SPLK-3001 information hunger - Splunk Enterprise Security Certified Admin Updated: 2024

Splunk, the cybersecurity and observability provider, is announcing that its seamless and customizable security analyst experience—introduced in the Splunk Enterprise Security 7.2 release—will now be turned on by default in Splunk Enterprise Security 7.3. Splunk is also announcing an expansion of Drill-Down Dashboards, Index Time Correlation Searches, and enhanced Risk-Based Alerting, culminating in a customer feedback-centered update.

According to Marquis Montgomery, director of product management, security products at Splunk, “customer feedback continues to drive innovation and enhancements in Splunk Enterprise Security,” ultimately spurring several improvements within the 7.3 release.

Splunk’s optional 7.2 analyst experience will now be the default mode of 7.3, enabling analysts to customize their Incident Review Dashboard to better represent their investigative priorities. Configurable with table filters and columns, analysts leveraging the Incident Review Dashboard can more easily isolate and rapidly investigate security events.

These custom Incident Review Dashboards can then be saved and shared with other analysts in the enterprise, applicable to different use cases and driving greater collaboration. Splunk Enterprise Security Administrators are also afforded a level control over the analyst experience with Incident Review Dashboards, able to configure default views for all users.

To aid in this transition, Splunk is offering an interactive onboarding experience available in-product.

Drill-Down Dashboards have now been expanded to Incident Review, enabling content engineers to “drill-down” into a Splunk dashboard via the incident workflow. This drives a seamless analyst experience, allowing these users to access crucial details of an event during investigation without incurring additional manual burden.

Users can generate multiple drill-down dashboard links, which are further customizable in text and token fields for greater flexibility.

Splunk Enterprise Security 7.3 also introduces Index Time Correlation Searches, developed in response to occasions where customer data is not forwarded to Splunk in real time. This feature allows administrators to run specific correlation rules on index time instead of event time, accommodating these instances without sacrificing visibility.

With enhancements to Risk-Based Alerting, enterprises can better prioritize security threats in a manner that adapts to the MITRE ATT&CK framework and an entity risk score. This not only reduces false positive investigations by up to 80% but also speeds up the investigation and remediation time of true positives by 50%, according to Splunk.

To learn more about Splunk’s latest updates, please visit https://www.splunk.com/.

New functionality in Splunk Enterprise and the Splunk Cloud Platform provide advanced data ingestion, data management and federated search.

Data platform developer Splunk has debuted the next generation of its core on-premises and cloud systems, offering up a wave of new capabilities and features that will help customers collect, manage and search increasingly huge volumes of machine data.

The general availability of Splunk Enterprise 9.0, which replaces the current 8.3 release, and enhancements to Splunk Cloud Platform are being unveiled today at the company’s .conf22 event in Las Vegas. Some 12,500 attendees are expected at the conference – the company’s first in-person conference since 2019.

For many Splunk customers and partners, the event also marks their introduction to Gary Steele (pictured), the founding CEO of security vendor Proofpoint who took over as Splunk president and CEO in April and will deliver the conference keynote.

[Related: Splunk CEO Gary Steele On Channel Opportunities, Management Stability And Splunk CEO Gary Steele On Channel Opportunities, Management Stability And Introducing Himself At .Conf22Introducing Himself At .Conf22]

For the first time Splunk is combining its .conf customer event with the company’s Global Partner Summit with more than 1,800 partners expected to attend. The company will make a number of announcements around its Partnerverse program including access to the Splunk Cloud Sandbox for developers and a new funded partner training benefit.

The new capabilities introduced in Splunk’s technology portfolio this week, including new data ingest, federated search and cloud data management functionality, come as Splunk continues to target applications in data observability and IT security.

“Splunk is absolutely mission critical in helping organizations truly achieve their missions,” Steele said in his .conf22 opening keynote Tuesday.

“Today we’re delivering the world’s leading platform for unified security and observability,” Steele said. “We’re central to the SOC [security operations center]. We’re central to your IT organization and your DevOps teams. We are at the heart of your business operations. We see the lines between security and IT beginning to blur because those teams all need access to the same data.”

