3 min Security

Splunk integrates security and observability with Splunk AI

Splunk integrates security and observability with Splunk AI

Splunk has unveiled Splunk AI at .conf23 in Las Vegas, which Techzine is attending. In addition to launching a generative chatbot, the security and observability company has integrated more AI innovations into its own platform.

“Everyone is talking about AI right now,” observes SVP Products & Technology Tom Casey. Generative AI in particular has generated a lot of interest in recent months, but people at Splunk stress that the new AI offerings build on existing capabilities on the platform.

Umbrella term

Splunk AI is an umbrella term for several aspects within the platform. The most prominent innovation is the Splunk AI Assistant, which now appears in preview form. Users of the platform put the Splunk Processing Language (SPL) to work with data. The new Assistant helps with that while speaking in a natural language, like other chatbots.

Tip: CrowdStrike introduces generative AI tool Charlotte AI

Still, Splunk’s focus is more on integrated AIOps capabilities. For example, the Splunk App for Anomaly Detection is aimed at streamlining work for SecOps, ITOps and engineers. CTO EMEA Mark Woods emphasizes during our conversation that these AI insights are to assist professionals who can thereby focus on more complex tasks. In other words, AI aid exists for those who know how to interpret the end results – it still requires a lot of expertise for security and observability to operate appropriately.

Transparency

Many AI applications sit within a “black box,” with little insight into the functionality or dataset in question. Woods mentions the “glass box” within which Splunk’s security-focused AI offerings should fall. Users should be able to transparently see what an AI model is running and where it pulls data from. Still, Woods points out that there are aspects that, as a user, you don’t control yourself. One has to adopt a “fundamental baseline” that should be reliable enough to trust AI insights. Those who want to work with their own model can download the popular Machine Learning Toolkit (MLTK) from Splunkbase to retain as much control as possible.

Incidentally, Splunk continuously lets it be known that it has been working on AI for quite some time. In Woods ‘ words, much of what it announces at .conf23 is not “new new,” but an evolution of what has been developing for some time. He talks about a five- to 10-year time frame in which Splunk has already been moving down this path.

Integration and interoperability

Splunk AI thus complements the company’s extensive portfolio. Its goal in the security area is to make it easier for customers to gain insight into their data. To that end, it announced Splunk Edge Hub earlier today, which makes OT information more manageable from edge environments.

Tip: Splunk aims to simplify OT security with Edge Hub hardware

The company talks about the danger of too many security alerts that can slow the response to cyber incidents. That’s why it has further integrated the Splunk Attack Analyzer into its platform further than before. This tool allows security analysts to automate threat forensics, speeding up the all-important threat response.

On other fronts, Splunk is working hard on the applicability vna the Splunk Obervability Cloud. Metrics and traces can now be collected more easily thanks to the OpenTelemetry Collector as a technical add-on, which appears in preview form. By supporting this data format, Splunk shows that it wants to capitalize on open-source and thus strengthens the interoperability of data processing.

During our visit to Splunk, we will have further discussions with company representatives. They will provide even more details about Splunk is doing to strengthen security and observability.