Datanet » NOUTĂȚI ȘI EVENIMENTE » Tendințe în industrie » Cisco completes Splunk transaction: key insights for current and future clients
SOITRON GROUP
Menu
Datanet » NOUTĂȚI ȘI EVENIMENTE » Tendințe în industrie » Cisco completes Splunk transaction: key insights for current and future clients
Cisco completes Splunk transaction: key insights for current and future clients

In March, EU regulatory authorities gave the green light to the Cisco-Splunk transaction, signed in September 2023, valued at USD 28 billion. The acquisition of Splunk now positions Cisco as one of the world’s largest software companies, paving the way for a portfolio of solutions promising a revolution in organizational connectivity and security.

As a longstanding partner of both entities, Datanet Systems possesses the requisite resources and expertise to seamlessly facilitate the implementation of the joint Cisco-Splunk portfolio across various client scenarios.

The completion of the transaction unlocks a myriad of integration opportunities between the two companies’ portfolios while ensuring the continued availability of Splunk solutions for existing clients. Romanian organizations can expect a seamless transition without disrupting their experience with Splunk products. Contracts will remain unaffected, with products maintaining their current appearance and functionality, enhanced further by Cisco’s collaborative development roadmap.

Moreover, for Romania, where Splunk previously lacked local representation, the Cisco team will now fill this gap, providing a distinct advantage.

 

Splunk’s Origin and Key Features

Founded in 2003, Splunk  stands as a premier “big data” platform, streamlining the daunting task of collecting and managing vast volumes of data generated by equipment and applications (commonly known as machine-generated data), as well as facilitating information retrieval within them. At the forefront of the company’s offerings lies Splunk Enterprise, boasting sophisticated and scalable capabilities for indexing and querying logs within a system, alongside data analysis to deliver “operational intelligence.” This platform excels at correlating, capturing, and indexing real-time data, thereby generating alerts, dashboards, graphs, and reports. Such functionalities empower organizations to swiftly identify any deviations from the norm in the behavior of systems, applications, and devices, enabling prompt issue diagnosis.

Recommended for organizations navigating complex networks, Splunk solutions offer a streamlined approach to examining, monitoring, and searching machine-generated data via a browser-like interface. This enables swift and seamless data retrieval, with the added benefit of not requiring a database for data storage, thanks to its reliance on indexing.

Splunk solutions shine in parsing, analyzing, and correlating vast volumes of data (including billions of logs), empowering engineers to conduct root cause analysis and troubleshooting with precision. The results, presented in intuitive graphical formats, enable IT departments to swiftly comprehend past occurrences (such as previously unidentified zero-day attacks), pinpoint the cause of an incident, and evaluate its ramifications.

Derived from this platform are two pivotal solutions, integrated into the Datanet Systems portfolio since 2021 following the partnership agreement: Splunk Enterprise Security and Splunk User Behavior Analytics (UBA).

  • Splunk Enterprise Security is a Security Information and Event Management (SIEM) application that collects, aggregates, and analyzes data from multiple sources, spanning on-premises and cloud infrastructures, facilitating the identification of potential threats. This solution enhances the operational efficiency of security teams (SOC) by automating monitoring, investigation, alerting, and response processes. The SIEM platform reduces the number of false positive alerts, increases response speed, and provides support for integration with over 240 security products.
  • Splunk User Behavior Analytics (UBA) operates as an add-on to the Splunk Enterprise Security platform, enhancing companies’ ability to identify threats. The solution automatically detects and flags abnormal behaviors at the user, account, device, and application levels. Splunk UBA leverages machine learning algorithms comes with predefined sets of anomalies (+65) and threat categories (+25), and integrates sandboxing functionalities.

As differentiators, Splunk has always stood out for:

  • Real-time data visualization: Splunk enables real-time data visualization and analysis, helping organizations detect and respond quickly to events and anomalies.
  • Flexibility and scalability: Splunk is a flexible and scalable platform capable of processing and analyzing large volumes of data from a variety of sources.
  • Advanced analytics: The platform offers advanced data analysis and visualization tools, including the ability to create and customize reports and dashboards.
  • Security: Splunk provides robust security features, including real-time monitoring and cyber threat detection.
  • Seamless integration with other systems: Splunk can be seamlessly integrated with other systems and applications, allowing organizations to efficiently utilize data from various sources.

 

Cisco-Splunk Integration: What Comes Next?

Since last year, Cisco has been vocal about its ambitious plans for Splunk. Over the coming months, customers can anticipate reaping the rewards of the integration of both portfolios, merging networking solutions with security and observability.

For any forward-thinking organization, the imperative lies in seamlessly connecting people, places, applications, data, and devices while safeguarding their entire digital landscape against cyber threats and associated risks. Here, Cisco promises a transformative shift. The fusion of Cisco and Splunk will deliver unparalleled visibility and comprehension of an organization’s digital footprint by seamlessly correlating and integrating all aspects of networking, security, and observability. This will be further empowered by the formidable capabilities of Artificial Intelligence, automating tasks and deciphering data with precision.

Development Directions:

  • Complete Modernization of Security Operations Centers (SOCs): Cisco will continue to deliver Splunk security solutions while integrating and enhancing them with data from networking, endpoint, and cloud management products to provide superior visibility into resources and advanced remediation capabilities. Additionally, threat intelligence from Cisco Talos will be integrated into Splunk Enterprise Security to enhance the security posture of beneficiaries.
  • Enhanced Observability Across Environments: Cisco will continue delivering Splunk observability products, but through integration with its own products, it will provide a unified perspective for all categories of IT engineers across all environments: on-premises, cloud, hybrid, or multicloud.
  • Unified Data on a Single Platform: Splunk Enterprise will be capable of integrating all categories of data (IT, security, network) regardless of source, application type, or technology to provide complete visibility.
  • Added Value through AI: Through the integration of the two portfolios, Artificial Intelligence will be trained on vast amounts of data, with Cisco providing the necessary computing power and scalability. This advantage will be transferred to beneficiaries across all levels, but primarily in terms of security and observability.

 

Splunk references in Datanet Systems’ portfolio

Datanet stands out as one of the few integrators in Romania boasting genuine expertise in aligning Cisco and Splunk technologies. Since January 2021, Datanet Systems an Associate Reseller for Splunk products in Romania.

In the medical sector, a prominent hospital in the southern region of Romania sought our expertise. We orchestrated the implementation of the Splunk Enterprise platform seamlessly integrated with Splunk Enterprise Security SIEM. This amalgamation facilitated the aggregation of logs and data from diverse sources including workstations, IT and network equipment, as well as surveillance systems. Operating within a multi-vendor environment, our solution harmonized disparate data streams and furnished real-time insights into the security landscape, fortified and validated by Artificial Intelligence. Given the heightened vulnerability to cyber threats in such an environment, our solution diligently generates a plethora of security reports tailored for both the IT team and managerial staff.

Another relevant project was undertaken for a client in Transylvania, a Managed Services provider leveraging the Splunk platform to collect and analyze production data from a containerized virtualized environment, along with data extracted from network infrastructure, servers, firewalls, and endpoints.

In such projects, Datanet Systems delivers comprehensive services encompassing design, implementation, configuration, and integration of Splunk solutions with existing applications in clients’ infrastructures. We also provide complete maintenance, support, and training services. Acting as a single point of contact for Cisco and Splunk products, even prior to the transaction between the two companies.

For further information about Splunk solutions and Datanet’s commercial offerings, please feel free to contact us at sales@datanets.ro.