Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility

Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility

The News: Splunk leveraged its annual .conf23 event to launch product updates and announce a significant pivot to AI. For the full announcement details, see the Press Releases on Splunk’s website, here and here.

Splunk Goes All in on AI: New Innovations to Enhance Security, Customer Experience, and Visibility

Analyst Take: Splunk, a leading provider of security and observability solutions, with more than 14,000 customers globally, announced several new innovations at its annual user conference, .conf23 this week. According to the company, the new innovations are designed to help enterprises enhance their security operations, drive exceptional customer experiences, and gain unparalleled visibility across their hybrid cloud environments.

One of the key innovations announced at .conf23 was Splunk Attack Analyzer. Splunk Attack Analyzer is designed to be an automated threat analysis tool that helps security operations teams quickly identify and respond to threats. The tool uses machine learning (ML) to analyze security telemetry data and identify anomalous activity that could be indicative of a threat. Splunk Attack Analyzer also provides context about the threat, such as the source of the attack, the affected systems, and the potential impact. With security teams embattled by an overwhelming number of attacks and devices to manage, any strides to provide ML-driven attack analysis will be well received.

Another key innovation announced by Splunk is the integration of Splunk Observability Cloud and Splunk Cloud Platform. This integration gives organizations a unified view of their customer-facing systems, including applications, infrastructure, and data. This unified view can help organizations to identify and resolve customer-impacting issues more quickly.

The most interesting announcement at the show, for me at least, was Splunk Edge Hub – the announcement that Splunk is entering the hardware market, albeit via collaboration with a hardware developer. Edge Hub is designed to move observability to the far edge and provide out-of-the-box metrics and reporting for a variety of operational technology (OT) variables. When integrated with the Splunk platform, Edge Hub empowers customers with a range of insightful capabilities:

  • Environmental Monitoring: With the capacity to track and analyze various environmental factors such as water quality, temperature, humidity, and gases, organizations can swiftly pinpoint and address potential issues. This ability to identify and remediate problematic conditions enhances operational efficiency and sustainability.
  • Predictive Analytics: Leveraging advanced analytics, Splunk Edge Hub enables the detection of anomalies in manufacturing processes. Early indications of equipment maintenance needs or outages can be surfaced, allowing proactive measures to minimize operational downtime. This predictive approach optimizes resource allocation and enhances overall manufacturing efficiency.
  • Enhanced Visibility Across IT and OT Environments: By providing comprehensive visibility across both IT and OT landscapes, the platform empowers organizations to better detect, investigate, and resolve threats and IT stressors. This consolidated approach streamlines security operations and strengthens overall cyber-resilience.
  • Empowering Custom Solutions: Through collaboration with industry experts, Splunk Edge Hub facilitates the creation of tailor-made solutions for environments historically challenging to extract data from, such as transportation, oil & gas, and supply chain sectors. This capability empowers businesses to unlock valuable insights from previously-untapped data sources, driving innovation and operational excellence.

By combining these capabilities, Splunk Edge Hub offers valuable operational insights and facilitates informed decision-making and optimization across diverse industries. It is a powerful tool to harness the potential of data-driven solutions and drives positive transformation for organizations of all scales.

I will be interested to see how the go-to-market model works as Splunk is not actively selling this product but rather building an ecosystem of OT partners who will be the route-to-market. Overall, I am bullish for the prospects for this new solution as the industrial OT market is massively underserved for this type of IT-driven observability and security-focused solutions.

Finally, Splunk also announced several enhancements to its Splunk Platform. These enhancements include new capabilities for data ingestion, storage, and analysis. The new capabilities are designed to help organizations gain even greater visibility into their hybrid environments.

Overall, the new portfolio innovations announced by Splunk are designed to help organizations improve their security posture, deliver better customer experiences, and gain greater visibility into their hybrid environments.

Splunk AI Announcements

Unsurprisingly, Splunk jumped on the AI trend with new offerings, collectively known as Splunk AI, which are designed to help organizations accelerate detection, investigation, and response across security and observability.

One of the key offerings in Splunk AI is Splunk Attack Analyzer, and the addition of AI to this newly-announced tool makes perfect sense to me. The tool’s ability to analyze security telemetry data from various sources, including network traffic, endpoint data, and cloud logs, and then leverage AI to identify anomalous activity that could be indicative of a threat and provide context about the threat, such as the source of the attack, the affected systems, and the potential impact, will be welcomed by resource-constrained security teams.

