“Cyber Resilience in the Digital Age” was the theme of the event held on May 15, 2025, at the Epoque Hotel in Bucharest, organized by Datanet Systems and Clico Romania – a provider of comprehensive security, networking, and management solutions. The business matchmaking workshop was dedicated to companies interested in strengthening their cyber resilience and reducing risks posed by attacks and vulnerabilities.

Together with experts from Datanet Systems, Palo Alto Networks Romania, and CyberArk, participants explored advanced cybersecurity solutions, focusing on the integration of Artificial Intelligence to prevent sophisticated attacks and protect critical IT infrastructures against modern threats.

 

Splunk, a “Google for the data center”. How it helps us extract more value from data

 

The event opened with a presentation focused on the Splunk platform, a SIEM (Security Information and Event Management) data analytics solution added to Cisco’s portfolio in 2023, delivered by Bogdan Șileanu, Senior Security Consultant at Datanet Systems. He emphasized that “IT systems generate machine data which, in most cases, goes unused but holds great value if we collect, index, and process it to make it intelligible for human users.”

According to the Datanet Systems expert, Splunk is a software platform designed for searching, monitoring, and analyzing machine data. It delivers operational intelligence by collecting and indexing data from a wide range of sources in real-time. Splunk can ingest massive volumes of data and excels at indexing and interpreting it without losing a single log. Regardless of format, source, or transmission method, Splunk handles any type of data. Once ingested, it understands the data, integrates it natively with any existing system, and removes the need for manual normalization or interpretation of machine data.

As a SIEM solution with SOAR (Security Orchestration, Automation, and Response) capabilities, the platform includes multiple apps that facilitate automatic data collection and interpretation. Log analysis, typically a time-consuming process, becomes fast and intuitive. In just a few minutes, data is structured, correlated, and presented visually in an easy-to-understand format, making Splunk the ideal solution for cybersecurity professionals seeking efficiency and enhanced visibility through:

• Data ingestion
• Fast, efficient indexing with no data loss
• Dashboards and visualization (intuitive graphical interface)
• Natural language search and analysis
• Alerts – For example, Splunk detects suspicious behavior such as repeated failed login attempts from different geographical locations, and automatically responds by sending a command to Active Directory to reset the user’s password, thus helping prevent a potential attack.

“As a technology, it has two core components. One is for data collection, called Universal Forwarder, which works on Windows, Linux, Unix etc. It captures and filters data, transforms it, and sends it to an Indexer (the second component). For networking equipment that doesn’t support agent installation, a Heavy Forwarder is used – a device that can collect data via syslog or similar protocols. The Indexer is a Splunk node that stores and processes data. It requires storage and licensing based on the daily volume of indexed and processed data. A key aspect is filtering data before indexing, which reduces costs and prevents the solution from being overloaded with unnecessary data,” explained Bogdan Șileanu.

Splunk is implemented in a distributed architecture, with one or more Indexer servers for data processing and a Search Head node accessible to users, allowing for data querying and acting as a SIEM. The Splunk Enterprise version provides core functionalities (indexing, searches, alerts, and dashboards), while Splunk Enterprise Security (ES) extends capabilities with predefined alerts, signature lists, and dedicated tools for identifying security incidents. Data is structured in storage tiers (hot, warm, cold, frozen) based on age/availability, which impacts both costs and solution configuration.

Splunk offers a dedicated app for integration with Cisco devices but also allows the creation of unified dashboards that include devices from other vendors. The platform includes Machine Learning modules for predictions (e.g., predictive maintenance) and an AI Assistant that generates natural language queries, with full access to the system’s data, sources, and configurations.

 

Palo Alto places AI at the core of cybersecurity. The importance of a unified security platform for modern businesses

 

The second presentation of the day was delivered by Teodor Iacob, Manager Systems Engineering at Palo Alto Networks, focusing on “Securing businesses in the AI era” and the importance of unified cybersecurity platforms. The specialist highlighted both the impact of AI on organizations and the new vulnerabilities it can generate, as well as its essential role in strengthening cybersecurity posture, based on concrete data:

• 94% of companies prioritize AI-ready strategies
• 94% use generative AI technologies in software development
• 42% use chatbot tools in customer support activities

Palo Alto Networks’ investments in AI have been paying off since 2013, when the company developed a system capable of detecting unknown malware using machine learning algorithms and global data analysis—an approach that allowed them to predict threats before they became visible. Ongoing R&D efforts culminated in 2024 with the launch of Precision AI, a system that combines Machine Learning, Deep Learning, and Generative AI capabilities to deliver real-time protection.

According to the Palo Alto representative, AI can significantly simplify operations in security departments. On average, such a department uses around 80 tools and applications from about 20 different vendors—an operational nightmare. How does Palo Alto help solve this issue? By integrating AI capabilities into a single platform, reducing complexity and enabling more efficient security management.

“At Palo Alto, 10% of the annual revenue is invested in research and development. In the ‘AI vs. AI’ battle, we work toward safer AI adoption. We monitor in real time the usage levels of GenAI applications: how many are allowed, how many are blocked, how many need inspection, and whether sensitive data is being transferred. We maintain a catalog of over 2,000 Generative AI apps, each with multiple individual attributes, which helps manage AI usage in the enterprise environment. We complete the process by classifying and controlling access to apps in categories such as: healthy, tolerated, or approved—everything based on best practices tailored to each industry and aligned with control policies,” explained Teodor Iacob.

New identities & new paradigms. CyberArk’s perspective on adapting to emerging threats in identity security

 

The third speaker of the event was Panagiotis Pantazis, Sales Manager Balkans at CyberArk, who emphasized the proliferation of machine identities. “For every human identity, there are 82 machine identities,” the CyberArk representative noted. According to him, a major shift is occurring globally, and the new challenges must be addressed quickly and efficiently.

On one hand, we’re witnessing the rapid growth of new identities—both human and machine. On the other, the complexity of human privileges is also increasing: while 3–4 years ago most organizations had only a few super-users with unlimited access, things have changed dramatically. From developers to finance or HR teams, more and more users now have access to sensitive data, and the concept of a privileged user has evolved significantly.

In this context, Panagiotis Pantazis cited CyberArk’s 2025 Identity Security Landscape report, which highlights that:

• 84% of companies work with multiple cloud providers, complicating identity management
• 85% of cyberattacks are powered by AI, marking a major shift in attack tactics
• 80% of attacks exploit identities and credentials—a percentage that has remained steady in recent years
• AI will become the primary generator of new privileged or sensitive data-access identities by the end of 2025
• 70% of organizations consider identity silos to be the main cause of cybersecurity risks

“Perimeter security is outdated and insufficient. Identity management is becoming essential, and every identity must be assigned the appropriate level of control to ensure protection,” concluded the CyberArk expert.

Thank you to all the organizations that participated in the event. For more information about the solutions presented, reach out to us at sales@datanets.ro.