Splunk: secure stacks depend on collaborative architectures

Splunk has used its annual conference, symposium, exhibition, user engagement forum, technical university gathering and all-round ‘if you like Splunk, then please come to this event’ in Orlando this month to announce the expansion of the Adaptive Response Initiative.

The initiative itself aims to bring together vendors to (and we quote), “Leverage end-to-end context and automated response to help organisations better combat advanced attacks through a unified defence.”

Firms involved here include Acalvio, Anomali, Cisco Security, CrowdStrike, DomainTools, ForeScout, Okta, Proofpoint, Qualys, Recorded Future and Symantec — to name the recent new members.

Collaborative architectures

“It is important that we enable collaborative architectures so our customers can extend analytics-driven decisions across a multi-vendor security technology stack,” said Haiyan Song, senior vice president of security markets, Splunk. “Splunk welcomes the new participants of the Adaptive Response Initiative and is excited to deliver the new framework in Splunk ES. This helps the security industry to work closer together while helping organisations to use intelligence and automation to better defend against attacks.”

Splunk asserts that despite technology advancements in security technologies, most solutions are not designed to work together out-of-the-box, making it challenging to coordinate a response.

The firm explains that the Adaptive Response framework in Splunk ES provides context and automated response across twenty leading security technologies.

“The pace and variety of today’s cyberattacks combined with a wide range of security tools in the typical enterprise make for a daunting challenge for security professionals. For real visibility and a truly actionable approach, enterprises demand a level of multi-vendor integration across silos and tools that goes beyond the efforts of the past,” said Scott Crawford, research director of information security, 451 Research.

New participants

Acalvio Technologies is part of the new team and the firm brings its Deception 2.0 technology. Cisco also joins and is pleased to expand collaboration with Splunk.

VP of security marketing at Cisco Jeff Samuels says that by integrating Adaptive Response with Cisco’s open platforms such as ISE (Identity Services Engine) and Cisco Umbrella Investigate, mutual customers have the tools to help respond to threats throughout the network and in the cloud in real time.

Other names here include Crowdstrike with its CrowdStrike Falcon cloud-delivered SaaS endpoint protection platform. DomainTools and ForeScout also join the gang along with Okta, Proofpoint and Qualys.

“Qualys is happy to provide a vulnerability prioritisation option via Splunk’s Adaptive Response Initiative,” said Jeffrey Leggett, director, cloud services, API and integrations, Qualys. “By automatically tagging high severity vulnerabilities in the Qualys Web Application Security App for Splunk, remediation teams can more quickly focus on vulnerabilities that need immediate attention.”

Recorded Future and Symantec are also here to complete the list.

Previously announced and founding organizations in the Adaptive Response Initiative include Carbon Black, CyberArk, Fortinet, Palo Alto Networks, Phantom, Tanium, ThreatConnect and Ziften.