Q1. Splunk has positioned itself as helping organizations bring data to every security challenge. What does that mean and what does it take—from a technology standpoint—to be able to do it effectively?
Bringing data to every security challenge breaks down into three groups--data to every question, every decision and every action.
For every question, we use our expertise in data to build tech that runs the best possible investigations and does the highest class monitoring. The goal is to reduce the mean detection and response times -- take down that dwell time and give the adversary less time to do bad things.
For every decision, we build analytics structures, pulling data from known and previously unknown sources of risk, and then correlate them to help make the best decision as quickly as possible. Too often, that's where the process stops. Not at Splunk. It is not enough to know, you have to take appropriate action on each decision. We offer high-quality remediation through effective collaboration across teams.
Most attacks today have a high level of automation. They are always on, never get tired and move to the next technique almost before they have exhausted the first. A human response simply cannot keep up with that, particularly at scale. Splunk harnesses that same kind of automation to stitch together a strong foundation of effective data analytics and a platform for action.
Q2. What do you perceive as some of the biggest market opportunities for Splunk in the security space over the next few years?
Splunk already works with 91 companies in the Fortune 100. I believe, however, that our market opportunity is still tremendous. It grows out of the persistent need to have the right people, processes, and technology in place that can get SOC teams ahead of the bad guys.
The first market opportunity stems from a scarcity of people. You are never going to have enough people to do everything you need to get done. That's true now. It'll be true in three, five and even ten years from now. The reality is that throwing more people at problems is not scalable, nor is it a successful security strategy. Splunk is working to solve workload problems and help more people make better decisions faster. That's why we've invested so heavily in analytics, machine learning, as well as security orchestration, automation and response (SOAR) capabilities. We use machine learning and highly scaled execution to solve the scarcity of people problem.
Second, we're seeing that companies are doubling down on their digital transformation effort—and so are we. As of late, we've seen enterprises rush to move everything to the cloud, a "transformation accelerator" if you will. Some companies are faced with remote work challenges, while some are realizing they need to do commerce in a new way. Either way, this presents infrastructure challenges, architectural challenges and service challenges. Sure, there's a significant opportunity for innovation, but this presents huge security risks and challenges in very compressed time.
Third, (is) how to get rid of complexity? It's long been said that security teams are overwhelmed with tools and red flags, and it's unfortunately still the case today. Throwing security tools and point solutions at problems has led to uncoordinated responses and a loss of context as people navigate issues. Whether it's something as simple as phishing, malware, or ransomware, a consistent approach to security can turn a complicated web of processes into a smoothly integrated operations workflow, while reducing MTTR as the volume of attacks continues to grow.
Q3. If there's one thing you'd like security leaders at the Black Hat USA 2020 virtual event to know about Splunk, what would that be?
We've put a lot of distance between the days since we were a data-logging platform, and what we are today. Splunk's journey for customers is extremely strong across Security, as well as IT Ops and DevOps. We bring together metrics, logs and traces to understand what's happening and why it's happening. Our use cases in security and fraud are ahead of the pack. Splunk is a true data platform for the enterprise and we've seen incredible cloud momentum. Our customers are moving with us.
Splunk's continuing evolution means that we are dedicated to leading the SOC transformation within the cloud. We've made a lot of progress, but we also have some big announcements coming up at our October users conference, .conf20, that really illustrate how our leadership maps back to accessibility and customer needs.
In fact, our overarching motivator right now -- that includes our evolution to a Data-to-Everything platform and a cloud-native posture -- is accessibility. We believe that data to everything means making data accessible to everyone. As we've grown and evolved, we've doubled down on accessibility. We recently changed our pricing model to make Splunk more affordable and sustainable for more people. We've also done a lot of work in education. After all, what is the use of all this data if no one understands how to read and use it?