“Splunk 9.0 is the most significant release that we‘ve offered in a long time and we think it’s going to be significant for customers that run on premises, as well as customers that will run in the cloud,” said Garth Fort, Splunk senior vice president and chief product officer, in a press pre-briefing last week on the upcoming product announcements.

“The latest innovations in the Splunk Platform enable customers to address the complexities of multi-cloud and hybrid environments, rapidly identify signals from noise, and turn data insights into business outcomes,” said Fort, who is demonstrating some of the software’s new capabilities during the .conf22 opening session.

A number of the new features provide end-to-end visibility through expanded data access and optimized data storage, according to the company. Data Manager for Splunk Cloud Platform helps customers onboard Splunk across Amazon Web services and Microsoft Azure, providing a hybrid cloud control plane for data flowing into Splunk. (Support for Google Cloud Platform is set for later this summer.)

The new Ingest Actions functionality provides granular controls for filtering, masking and routing of data in motion within the Splunk Platform or to external AWS S3 storage.

“What this effectively lets customers do is perform operations on data at the edge before it gets ingested into Splunk, so you can redact, filter and route different information from your logs before they actually get ingested,” Fort said.

New Data Storage And Search Capabilities

Splunk Enterprise 9.0 also extends data “cold storage” beyond AWS and GCP to Azure with the new SmartStore for Azure, a capability the company said can help self-managed Splunk Enterprise customers reduce operating costs by up to 70 percent.

Splunk has also expanded the Federated Search functionality within its platform, which will enhance and simplify security investigation and search operations across hybrid cloud environments by providing users and administrators with a comprehensive view of their entire Splunk ecosystem.

“We‘ve talked about federated search for a while, which allows you – from a single command line – to search across multiple Splunk indices,” Fort said. While Federated Search is now generally available, the company is also previewing Federated Search for AWS S3, technology that allows users to extend the reach of the search tool into non-Splunk data sources.

Also now generally available is Splunk Assist, a fully managed cloud service within Splunk 9.0 that leverages cloud deployment data to provide businesses and organizations with insights about their security environments.

Splunk For DevOps

Splunk also launched Splunk Log Observer Connect, which makes it possible to visualize all data in a single place using the capabilities of the Splunk Cloud Platform and Splunk Observability. The company said the new technology enables site reliability and DevOps engineers to access metric, trace and Splunk Cloud log data in a single interface.

Also making their debut at the .conf22 event are Anomaly Detection Assistant, which helps security analysts, IT operations managers and DevOps engineers use machine learning to investigate potential problems; new risk-based alerting capabilities in Splunk Enterprise Security for enforcing zero trust security policies and prioritizing incidents; and Splunk Incident Intelligence, currently in preview, which helps DevOps teams investigate system performance incidents.

While Splunk is particularly focused on security and observability applications for its data platform, the Splunk technology portfolio can be used for a wide variety of data-centric use cases. The company said it continues to enhance its Splunkbase site with more than 2,500 purpose-built applications and integrations – many from the company’s 2,400 channel partners – that work with the Splunk system.

Splunk is also previewing Splunk Cloud Developer Edition, a developer tool set that will help developers more easily build and test applications for the Splunk Cloud Platform.

Machine data analytics software developer Splunk is extending the capabilities of its security software, adding new capabilities the vendor says will speed up the process of investigating and responding to potential security threats.

Splunk today launched Spunk Enterprise Security v.5.0 with Investigation Workbench, a new toolset the company said streamlines security investigations and accelerates incident response.

"Now [security investigators] can make informed, data-driven decisions on how to respond," said Girish Bhat, Splunk director of security product marketing, in an interview with CRN.

[Related: Splunk Continues Machine Learning Acquisition Spree With Purchase of SignalSense ]

Splunk's core machine learning platform monitors, collects and analyzes machine and log data from a wide range of sources. IT performance management and IT security are the two most common use cases for the company's software.

Splunk Enterprise Security, a security information and event management system, is built on the Splunk platform and works in conjunction with the company's Splunk User Behavior Analytics application.