Another key offering in Splunk AI is the Splunk App for Anomaly Detection. The Splunk App for Anomaly Detection is a streamlined end-to-end operational workflow that helps organizations simplify and automate anomaly detection within their environment. The app uses ML to identify anomalies in data and then provides insights into the anomalies so that organizations can quickly investigate and respond to them.

Splunk AI also includes a new generative AI app called Splunk AI Assistant. Splunk AI Assistant is a chat-based app that helps organizations get faster answers to their questions. The app uses ML to understand the context of the user’s question, and then searches Splunk’s data for the most relevant answers. Splunk AI Assistant can also be used to automate tasks, such as running reports or creating alerts.

Overall, Splunk AI is a collection of powerful AI-powered offerings that can help organizations accelerate detection, investigation, and response across security and observability. The new offerings are designed to be easy to use and deploy, and they can help organizations to improve their security posture and reduce their risk of attack.

Looking Ahead

Splunk is becoming more focused, streamlined, and innovation-driven under the leadership of its relatively new CEO, Gary Steele. During the .conf event, Steele spent time with us taking questions, and the overall feedback is that the company is laser focused on increasing the speed of innovation, and the announcements this week are testament to this focus.

This week’s AI announcements are in step with industry trends and make a lot of sense as overwhelmed IT operations and security teams need all the help they can get to deal with the complexity of hybrid multi-cloud environments. The Edge Hub will be interesting to watch roll out as this is a “build it, and they will come” strategy for the company, but I expect to see this solution gain traction over the next 18 months.

Overall, Splunk is delivering on its mission and the focus on observability and security, and these align with strong market trends where growth is still prevalent.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

UK AI Regulations Criticized: A Cautionary Tale for AI Safety

watsonx.ai Leverages Foundation Models to Accelerate AI Application Development

Infor Announces Ask ChatGPT Widget Using OpenAI APIs

Author Information

Regarded as a luminary at the intersection of technology and business transformation, Steven Dickens is the Vice President and Practice Leader for Hybrid Cloud, Infrastructure, and Operations at The Futurum Group. With a distinguished track record as a Forbes contributor and a ranking among the Top 10 Analysts by ARInsights, Steven's unique vantage point enables him to chart the nexus between emergent technologies and disruptive innovation, offering unparalleled insights for global enterprises.

Steven's expertise spans a broad spectrum of technologies that drive modern enterprises. Notable among these are open source, hybrid cloud, mission-critical infrastructure, cryptocurrencies, blockchain, and FinTech innovation. His work is foundational in aligning the strategic imperatives of C-suite executives with the practical needs of end users and technology practitioners, serving as a catalyst for optimizing the return on technology investments.

Over the years, Steven has been an integral part of industry behemoths including Broadcom, Hewlett Packard Enterprise (HPE), and IBM. His exceptional ability to pioneer multi-hundred-million-dollar products and to lead global sales teams with revenues in the same echelon has consistently demonstrated his capability for high-impact leadership.

Steven serves as a thought leader in various technology consortiums. He was a founding board member and former Chairperson of the Open Mainframe Project, under the aegis of the Linux Foundation. His role as a Board Advisor continues to shape the advocacy for open source implementations of mainframe technologies.

SHARE:

Latest Insights:

Commvault Addresses the Rise of Identity-Based Attacks With Automated Active Directory Recovery, and the Ability to Protect Active Directory Alongside Entra ID
Krista Case, Research Director at The Futurum Group, shares her insights on Commvault’s automated recovery of Active Directory forests.
Marvell Spotlights How Incorporation of Its CPO Technology Capabilities Can Accelerate XPU Architecture Innovation
Futurum’s Ron Westfall explores how Marvell’s CPO portfolio can play an integral role in further demystifying applying customization in the XPU architecture design process, incentivizing hyperscalers to develop custom XPUs that increase the density and performance of their AI servers.
Dr. Howard Rubin, CEO at Rubin Worldwide, joins Greg Lotko and Daniel Newman to reveal how strategic technology investments drive superior economic results.
On this episode of The Six Five Webcast, hosts Patrick Moorhead and Daniel Newman discuss Meta, Qualcomm, Nvidia and more.

Thank you, we received your request, a member of our team will be in contact with you.