Splunk is rapidly integrating with Cisco’s technology to enable seamless transitions between their platforms while delivering advanced threat detection capabilities
In an interview with Computer Weekly on the sidelines of the .conf Go user conference in Singapore, Tom Casey, Splunk’s global senior vice-president and general manager of products and technology, stressed the importance of a practical, customer-centric integration.
“Unlike some other Cisco acquisitions like Meraki and others that took a long time to begin integrating, we started integrating from day one and doing it differently, reorganising all of the observability capabilities from Cisco into Splunk,” he said.
Casey said within the first 120 days, Splunk had delivered new integrations between AppDynamics, Splunk Observability Cloud and the core Splunk platform, along with Splunk IT service intelligence. These integrations weren’t mere cosmetic changes, he added.
“What we’ve done is around what we call ‘practical navigation’ between products, so that you can start an investigation in AppDynamics or Observability Cloud, and then drill into Splunk logs without having to initiate another search,” he explained.
Splunk has also introduced a “related content” feature that displays graphical representations of events within an application flow, for example. This cross-correlation provides users with a deeper understanding of incidents, allowing them to seamlessly transition between event and observability views.
The integration extends to Cisco’s security suite as well. Casey said Splunk has already delivered integrations with Cisco’s Talos threat intelligence, bringing threat information directly into its platform. Further integrations with Cisco’s extended detection and response (XDR) are on the cards, promising enhanced real-time threat detection and response capabilities.
“The extended portion of XDR is a good thing,” Casey said, adding that this will enable organisations to detect threats closer to the point of user and device interactions that are deeper in the network. “For example, XDR can detect an anomalous incident and quarantine a user or snapshot all the things the user is trying to touch to insulate you from ransomware attacks.”
Security teams and observability teams are starting to break through the blame game towards working more collaboratively together
Tom Casey, Splunk
He explained that XDR excels at early detection and containment while SIEM provides comprehensive context. “The reality is, people do need these things, and at Cisco now, we’ve got both, and we’re making them very complementary.”
In terms of securing AI and leveraging AI for security, Casey noted that Splunk’s current platforms are already being used by customers to monitor AI systems, focusing on access controls and other metrics.
Additionally, Splunk is actively investing in advanced AI capabilities such as detecting AI efficacy drift and bias. “We’ve got some advanced research in that area,” Casey said, promising further investment in those capabilities which will be integrated into existing Splunk tools as AI adoption grows.
On observability’s expansion beyond logs, metrics and traces, Casey acknowledged the potential of embedding observability within the code itself in what’s known as “shifting left”, adding that partners can help to address those requirements.
“The volume and variety of tools that people use in software development makes it very hard for us to be an expert in every one of those. That’s a perfect partner play,” he said, noting the preference among customers for suppliers to play a more advisory role in code-level observability, rather than take automated actions such as rolling back code changes that could inadvertently cause problems.
Casey also addressed the fragmented observability market, acknowledging that the top vendors only account for a small fraction of the market share due to developer preferences and the proliferation of tools. He suggested that the combined strengths of Splunk and Cisco can offer a solution by addressing the growing need for unified security and observability.
Unlike some other Cisco acquisitions such as Meraki and others that took a long time to begin integrating, we started integrating from day one and doing it differently, reorganising all of the observability capabilities from Cisco into Splunk
Tom Casey, Splunk
“Security teams and observability teams are starting to break through the blame game towards working more collaboratively together,” he said, adding that this can help to minimise finger-pointing and resolve security incidents faster.
For users of Splunk’s IT operations capabilities, Casey pointed to the ongoing update of technical adapters for Cisco devices to improve signal reliability and enhance the user experience. The integration with Cisco’s ThousandEyes, Cisco Spaces and WebEx call centre applications further strengthens Splunk’s offering for IT operations teams, he added.
Also in the pipeline are plans to leverage Splunk’s Edge Hub, which ingests data from operational technology (OT) devices, to improve the quality of feeds from Cisco hardware into Splunk, potentially delivering more insightful analytics.
Across Asia-Pacific, Casey observed a faster adoption of Splunk Observability Cloud in the region compared to other geographies, particularly among customers in industries such as financial services, logistics, shipping and power. This is driven by the regulatory environment and need for compliance in critical infrastructure industries.
He also pointed to companies such as Singapore Airlines as an example of a customer that is successfully tapping Splunk’s capabilities. “They’ve done a really good job of baking into their culture a focus on availability and instrumentation among their developers, but they’ve fundamentally standardised at the logging level, which is just baseline visibility. They don’t use metrics as heavily yet, but now they’re maturing in that direction.”
This exemplifies the journey that many companies in the region are undertaking, moving from basic event logging to a more comprehensive, consolidated observability strategy, Casey noted.
