works and does not, in the words of one Splunk executive to me over coffee, “f*** things up” for users.

That continuity and cultural balance is not just essential for Splunk’s enterprise and SMB customers, but also for Splunk’s enthusiastic, almost cultish staff – a resource that Cisco must avoid alienating at all costs. Plus, it is critical for the many corporate partners who were present, and attended their own mini conference on Day One. (Among Splunk’s larger partners are Google, AWS, Accenture, SAP, and Tenable, the kinds of player for whom trust and brand assurance are essential.)

So, what about that customer base?

Jostling for attention among the .conf24 user stories were: American mortgage giant Fannie Mae, which is deploying Splunk to consolidate tools and workflows across a complex hybrid architecture; and medical device manufacturer Medtronic, which told delegates how Splunk’s observability tools have been critical in maintaining manufacturing and distribution systems’ uptime.  Presenting a keynote was insurance giant Progressive, which deploys Splunk to enhance visibility in its security, IT, and engineering environments, with the aim of maintaining uptime and access to critical information. The company handles 15 million Web requests a day, it told delegates, protecting over $120 billion of clients’ market capitalization.

Meanwhile, United Airlines – the world’s largest carrier, with over 100,000 employees and 140 million customers flying to 300 destinations – said it relies on Splunk to “make sure that security is the cornerstone of everything” it does. This includes using Splunk Enterprise Security and Splunk SOAR [Security Orchestration Automation and Response] to monitor live data from aircraft, it explained. Rival carrier Singapore Airlines also deploys the security portfolio, and claimed 75% faster problem detection and 90% fewer backend issues as a result.

One of the highest-profile user stories was US stock market Nasdaq, which has been shifting both customer-facing products and internal operations to a SaaS model over the past decade, operating a hybrid environment throughout. Via its use of the Splunk platform, Nasdaq claimed it ensures reliability for its customer products, main trading platform, and more than 3,900 listed companies’ stocks.

Other user stories included the world’s largest employment organization, ManPower Group – which has over 400,000 clients; East Coast university the New Jersey Institute of Technology; and pizza chain Papa John's, all of which noted that systems resilience is paramount. And, presumably, the resilience of the Splunk/Cisco relationship.

For consumer hardware behemoth LG Electronics, AI integration was the priority. Bongsu Cho, VP of the company’s AI & Big Data Division, told delegates:

More than ever before, it’s a competitive advantage to gain critical insights quickly and efficiently from your data, which significantly enhances operational efficiency and proactive threat mitigation, ensuring robust digital resilience. A strategic AI approach across solutions ultimately drives innovation and strengthens business continuity in an increasingly complex digital landscape.

Other clients sharing stories at .conf24 included brewer Heineken, which captures the logfiles and analytics for the 25 million monthly data packets sent between its internal applications. It aims to use Splunk to turn those into actionable insights to improve operations.

The world’s third-largest retailer (and the UK’s biggest), Tesco, uses data stored in Splunk’s cloud to understand customer touchpoints, improve its supply chain, and optimize deliveries. Tesco claimed to have doubled its online delivery slots as a result, while keeping its systems secure.

Meanwhile, the world’s eighth-largest retail group, France’s Carrefour – which serves Europe, South America, and Asia – revealed that it has seen threat response times improve threefold by using Splunk Enterprise Security. And another retailer, Swedish furniture conglomerate IKEA, deploys Splunk Observability Cloud to give teams a holistic view of its applications and services.


On Day Two, away from the conference stage, I had the chance to speak to another customer: UK Financial Services giant, Novuna, a trading name of Mitsubishi HC Capital UK PLC. For this complex business, which addresses five different markets – personal, consumer, and business finance, plus business cashflow and vehicle leasing solutions – security is critical, as are systems integration and observability. Novuna reckons to have saved half a million dollars by using Splunk to increase user efficiencies and reduce on-call hours for its teams.