Time to detect, time to contain and time to remediate are the three critical metrics in dealing with IT security threats, Bhat said. The challenge is shortening those times given that organizations receive tens, hundreds and even thousands of alerts every day.

The new Investigation Workbench centralizes security alert analyses, pulling asset and identity data that's relevant from networks, endpoints, cloud applications and other sources and displaying them to investigators in a single dashboard. It can also add third-party contextual data, such as human-curated threat intelligence information, to an analysis.

That means security operations managers can spend less time collecting data and focus more on analyzing incidents and determining a response, according to Bhat.

"It streamlines the investigation," Bhat said. "It's about accelerating the incident response."

Analysts can also adjust the time period of the incident under investigation, making it easier to determine the scope of a threat and the needed response.

Splunk works with a range of channel partners to take the vendor's Enterprise Security software to market including systems integrators, managed security service providers (MSSPs) and resellers.

Service providers can utilize Splunk Enterprise Security 5.0 and the Investigation Workbench to provide higher quality service, according to Bhat. "They can offer a better [service level agreement] to their customers."

Bhat said VARs and solution providers can leverage the Investigation Workbench capabilities as a way to stand out in the very crowded market for SIEM products. "This can be a competitive differentiator for them," he said.

Enterprise Information Management (EIM) will support institutional effectiveness by expanding the availability, consistency, and use of institutional data. This effort will facilitate the exchange of data across information systems and the analysis of information to guide planning, decision making, and resource allocation. Organizations that effectively manage and exchange data across business units can boost the value of their enterprise information, tapping into it to increase customer satisfaction, operational productivity, reduce overhead costs, and gain a substantial competitive advantage. ²

EIM is particularly important given the current financial climate, as organizations struggle to remain profitable in the face of shrinking revenues. Some of the key business drivers behind EIM projects include customer service, marketing opportunities, process improvement, and regulatory compliance.³

Increases Annual Recurring Revenue 15% to $4.0 Billion

Grows Cloud Revenue 26%

Generates Nearly $100 Million of GAAP Net Income

SAN FRANCISCO–(BUSINESS WIRE)–#splunknews—Splunk Inc. (NASDAQ: SPLK), the cybersecurity and observability leader, today announced results for its fiscal third quarter ended October 31, 2023.

Third Quarter 2024 Financial Highlights

• Total ARR was $4.0 billion, up 15% year-over-year.
• Total revenues were $1.067 billion, with Cloud revenue growing 26% to $469 million.
• GAAP Operating Expenses increased 4% year-over-year; non-GAAP Operating Expenses decreased by 1% year-over-year.
• Trailing twelve month operating cash flow was $863 million, up 182% year-over-year.
• Trailing twelve month adjusted free cash flow was $857 million, up 199% year-over-year.
• 851 customers with Total ARR greater than $1 million, an increase of 97 year-over-year.

“Splunk delivered a solid third quarter and marked several milestones in our journey to deliver exceptional customer and shareholder value, including our agreement to join forces with Cisco,” said Gary Steele, President and CEO of Splunk. “Organizations are continuing to unlock value with Splunk, and in Q3 we saw solid momentum in our cloud business as Cloud ARR grew 26% year-over-year and now represents the majority of Total ARR. Our results demonstrate our accelerated innovation, relentless customer focus and consistent execution, and I’m confident we are well-positioned for the future.”

“We remain focused on driving growth and increasing profitability and are pleased with our progress in Q3. We drove ARR growth of 15% to $4.0 billion, achieved a non-GAAP operating margin of 31% and generated nearly $100 million of GAAP net income,” said Brian Roberts, CFO of Splunk.

