Over the last two weeks, Splunk has made several announcements around its Data-to-Everything platform including additions to IT security and operations.
Splunk's overall strategy and marketing message ‘turn data into doing' is at the core of these announcements, which focus on improving functionality and providing IT staff and businesses with actionable insights around data.
Updates to Splunks Data-to-Everything platform
New versions of Splunk Enterprise and Splunk Cloud are now available. In addition, Data Fabric Search (DFS) and Data Stream Processor (DSP) have been added to Splunk enterprise to help with context and collaboration.
Splunk Enterprise 8.0, now generally available, focuses on optimising performance for existing infrastructure, new cloud deployment tools, and visual-focused analytics for any business user.
Splunk states this empowers data-driven decisions, and enables easier management and monitoring of a deployment at scale for a system administrator.
Splunk DFS is designed to enhance the data analytics experience by bringing together insights from massive datasets across diverse data stores into a single view. Customers can bring together data from different stores including data warehouses outside of Splunk to gain visibility across the organisation.
Splunk DSP is a real-time stream processing solution that continuously collects high-velocity, high-volume data from diverse sources, turns data into information, and distributes results to Splunk or other destinations. According to Splunk this process can take as little as milliseconds. Splunk DSP also masks sensitive data in order to protect critical information that could impact a business.
According to Splunk, the new additions to the platform enable customers to know what's happening in real time through a complete view of relevant data from the organisation's systems, devices and interactions on one screen. Furthermore, additions enable users to investigate, monitor, analyse and act on data.
Mobile and augmented reality options provide users with more ways to make data functional and actionable.
Improving IT operations offerings
Splunk has brought monitoring, AIOps and observability to its Data-to-Everything platform in order to advance IT operations. In addition, the company has added enhancements to its portfolio for real-time observability for cloud infrastructures and microservices through strategic acquisitions.
Additions to IT operations include new versions of Splunk IT Service Intelligence (ITSI), SplunkApp for Infrastructure (SAI) and integrations with Splunk VictorOps and Splunk Phantom.
The company has announced the acquisition of SignalFx, which provides an observability portfolio for organisations at every stage of their cloud journey, from on-premises applications to cloud-native applications.
The new version of Splunk IT Service Intelligence 4.4 (ITSI) gives everyone from administrators to the CIO the capability to monitor, investigate, and act.
Organisations that are in the cloud, on-premises or hybrid can use Splunk ITSI to get a unified view across organizational silos, and predict and prevent problems.
Packaged with Splunk ITSI, Splunk App for Infrastructure 2.0 (SAI) enhancements include VMware vSphere Monitoring, multi-cloud monitoring (beta) and enhanced monitoring for Windows, Unix and Linux, providing customers with monitoring, troubleshooting and alerting across both physical and virtual environments.
Additionally, enhanced integrations and new ML-capabilities from Splunk VictorOps intelligently routes alerts to the right on-call teams for faster problem resolution, enhanced cross-team collaboration, and integration with the Splunk Data-to-Everything Platform bridging IT Operations and observability.
With the acquisitions of SignalFx and Omnition Splunk provides a portfolio for real-time observability of cloud-native environments. With built-in deep linking capabilities from SignalFx to Splunk Cloud, DevOps and Observability teams can go from problem detection to root cause by leveraging metrics, traces and logs without context switching. Integration of SignalFx and VictorOps reduces mean time to detect and streamline remediation.
With real-time alerts from SignalFx and ML-driven Suggested Responders from VictorOps, problems are automatically routed to on-call teams based on previous similar incidents.
Splunk Investigate, another announcement from the company, is a collaborative, cloud-native solution for investigation across multiple data sources and with reliable scalability and zero administration.
Adding more security benefits
Splunk has announced additions to its Security Operations Suite to modernise and unify the Security Operations Centre (SOC).
Splunk Mission Control is a new, cloud solution that connects Splunk SIEM (Splunk Enterprise Security), SOAR (Splunk Phantom) and UEBA (Splunk UBA) products into a single unified analyst experience. This allows customers to act on threats and other high-priority security issues through the entire event lifecycle.
With Splunk Mission Control, customers gain a unified SOC experience that supports investigation and search across multiple on-premises and cloud-based Splunk Enterprise and Splunk Enterprise Security instances, ChatOps collaboration, case management and automated response, from a common work surface.
Other announcements include Splunk Enterprise Security (ES) 6.0 which is the latest version of the company's flagship offering, Splunk User Behaviour Analytics (UBA) 5.0, and Splunk Phantom 4.6. At present Splunk Mission Control is in beta for early access customers with general availability to be announced, while Splunk ES, Splunk UBA and Splunk Phantom are available today.