GDIT Emerge

Splunk on Automated Responses, Evolving Technology, and More


By Gary DePreta, Area Vice President of Federal – Defense, Intel, and Aerospace, Splunk

What emerging technology has the most power to change the game in addressing government’s biggest challenges?

The biggest challenge government agencies face today is lack of resources. As an industry, security has a shortfall in this area and nowhere is this more acute than with government agencies. The emerging technology category called SOAR, Security Orchestration and Automated Response, is showing the most promise simply because it helps automate repetitive tasks to force multiply the SOC team’s efforts and better focus their attention on mission-critical decisions. Automation can not only reduce response times but essentially strengthens defenses by integrating existing security infrastructure together so that each part is an active participant

What are some of the government challenges it can help address? Potential use cases?

The primary challenge SOAR technologies address is overcoming resource issues by enabling staff to work smarter by automating repetitive tasks, so they can focus on more mission-critical tasks. Security teams can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting. It also helps you respond faster and reduce dwell times with automated detection, investigation, and response. Using Phantom helps strengthen your defenses by integrating your entire security infrastructure so that each part is actively participating in your defense strategy.
How does Splunk see this technology evolving over the next few years?

While this technology is quite easy to use, increasingly less experience requirement would be a hallmark of its evolution. SOAR technologies will evolve to include AI/ML capabilities, so they can adapt to changing situations and be able to run automated plays without human intervention.

You know the saying “many hands make light work.” Why is collaboration among technology partners so important in addressing government’s toughest challenges? Can you share an example where you saw this in action?

Enterprise security has evolved based on a defense-in-depth strategy. And as threats become more sophisticated, innovations grow contributing to a complex and heterogenous environment. In such an environment, different providers bring different skills and expertise and collaboration between them is key so that each one focuses on their specific area while integrating where it is needed. An example of this is Splunk’s Adaptive Response Initiative. Supporting over 200 security products, Splunk serves as the Security Nerve Center and can quickly orchestrate responses to findings and incidents across this ecosystem.

Continue the conversation and hear Splunk’s insight during the “Adaptive Cyber Responses – Strategic Partner Spotlight” session at Emerge on April 23. Register today.