Recent Business Highlights

• Splunk Innovations Drive Digital Resilience: Splunk continued to accelerate innovation to further strengthen its industry-leading security and observability product portfolio to help customers keep their digital systems resilient. New enhanced capabilities include Splunk Enterprise Security 7.2, Splunk SOAR 6.1.1, Session Replay in Splunk Observability Cloud, Federated Search for Amazon S3 and Edge Processor advancements.
• Splunk Products Win “Best B2B Enterprise Technology” Awards: Resulting from customer reviews on PeerSpot, Splunk SOAR and Splunk Enterprise Security were recognized in four categories: Security Orchestration, Automation and Response (SOAR), Security Information and Event Management (SIEM), IT Operations Analytics and Log Management.
• Splunk Among Top Cybersecurity Leaders Celebrating First Anniversary of the Open Cybersecurity Schema Framework (OCSF) Project: OCSF, an open-source project that defines a common standard for cybersecurity data, announced the general availability of its vendor-agnostic security schema as part of its first anniversary.
• Splunk Releases 2023 CISO Report: Splunk published a new global research report detailing emerging trends, threats and strategies for today’s security leaders.
• Splunk Releases 2023 Global Impact Report: Splunk’s third annual Global Impact Report outlines its commitment to contributing to broader societal challenges and opportunities while supporting the durability and resilience of its business, and creating value for its stakeholders.

Third Quarter Investor Presentation and Stockholder Letter

Visit the Splunk investor relations website to obtain the company’s quarterly investor presentation, which includes Splunk President and CEO Gary Steele’s letter to stockholders. In light of the pending transaction with Cisco, Splunk will not be hosting an earnings conference call to review the third quarter or providing a financial outlook.

Additional Information and Where to Find It

In connection with the proposed transaction and required stockholder approval, Splunk filed with the SEC a definitive proxy statement on October 30, 2023. The proxy statement has been mailed to the stockholders of Splunk. This document is not a substitute for the proxy statement or any other document which Splunk may file with the SEC. Splunk’s stockholders are urged to carefully read the proxy statement (including all amendments, supplements and any documents incorporated by reference therein) and other relevant materials filed or to be filed with the SEC and in their entirety because they contain important information about the proposed transaction and the parties to the transaction. Investors may obtain free copies of these documents and other documents filed with the SEC at its website at www.sec.gov. In addition, investors may obtain free copies of the documents filed with the SEC by Splunk by going to Splunk’s Investor Relations page on its corporate website at https://investors.splunk.com or by contacting Splunk Investor Relations at ir@splunk.com.

Participants in the Solicitation

Splunk and its executive officers and directors may be deemed to be participants in the solicitation of proxies from Splunk’s stockholders with respect to the transaction. Information about Splunk’s directors and executive officers, including their ownership of Splunk securities, is set forth in the definitive proxy statement related to the transaction, which was filed with the SEC on October 30, 2023, proxy statement for Splunk’s 2023 Annual Meeting of Stockholders, which was filed with the SEC on May 9, 2023, Form 8-K filed with the SEC on September 21, 2023, and Splunk’s other filings with the SEC. Investors may obtain more detailed information regarding the direct and indirect interests of Splunk and its respective executive officers and directors in the transaction, which may be different than those of Splunk stockholders generally, by studying the definitive proxy statement regarding the transaction, which was filed with the SEC.

Safe Harbor Statement

This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding Splunk’s positioning for the future; Splunk’s proposed acquisition by Cisco and the benefits of the acquisition; trends in customer demand and engagement; statements regarding our operating efficiency, growth, profitability and cash flows; statements regarding our products, projects, technology and ongoing product development, including recently announced products; statements regarding our partnerships; statements regarding our market opportunity as well as our ability to meet customer needs; and trends in the markets for our products, including the security and observability markets. There are a significant number of factors that could cause genuine results to differ materially from statements made in this press release, including: the risk that the proposed transaction with Cisco is not completed on the anticipated terms or in the time anticipated, including risks related to obtaining shareholder and regulatory approvals, anticipated tax treatment, unforeseen liabilities, future capital expenditures, revenues, expenses, earnings, synergies, economic performance, indebtedness, financial condition, losses, future prospects, business and management strategies for the management, expansion and growth of Splunk’s business and other conditions to the completion of the transaction; significant transaction costs associated with the proposed transaction; potential litigation relating to the proposed transaction; the risk that disruptions from the proposed transaction will harm Splunk’s business, including current plans and operations; the ability of Splunk to implement its business strategy; the impact of the macroeconomic environment, including inflationary pressures, economic uncertainty and impacts on information technology spending; risks associated with Splunk’s growth; the impact of Splunk’s restructuring plans; risks associated with Splunk’s ability to successfully introduce and gain market acceptance for new products and technologies; Splunk’s inability to realize value from its significant investments in the company’s business, including product and service innovations and through acquisitions; Splunk’s shift from sales of licenses to sales of cloud services which impacts the timing of revenue and margins; Splunk’s transition to a multi-product software and services business; Splunk’s inability to successfully integrate acquired businesses and technologies; Splunk’s inability to service its debt obligations or other adverse effects related to the company’s convertible notes; and general market, political, economic, business and competitive market conditions.