Ian Stacey is Group Head Of Information Security for Novuna. He explained that, on the IT side of the business, the company has been both a Cisco and a Splunk customer for longer than the five years that he has been onboard. But on the InfoSec side, he brought in Splunk himself four and a half years ago – with his colleague Callum Taylor as key product owner. Stacey told me that he was excited about the tie-up between Splunk and Cisco:

Some of the integrations, definitely, and the AI capabilities [are good for us]. It all comes back to a similar theme of efficiencies, of getting more from the same amount of resource. Every company has got challenges at the moment – it's not the world's greatest economic market right now. So, one challenge is I can't grow my team. But I'm alright with that, as we can now do a whole lot more with what we've got.

I've got a lot of stakeholders. We're made up of five separate business units, so I've got all of these different levels, plus five MDs as well, all under the same central functions, such as HR. We [InfoSec] are a shared service, providing security capabilities for the entire business. So, that’s a lot of people to keep happy. But doing more with what we’ve got… that's how I'm going to demonstrate our success as a team.

I wondered if prior to hearing .conf24’s themes of partnership, continuity, and support for the Splunk brand, might Stacey and Taylor have been nervous about the deal? After all, Splunk has been critical for Novuna’s security ever since the pandemic pushed the company towards cloud-based solutions. Stacey said:

I wasn’t that nervous about it, because we went through an acquisition ourselves two years ago. We came through that and we're a much better company now for it. We took in capabilities that we didn't have before. We got investment we didn't have before, and assistance from other areas of the group. Now, if you look at the amount [Cisco] bought Splunk for, they're only going to take that forward in the same way. It's the leading platform, and has been for 10 years. Two massive technology companies with a great track record… I can only see opportunities.

He added:

The coming together of things like threat intelligence. Opportunities like that are going to be huge: the amount of data that Cisco has that Splunk didn't have, and the huge amount of data that Splunk has that Cisco didn't… merging them together can only benefit us. So, definitely the deal has been a positive thing for us in security.

However, Taylor – as cybersecurity product owner within Novuna – admitted to having been more concerned. He told me:

From a technical perspective, I was a bit nervous, to be honest. Because I've worked with Splunk for the last decade, so I've been on that journey in enterprise security and all the products that we've had during that time. And I was also nervous because it is a community – it has just grown. But with Cisco, I am more relaxed now. However, we've seen other products out in the market where vendors have bought the company, and they’ve just… gone. The products have been absorbed.

As a shared service – operating within a complex business, and in a dynamic Financial Services market, Novuna has some core security priorities, explained Stacey: 

My biggest concern is our adversaries. We've got a fair number of them, in various shapes and sizes, and they're all maturing. With grudging respect, they're getting better at what they do – their capabilities continue to grow. So, my priority is making sure that ours grow at least as quickly. It's about keeping pace with that change. So, our detection and response capability is my priority. And visibility, our need to know what our estate looks like.

AI is set to be a major enabler in predicting where attacks will take place, he added: 

Predict, identify, and respond. We've done an awful lot of great work with that sort of capability. That's going to be a key thing.

Taylor agreed, noting: 

Being able to look through our infrastructure and see if there is anything which is a concern. And if it identifies something, making sure that we've got the right processes in place to deal with it. With the .conf24 announcements of AI additions within Enterprise Security, I think that will help us evolve our SOC [Security Operations Center].

Stacey picked up the theme:

It’s not just seeing alerts and then dealing with them. It's a case of the system getting so much more enriched now, so our analysts aren't spending as much time finding the information. It's just presented to them. That's a real time saver for them.

This may be a rare example of automation delivering on its promise of freeing up human experts to think in more strategic business terms. But will AI will broaden the attack surface, making incursions harder to detect and tell apart from authorised traffic? Is there a risk of the arms race between attackers and defenders intensifying, enabled by low-cost AI tools in the cloud? Taylor said:

Yeah, I am expecting that. There will be an impact on this industry from AI, because there will be a lot more attacks, including ones that people haven't thought about. Deep fakes are a particular fear. Being able to make a video, say, of one of our senior stakeholders. If their voice gets spoofed or there is a fake video, it could make the business quite vulnerable.

My take

A frank and engaging chat, with two professionals who see the upsides in Cisco’s high-risk purchase of Splunk. Also, just one of many stories at this year’s .conf24 event.

But once the pizazz has died down, how will the Splunk/Cisco relationship play out in the real world? For that, we will have to wait until next year’s event.

A grey colored placeholder image