Adaptive Response: Beyond Analytics-Driven Security


Now that .conf2016 is in full swing, I’m excited to discuss one of my favorite topics – the Splunk-led Adaptive Response Initiative, which we first announced at the RSA Conference earlier this year. We made a big splash with a strong group of 8 founding participants representing key security technologies like Network Firewall, Endpoint Detection and Response, Privileged User Management, Threat Intelligence, and Incident Response. We are thrilled by the support from Splunk customers and strategic partners as we continue to enable organizations to operate multi-vendor adaptive security architectures and bring life to our vision for a security nerve center.

So here we are in Orlando, and I’m happy to share our latest Adaptive Response milestones:

  1. We have extended Adaptive Response controls into Splunk Enterprise Security 4.5 (ES)
  2. Vendor support has more than doubled, with over 20 partners (from 8 vendors when we launched just 6 months ago)
  3. Increased depth of coverage in domains including threat intelligence and endpoint
  4. Increased breadth of coverage to include CASB (Cloud Access Security Broker), Deception, IAM (Identity Access Management), NAC (Network Access Control), Vulnerability Management, and Network Forensics (traffic capture)

To provide some important background (see my Adaptive Response blog post from earlier this year for more context) – customers have been using Adaptive Response-like capabilities for some time now – many have developed and are using “bi-directional” communication to automate the more time-consuming aspects of responding to incidents, like getting more information from devices, sharing information to teams and devices, and taking action across devices in a semi-automated or automated manner — the associated actions needed to contain and disrupt threats.

The Adaptive Response Initiative now consists of: Acalvio, Anomali, Blue Coat + Symantec, Carbon Black, Cisco, CrowdStrike, CyberArk, DomainTools, ForeScout, Fortinet, Okta, OpenDNS, Palo Alto Networks, Phantom, ProofPoint, Qualys, Recorded Future, Splunk, Tanium, ThreatConnect, and Ziften. We are honored to be leading the Initiative, and proud to have market-leading security vendors join us to fulfill this very important need.

Haiyan Song
SVP, Security Markets

Follow all the conversations coming out of #splunkconf16!

Follow the .conf2016 live stream for interviews and keynotes throughout the week.