The smoke has cleared on Cisco's largest acquisition ever: that of Splunk for $28 billion in September.
This acquisition has added a new layer of uncertainty for users, many of which were already wondering what the future holds for threat detection and response in the cloud.
The steep buyout premium reflects an expectation that customers will stick around and gain a preference for additional Cisco security products.
Organizations that spent years investing in Splunk infrastructure and content have good reasons to stay on.
They fear that severing ties with Splunk would wreak havoc on workflows that Security Operations Centers rely on to assess and mitigate security threats to the business.
Improved offerings from the cloud hyperscalers and advanced data lake offerings have kicked off a wave of SOC modernization initiatives.
Over the last few months since the acquisition of Splunk, we've been waiting for the other shoe to drop, and it finally has.
The technology, the leaders, everything now is shifting so that security teams can have a more open future - a future where they're not locked into a single SIEM, one with freedom for detections, and freedom for response.
From data pipelines to threat detection platforms, an unbundling is taking place.
Security organizations increasingly prioritize flexibility and optionality, driving demand for decoupled solutions.
Analytics separate from data storage, stand schemas and open table formats are all gaining mindshare.
Interest in decoupling threat detection from log storage is fueled by the huge difference in cost between data platform options.
Where tightly coupled SIEM solutions impose a steep ingest tax, cloud data lake options charge by usage and don't limit retention.
Use cases whose data can be analyzed outside the SIEM often see cost savings upwards of 80%. The combination of improved visibility and lower spend makes new data platforms appealing.
They are looking for ways to augment Splunk with data platforms that deliver efficiencies and support the latest machine learning.
In my experiences working with customers at Snowflake, I saw the immediate impact when they could start using Snowflake alongside Splunk.
They no longer only had one option for their security data.
Security teams demand the liberty of choosing where their data lives and the flexibility to detect threats equally well across their SIEM and data lake of choice.
Omer Singer is the VP of Strategy at Anvilogic where he helps customers break free from SIEM lock-in.
With an extensive background as the former Head of Cybersecurity Strategy at Snowflake and VP of Security Operations at a global MSSP, Omer brings over 15 years of experience and a belief in the power of better data to drive better security.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sat, 17 Feb 2024 18:43:05 +0000