CND sent two senior members of the team to Splunk Conf.24 in Las Vegas. The following is their account.
'We started the conference by attending talks by Splunk CEO Gary Steele who delivered the opening keynotes along side Cisco Present Chuck Robbins. With Splunk's recent merging with Cisco everyone was intrigued to see whether there would be any key take aways from the event. It just so happens, there was a unexpected roar of applause which followed Chuck Robbins remark "We're not going to ruin Splunk." This statement certainly delivered an impression as throughout the next 3 days, every Cisco employment would repeat it during every appearance on stage.
It sounds like Splunk will be retained as a separate entity and have some of the Cisco services woven into it rather than being re-badged as a Cisco tool/service. From a SIEM/Cyber Security perspective that means Splunk Enterprise Security (ES) will start to see integration with the Talos threat research Cisco is already doing as well as Cisco's ThousandEyes User Monitoring agent.
There were two notable themes for this year's conference, the first being the "We're not going to ruin Splunk", followed with another relating the AI. Splunk are due to release a Splunk ES integrated AI that will help Security Analysts write detections and navigate security incidents by directing them through security playbooks. That is on top of the much hyped Splunk AI Assistant chat bot that will help non-Spluker's write searches by translating natural language into Splunk's SPL search language.
Many of the presentations were AI related with titles such as 'Build Your Own AI Detection Engine Co-Pilot' and 'Developing Behavioural Analytics Using Generative AI'.
One was titled 'In defence of the SOC Analyst' and covered all the reasons AI can't replace a good SOC Analyst, (not yet anyway). Breakout sessions with hands-on labs was a welcome first at .Conf for me, it reminded me a little of SANS rather than the usual death by PowerPoint. Following the speakers methods for yourself, on your own laptop helps to cement the learning and I will now be able to take some of the techniques from those sessions to my own customers not just as theory, but with working examples.
While wandering through the exhibition hall I ran into the ex-team leader for one of my customers who is now working for Splunk. He was demonstrating the use of Splunk in a Smart Home by monitoring the consumption of food stuffs by the inhabitants and tallying their calorie intake against data from their fitness tracker. It was then able to suggest meals based on the food left in the fridge and their expected requirements for the next day. He mentioned they could do with some snack items like crisps and it just so happened that that afternoon in the breakout area attendees were offered Cheeto's and Dorito's as a snack. I scooped up an arm full and delivered them to the smart home stand back in the exhibition hall for which I was rewarded by the staff there with ice-cream, (I think crisps for ice-cream was a pretty good trade especially given it was 43° outside).
At an invitation from 'Jade' at Arrow (another Splunk partner we transact with), Jeff and I attended the Arrow mixer at one of the Venetian's cocktail bars. It turned out that Arrow weren't the only group hosting an event there, it was busy and as we entered, we were greeted by the director of a US based partner org who insisted on putting our drinks on his tab, he then swapped cyber stories and experiences with us, it became clear that their experiences partnering with Splunk as an organisation are remarkably similar to CND's despite the different characters involved on opposite sides of the Atlantic. Eventually we turned to seek out the gathering we were supposed to be at the bar was half empty but we never did find Jade!
On the last evening we attended the farewell party featuring 90's nostalgia act, TLC. Safe to say we enjoyed our final hours in Sin City, we made connections, caught up with friends, learned a lot and thoroughly enjoyed our time at .Conf24. Looking forward to next year already!
Comments