2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Splunk 9.0 release doubles down on security, observability

apple-touch-icon.pngSplunk 9.0 release doubles down on security, observability>
CRN – Rick Whiting
The general availability of Splunk Enterprise 9.0, which replaces the current 8.3 release, and enhancements to Splunk Cloud Platform are being unveiled today at the companyâs .conf22 event in Las Vegas. Some 12,500 attendees are expected at the conference â the companyâs first in-person conference since 2019.

The new capabilities introduced in Splunkâs technology portfolio this week, including new data ingest, federated search and cloud data management functionality, come as Splunk continues to target applications in data observability and IT security.

A number of the new features provide end-to-end visibility through expanded data access and optimised data storage, according to the company. Data Manager for Splunk Cloud Platform helps customers onboard Splunk across Amazon Web services and Microsoft Azure, providing a hybrid cloud control plane for data flowing into Splunk. (Support for Google Cloud Platform is set for later this summer.)

The new Ingest Actions functionality provides granular controls for filtering, masking and routing of data in motion within the Splunk Platform or to external AWS S3 storage.

Splunk Enterprise 9.0 also extends data âcold storageâ beyond AWS and GCP to Azure with the new SmartStore for Azure, a capability the company said can help self-managed Splunk Enterprise customers reduce operating costs by up to 70 percent.

Splunk has also expanded the Federated Search functionality within its platform, which will enhance and simplify security investigation and search operations across hybrid cloud environments by providing users and administrators with a comprehensive view of their entire Splunk ecosystem.

Also now generally available is Splunk Assist, a fully managed cloud service within Splunk 9.0 that leverages cloud deployment data to provide businesses and organizations with insights about their security environments.

Splunk also launched Splunk Log Observer Connect, which makes it possible to visualize all data in a single place using the capabilities of the Splunk Cloud Platform and Splunk Observability. The company said the new technology enables site reliability and DevOps engineers to access metric, trace and Splunk Cloud log data in a single interface.

Also making their debut at the .conf22 event are Anomaly Detection Assistant, which helps security analysts, IT operations managers and DevOps engineers use machine learning to investigate potential problems; new risk-based alerting capabilities in Splunk Enterprise Security for enforcing zero trust security policies and prioritizing incidents; and Splunk Incident Intelligence, currently in preview, which helps DevOps teams investigate system performance incidents.

While Splunk is particularly focused on security and observability applications for its data platform, the Splunk technology portfolio can be used for a wide variety of data-centric use cases. The company said it continues to enhance its Splunkbase site with more than 2,500 purpose-built applications and integrations â many from the companyâs 2,400 channel partners â that work with the Splunk system.

Splunk is also previewing Splunk Cloud Developer Edition, a developer tool set that will help developers more easily build and test applications for the Splunk Cloud Platform.
Link: https://www.crn.com.au/news/splunk-90-release-doubles-down-on-security-observability-581333

Categories:

Tags: