Splunk Unveils New AI Offerings And Edge Hub, Strikes ‘Digital Resilience’ Alliance With Microsoft
At the Splunk .conf23 event Tuesday, Splunk expanded the SecOps and ITOps functionality of its flagship unified security and observability platform and debuted a collection of AI-powered tools to boost the system’s detection, investigation and response capabilities.
“Digital resilience” is the key theme at Splunk’s .conf23 this week, and is the underlying focus of several new technology unveilings at the event including the new Splunk AI, the new Splunk Edge Hub operational technology, and a series of innovations around the flagship Splunk platform.
Digital resilience is also the goal behind a new Splunk-Microsoft partnership, also announced this week, through which the two companies will build Splunk’s enterprise security and observability software on the Azure cloud platform.
And for the first time Splunk’s products, including Splunk Enterprise, Splunk Enterprise Security and Splunk IT Service Intelligence, will be available for purchase through the Microsoft Azure Marketplace, the companies said.
“We’re super excited about [the] new capabilities, including AI capabilities, that we think will be impactful not only to our customers but also to the partner community,” Splunk president and CEO Gary Steele said in a pre-.conf23 interview with CRN.
Digital resilience, the core mission for Splunk’s unified security and observability platform, is the protection of digital workflows and workloads – often part of larger digital transformation initiatives – from cyberattack and maintaining the performance of those processes and the IT that supports them.
“This digital resilience message resonates broadly, and most customers want to talk about it,” Steele said in the interview. “Many customers need some form of assistance that would come from partners. These are big initiatives in companies today. I think the resilience side of things is actually a very high priority. It comes in the form of improving security posture, it comes in the form of application uptime, application visibility, what’s really happening.
The new Splunk AI is a collection of AI-powered software that will enhance the functionality and use of the core Splunk platform. Splunk AI Assistant, the first product in the Splunk AI set, will provide a natural language interface to the Splunk system that provides a “chat” experience and can be used to explain or author Splunk Processing Language queries.
Splunk AI Assistant, now in preview, will make it easier for users to engage with the Splunk system and search for data using natural language, said Min Wang, Splunk CTO, during a .conf23 keynote Tuesday.
“We all know AI is rapidly transforming our industry and opening up new opportunities,” said Wang, who just joined Splunk in April. “As an expert in security and observability, we have the best domain-specific insight derived from real-world experience. With these insights we can build the best AI capabilities that are fine-tuned for security and observability and tightly integrated with Splunk.”
Wang said that going forward Splunk will embed Splunk AI Assistant into other workflows, such as security detection and investigation.
AI is also a component of the new Splunk App for Anomaly Detection, used by SecOps, ITOps and engineering teams, with AI-assisted workflow to simplify and automate anomaly detection within an environment.
The new release of Splunk Machine Learning Toolkit (MLTK), 5.4, builds on Splunk AI with an ability to bring externally trained models into Splunk. And Splunk App for Data Science and Deep Learning (DSDL) 5.1 includes two AI assistants that allow customers to leverage large language models to build and train models with domain-specific data to support natural language processing.
“The launch of Splunk AI really reaffirms what is a history and a commitment we have around innovation in search and analysis of large volumes of data,” said Tom Casey, Splunk senior vice president of products and technology, in a pre-.conf23 briefing. “And our approach is to bake intelligent AI assistants into the everyday tasks our users are performing. We think Splunk is a trusted partner for mission-critical workloads.”
Of particular interest to the channel is the debut of Splunk Edge Hub, a hardware and software device that the company says simplifies the ingestion and analysis of data generated by operational technology including sensors, IoT devices and industrial equipment. Edge Hub provides more complete visibility across IT and OT environments in such industries as manufacturing and energy management by streaming previously hard to access data directly into the Splunk platform.
“Splunk Edge Hub is really pretty groundbreaking,” Casey said. “It breaks down barriers and silos that historically made it difficult to extract and integrate data from your operating environment. And with some new abilities that it provides, it’s much easier to access that data, integrate it and gain visibility to it in a common way using the normal Splunk tools and dashboards that people have in their environments already.”
The Splunk Edge Hub hardware will be sold and supported exclusively through Splunk channel partners, Casey said. Edge Hub includes a Splunk license and partners can develop vertical industry solutions that incorporate Edge Hub and even build custom solutions for customers.
“We think this is a great opportunity for the experts in our partner community, like Accenture and others, to go out and build more technology and more resilience into the practices that they have around energy, manufacturing, et cetera,” Casey said.
Splunk has been working with and training some partners over the last year in advance of the Edge Hub launch including Accenture and Grey Matter. “What we’re really trying to do is enable an ecosystem here to be super effective with the Edge Hub device,” the executive added. Edge Hub is generally available in the U.S. with plans to extend availability to EMEA and APAC at a later date.
The company also unveiled a slew of new capabilities and enhancements, most geared toward SecOps, ITOps and engineering teams, either within the Splunk Cloud Platform and Splunk Enterprise 9.1 or provided as add-on software.
The new Splunk Attack Analyzer helps security teams automate the analysis of malware and phishing attacks to identify complex attack techniques intended to evade detection. OpenTelemetry Collector is a technical add-on to help Splunk Observability Cloud users capture metric and trace data. And the new Unified Identity offering allows ITOps personnel and engineers to access Splunk Cloud Platform and Splunk Observability Cloud with one user identity.