Additional information on potential factors that could affect Splunk’s financial results is included in the company’s Quarterly Report on Form 10-Q for the fiscal quarter ended July 31, 2023, which is on file with the U.S. Securities and Exchange Commission (“SEC”) and Splunk’s other filings with the SEC. Splunk does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application issues from becoming major incidents, absorb shocks from digital disruptions, and accelerate digital transformation.

Splunk, Splunk>, and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2023 Splunk Inc. All rights reserved.

Splunk Inc.

Operating Metrics

Total Annual Recurring Revenue (“Total ARR”) represents the annualized value of active cloud services, term licenses and maintenance contracts at the end of a reporting period. Cloud Annual Recurring Revenue (“Cloud ARR”) represents the annualized value of active cloud services contracts at the end of a reporting period.

Non-GAAP Financial Measures and Reconciliations

To supplement Splunk’s unaudited interim condensed consolidated financial statements, which have been prepared in accordance with generally accepted accounting principles in the United States (“GAAP”) and applicable rules and regulations of the Securities and Exchange Commission regarding interim financial reporting, Splunk provides investors with the following non-GAAP financial measures: cloud services cost of revenues, cloud services gross margin, cost of revenues, gross margin, research and development expense, sales and marketing expense, general and administrative expense, operating expenses, operating income (loss), operating margin, income tax provision (benefit), net income (loss), free cash flow and adjusted free cash flow (collectively the “non-GAAP financial measures”). These non-GAAP financial measures exclude all or a combination of the following (as reflected in the following reconciliation tables): expenses related to stock-based compensation and related employer payroll tax, amortization of intangible assets, restructuring and facility exit charges, merger-related expenses, capitalized software development costs, non-cash interest expense related to convertible senior notes and a net loss (gain) on strategic equity investments. The non-GAAP financial measures are also adjusted for Splunk’s current and deferred tax rate on non-GAAP income (loss). Splunk uses a long-term projected non-GAAP tax rate to provide consistency across interim reporting periods. We base our rate on non-GAAP financial projections. In determining our tax rate, we exclude the impact of nonrecurring items, and we make assumptions including those about tax legislation and our tax positions. We applied a 20% non-GAAP tax rate to the three and nine months ended October 31, 2023 and 2022. In addition, non-GAAP financial measures include free cash flow and adjusted free cash flow. Free cash flow represents net cash provided by operating activities, less purchases of property and equipment and capitalized software development costs. Adjusted free cash flow is a non-GAAP measure that additionally excludes from free cash flow the impact of cash paid for costs incurred as a result of the proposed Cisco merger. Splunk believes that free cash flow and adjusted free cash flow provide investors useful information to better understand the factors and trends affecting the Company’s performance and liquidity. Both of these free cash flow measures have limitations as they omit certain components of the overall cash flow statement and do not represent the residual cash flow available for discretionary expenditures.

