Next-Generation Technologies & Secure Development , User & Entity Behavioral Analytics (UEBA) , Video

Splunk CEO on Enriching the SIEM With UEBA and Threat Intel

CEO Gary Steele on Why the 'World of the Old-School SIEM Has Fundamentally Changed'
Gary Steele, president and CEO, Splunk (Image: Splunk)

Splunk has infused its SIEM with user behavior analytics and threat intelligence to better identify anomalies and understand what's going on in a customer's environment, says CEO Gary Steele.

See Also: Webinar | Accelerate your SOC with AI-driven security analytics with Elastic and Google Cloud

Adding UEBA to the SIEM makes it easier for organizations to identify, detect and remediate anomalies, Steele says, while threat intelligence allows businesses to cross-correlate adversary behavior observed in the wild with what's taking place inside the company's own environment. Splunk excels at operating in multi-cloud and hybrid environments and running robust script queries on top of unstructured data (see: Microsoft, IBM, Splunk Dominate SIEM Gartner Magic Quadrant).

"The world of the old-school SIEM has fundamentally changed," Steele says. "It's really become a platform where you're driving broader adoption of a broad range of capabilities that make the SOC that much more efficient. This includes not only detection and response, but also really understanding what the heck is going on in your environment if some event happens."

Information Security Media Group spoke with Steele before Splunk revealed it had laid off 4% of its employees, or about 325 workers globally. The job cuts mostly took place in North America and are part of a broader set of changes to optimize Splunk's processes and cost structure to ensure the company balances growth with profitability during uncertain economic times, Steele told employees in a message.

"One of our cost-reduction efforts has been to decrease Splunk's reliance on external resources, such as agencies or consultants, to get work done," Steele wrote Wednesday. "While utilizing these providers was prudent during Splunk's early years, moving forward we will be more judicious about what work we outsource and what we will stop doing."

In this video interview with ISMG, Steele also discusses:

  • How customers benefit from Splunk's acquisition of TwinWave;
  • The competitors Splunk encounters most frequently in the SIEM market;
  • What sets Splunk's security analytics tool apart from Microsoft and Elastic.

Steele has a track record of scaling SaaS operations and growing multibillion-dollar global enterprises during his 30 years in the technology industry. Prior to joining Splunk in 2022, he was the founding CEO of Proofpoint, where he led the company's growth from an early-stage startup to a leading, publicly traded security-as-a-service provider. Steele previously served as CEO of Portera and held various leadership roles at Sybase, Sun Microsystems and Hewlett-Packard. He has also served since 2018 as a member of the board of directors of Upwork, a talent freelancing platform.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.