UPDATED 20:30 EDT / JUNE 27 2019

SECURITY

Splunk’s integration with AWS Security Hub follows the automation playbook

In February 2018, Splunk Inc. acquired Phantom Cyber Corp. for $350 million. The purchase brought Phantom’s security automation and orchestration technology into the fold and set the stage for the news this week that Splunk would partner with Amazon Web Services Inc. to roll out rapid threat detection tools.

“We’ve established an integration with AWS Security Hub,” said Oliver Friedrichs (pictured, right), vice president and general manager of security automation at Splunk and co-founder of Phantom Cyber. “You can now take a finding coming from Security Hub, pull it into Splunk Phantom, and run an automation playbook to be able to, at machine speed, take action on a threat.”

Friedrichs spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS re:Inforce event in Boston. He was joined by Haiyan Song (pictured, left), senior vice president and general manager of the security market at Splunk, and they discussed the important role of data for a successful security strategy and how automation can help threat analysts focus on critical tasks (see the full interview with transcript here).

Support for CloudWatch

An important focus of the partnership between AWS and Splunk involves data. The Splunk Enterprise and Splunk Phantom platform integrations announced this week analyze data rapidly to reduce threats. Splunk also rolled out an integration with Amazon CloudWatch Events, which provides customers with data mined directly from AWS Security Hub.

“We’re so glad we’re doing the integration,” Song said. “The data represents your business. Security in many ways is actually more about data than anything else.”

With Splunk Phantom providing the automation engine, the integration with AWS offers additional opportunity to unshackle security analysts from the daily mundane tasks that have become part of protecting the enterprise.

“There’s a lot of routine work that’s done today in the security operations center,” Friedrichs said. “We can free up about 50% of the analysts’ time to focus on proactive activities, things that actually matter.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event.

Photo: SiliconANGLE

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.