Splunk excludes stock-based compensation expense because it is non-cash in nature and excluding this expense provides meaningful supplemental information regarding Splunk’s operational performance and allows investors the ability to make more meaningful comparisons between Splunk’s operating results and those of other companies. Splunk excludes employer payroll tax expense related to employee stock plans in order for investors to see the full effect that excluding that stock-based compensation expense had on Splunk’s operating results. Employer payroll tax expense is tied to the exercise or vesting of underlying equity awards and the price of Splunk’s common stock at the time of vesting or exercise, which may vary from period to period independent of the operating performance of Splunk’s business. Splunk also excludes amortization of intangible assets, restructuring and facility exit charges, merger-related expenses, capitalized software development costs, non-cash interest expense related to convertible senior notes and a net loss (gain) on strategic equity investments from the applicable non-GAAP financial measures because these adjustments are considered by management to be outside of Splunk’s core operating results. A reconciliation of non-GAAP guidance measures to corresponding GAAP guidance measures is not available on a forward-looking basis without unreasonable effort due to the uncertainty regarding, and the potential variability of, expenses that may be incurred in the future. For example, stock-based compensation-related charges, including related employer payroll tax-related items, are impacted by the timing of employee stock transactions, the future fair market value of our common stock, and our future hiring and retention needs, all of which are difficult to predict and subject to constant change. We have provided a reconciliation of GAAP to non-GAAP financial measures in the financial statement tables for our historical non-GAAP financial results included in this release.

There are limitations in using non-GAAP financial measures because the non-GAAP financial measures are not prepared in accordance with GAAP, may be different from non-GAAP financial measures used by Splunk’s competitors and exclude expenses that may have a material impact upon Splunk’s reported financial results. Further, stock-based compensation expense has been and will continue to be for the foreseeable future, a significant recurring expense in Splunk’s business and an important part of the compensation provided to Splunk’s employees. The presentation of the non-GAAP financial measures is not intended to be considered in isolation or as a substitute for, or superior to, the financial information prepared and presented in accordance with GAAP. Splunk uses these non-GAAP financial measures for financial and operational decision-making purposes and as a means to evaluate period-to-period comparisons. Splunk believes that these non-GAAP financial measures provide useful information about Splunk’s operating results, enhance the overall understanding of past financial performance and future prospects and allow for greater transparency with respect to key metrics used by management in its financial and operational decision making. In addition, these non-GAAP financial measures facilitate comparisons to competitors’ operating results. The non-GAAP financial measures are meant to supplement and be viewed in conjunction with GAAP financial measures.

The following tables reconcile Splunk’s GAAP results to Splunk’s non-GAAP results included in this press release.

Contacts

Media Contact
Patricia Hogan

Splunk Inc.

press@splunk.com

Investor Contact
Investor Relations

Splunk Inc.

ir@splunk.com

Read full story here

The Enterprise Applications Group provides technical support for SCU's Enterprise Resource Planning software. Currently, this consists of Workday for Financials and Human Resources, as well as PeopleSoft (aka eCampus) for Student Administration, and Slate for Admission. In July 2023, all ERP functions will move to Workday.

Support for Workday is split into four categories: operational support; reporting and analytics; integrations; and security. Our support model is divided along those lines, with collaboration across groups depending on the issue, project or upgrade at hand.  Some of our specific activities include:

• Maintaining workflow, especially across functional areas
• Coordinating the biannual release testing, with a particular focus on workflow, reports, integrations and security that may have been affected by the latest release
• Writing integrations to and from third party vendors
• Developing the security model as well as individual enhancements to secure particular reports, integrations, tasks or workflow steps
• Building complex reports and dashboards
• Maintaining legacy data access via separate reporting tool

Support for PeopleSoft is split into three categories: operational support; development; and infrastructure.  Enterprise Applications is responsible for the overall maintenance of PeopleSoft, including:

• Applying patches, upgrades and other maintenance
• Writing custom integrations to communicate with external vendors
• Securing the system, for end users, integrations, and the underlying infrastructure
• Fixing broken functions as well as adding custom improvements  
• Assisting users with queries, batch processes, extracts, etc

Of the 5.9 million children who die each year, poor nutrition plays a role in at least half these deaths. That’s wrong. Hunger isn’t about too many people and too little food. It’s about power, and its roots lie in inequalities in access to resources and opportunities.