Billion-dollar SIEM company Splunk made announcements in Las Vegas, as it calls for greater integration between IT Ops and Sec Ops
“A unified security and observability platform is the secret recipe for digital resilience, helping teams work together to detect, investigate and respond to whatever comes your way,” said CEO Gary Steele (pictured above) as the firm announced a new AI assistant and the Splunk Edge Hub.
Unusually, the Edge Hub is a physical unit that attaches to machinery and provides visibility across IT and OT (operational technology) environments by streaming previously hard-to-access data into the network. The aim is to enable advanced monitoring and response to help organisations drive digital resilience across their systems.
Mike Horn, Splunk’s senior vice president and general manager for security business, told SC Media: “Traditionally, there has been a lack of data and a lack of visibility at the edge, so we started focusing on the environmental components…. We will build on top on that with ways to pull in more data.”
“Once you get that environmental footprint, such as temperature and vibrations, you can build on it with cybersecurity data observability. When you look at the Internet of Things (IoT), there is a lot of surface area that’s open to attack compromise,” Horn added.
The Stuxnet malware was the first known use of software designed to interrupt OT and was launched against an Iranian nuclear plant, causing hundreds of centrifuges to spin out of control and self-destruct.
But Colonial Pipeline is perhaps the most high-profile OT attack to date, prompting action from President Joe Biden. The hack was deemed a national security threat, as the pipeline moves oil from refineries to industry markets.
Incredibly costly and complex
While edge computing is emerging as a driver of innovation, the process of identifying data in large quantities across multiple physical and virtual sources can be incredibly complex and costly.
More than 50 percent of new enterprise IT infrastructure will be deployed at the edge instead of through data centres by 2023, according to IDC. Meanwhile, the number of IoT cyberattacks worldwide amounted to over 112 million in 2022, rising from 32 million detected cases in 2018.
“Our customers are some of the world’s largest organisations and they have sophisticated needs that feed into both IT Ops and Sec Ops – they are large teams that manage lots of the infrastructure. We are looking at ways to converge these and make them more cohesive, such as through the Edge Hub,” said Horn.
“When there is an incident, you don’t know at first whether it’s an operational event or a cyber event. We have seen a lot more desire from customers to combine data on both sides for observability reasons.”
Splunk's EMEA president and general manager Petra Jenner told SC Media that demand for OT edge services had been "overwhelming".
"Europe is heavy on manufacturing and our clients are keen to observe their data, for both productivity and security reasons," she explained.
Next week, we’ll publish an interview with Splunk CEO, Gary Steele, who joined the company just over a year ago after being the founding CEO of Proofpoint.