At the .conf 23 event in Las Vegas, Splunk showcased new integrations and products aimed at enhancing observability and security analytics. One of the key products highlighted was Mission Control, an interface designed to unify detection, investigation, and response across all of Splunk’s SOC tools, streamlining secure workflows for security analysts.
Another noteworthy product is Attack Analyzer (formerly known as TwinWave), which allows analysts to gain advanced insights into threats and run them within a safe environment for analysis. This tool addresses the need for a sandbox environment to safely process and investigate malicious reports without the risk of accidental detonation.
Splunk is also expanding its Federated Search feature to include Amazon S3 incidents, enabling unified searching of data at rest contained within S3 buckets without having to process the data through Splunk. This marks a shift in the company’s strategy, recognizing that storing all data within Splunk may not always be practical due to increasing data volumes and diverse data sources.
Furthermore, Splunk’s Edge Hub, a physical hardware device, collects data from areas at the workplace that traditionally couldn’t capture data, providing useful insights for various industries. This innovation allows Splunk to play a more proactive role in ensuring integrations with third-party services and software are optimized and seamless.
Overall, the goal of these new products and integrations is to bring greater efficiency, integration, and analytics capabilities to Splunk’s platform, meeting the demands of its customers and empowering security, IT, and engineering teams to work more closely together in today’s evolving threat landscape.
