Splunk Unveils Advanced AI Capabilities Throughout Its Security, Observability And IT Service Intelligence Software
While Splunk-Cisco product integration was big news at this week’s .conf24 event, Splunk also debuted new products around AI, next-generation Security Operations Centers and data management.
Splunk has unveiled a series of AI tools and assistants across its product portfolio that the company said are designed to help organizations speed up routine tasks, glean new insight from data and improve digital resilience.
The new AI offerings were among a number of new products and product enhancements, including Security Operations Center and data management software, that debuted this week at the company’s .conf24 conference in Las Vegas.
“AI is probably the most transformative technology we will see in our lifetime,” said Gary Steele, Splunk general manager and Cisco president of go-to-market, in his .conf24 keynote late Tuesday, noting the value of AI across multiple disciplines including IT operations, DevOps and security.
[Related: Cisco Execs Vow Continued Splunk Innovation And Integration Without Disruption]
The new AI Assistant Observability Cloud (pictured), now in private preview, is a generative AI feature that streamlines problem detection, exploration and investigation. The technology analyzes metric, trace and log data to help software developers and site reliability engineers with such day-to-day tasks as troubleshooting and issue resolution.
AI Assistant Security, scheduled for private preview in August, will expedite security analysts’ investigations and daily workflows by using generative AI capabilities.
Splunk also unveiled the general availability of Splunk AI Assistant for SPL (Search Processing Language), a tool that helps users interact with—and execute complex analysis queries on—Splunk’s data analytics platform using natural language.
Last week at Cisco Live Splunk introduced advanced AI capabilities for its IT Service Intelligence (ITSI) software including Configuration Assistant for managing and optimizing IT system configurations.
Splunk also unveiled a number of new security offerings to better enable visibility, threat detection and rapid response. Topping the list is Splunk Enterprise Security 8.0 with enhancements that the company said simplify how security analysts detect, investigate and respond to threats through a single interface.
Splunk Enterprise Security is now natively integrated with Splunk Mission Control and provides unified automation via Splunk SOAR. Enterprise Security 8.0 is now in private preview with general availability slated for September 2024.
A new Federated Analytics feature, currently in private preview on the Splunk Cloud Platform and cloud deployments of Splunk Enterprise Security, makes it possible to analyze security-related data wherever it resides, beginning with Amazon Security Lake. Federated Analytics will be available in private preview in July.
“Today we are changing the game in how you manage telemetry data in Splunk,” said Jeetu Patel, Cisco executive vice president and general manager of security and collaboration, during a product keynote at .conf24.
Splunk also said that the Cisco Talos threat intelligence system is now integrated with Splunk security products including Splunk Attack Analyzer, Splunk Enterprise Security and Splunk SOAR for “enhanced defense against known and emerging threats.”
Integrating Splunk and Cisco security products has been a priority since Cisco acquired Splunk in March. Cisco XDR has already been linked with the Splunk Enterprise Security platform, and Splunk’s Observability Cloud has been integrated with Cisco AppDynamics and other Cisco observability offerings.
Also making its debut was the Splunk Data Management portfolio for sending, sharing and processing data across the Splunk Cloud Platform and Splunk Observability Cloud, providing unified visibility across an organization and more comprehensive data ownership, according to the company. The portfolio offers Pipeline Builders, including Edge Processor and Ingest Processor for pipeline management, filtering, masking, transforming and enriching data.
In a press conference, Tom Casey, Splunk senior vice president and general manager of products and technology, noted the importance of the expanded data management and data analytics capabilities Splunk now provides.
“Security is a data problem,” he said. “Observability is a data problem. AI is a data problem.”
In his keynote speech Tuesday Steele noted the importance of observability and security technology in boosting digital resiliency and helping organizations reduce unplanned downtime. “Our mission at Splunk is delivering digital resiliency across your organization,” he said.
Throughout .conf24 Splunk executives have been talking about a report the company prepared with Oxford Economics to highlight the need for—and benefits of—observability tools.
The report, “The Hidden Costs of Downtime,” concluded that among Global 2000 companies the total cost of unplanned downtime when digital environments fail unexpectedly is $400 billion annually, equal to 9 percent of those companies’ profits.
Those costs include direct costs such as lost revenue, service-level agreement penalties and regulatory fines, and harder-to-calculate costs such as lost shareholder value, stagnant developer productivity, and tarnished reputations and brands.
The report said 56 percent of downtime incidents are due to security issues such as phishing attacks while 44 percent are the result of IT infrastructure or application problems like software failures.