Federated Analytics: Balancing Cost Efficiency and Performance With Data Lakes

Growing digitization and complexity of IT/network infrastructure requires enterprises to adopt a more fluid security and observability posture. Multi-dimensional threat vectors, causality chained events and incident analysis now requires customers to track and monitor a large part of their data exhaust coming from myriad sources. It’s quite onerous for customers to require IT and security analysts to learn and use multiple analytical tools based on where the data resides. Traditionally, customers had few options to monitor high data volumes cost effectively while leveraging a common and rich security & observability tool to analyze the wide data footprint.  

Splunk’s Federated Search for S3 addressed this gap enabling organizations to search and correlate data across Splunk and third party data lakes allows customers to store highly voluminous and aged/non-critical datasets in cost effective data stores. This also avoided the tool sprawl and retooling/retraining challenge by extending existing Splunk alerts, dashboards and workflows to data in third party data lakes with minimal changes, providing unparalleled operational visibility across a broad data footprint.

There is a need for a more fluid approach, for businesses to quickly adapt to the changing threat landscape and ensure service availability guarantees. This implies organizations should not be constrained by data storage choices made in the past and have the ability to quickly adapt to new & emerging business impacting incidents. Without a quick flip over option to move from cost efficient storage to high performance searches for data residing in data lakes, organizations can be limited in their ability to quickly identify and fix issues.

To provide a more balanced and agile approach, Splunk is bringing an innovative offering with the Preview availability of Federated Analytics. Federated Analytics brings an on-demand indexing option for data lakes starting with Amazon Security Lake (ASL), providing both in-place search capability without data duplication as well as a dynamic indexing approach to facilitate low latency searches. This enables organizations to gather context from diverse data sources, and bring selective datasets into Splunk on demand, offering a perfect blend of cost efficiency and low search latency. Organizations can enable their existing apps & workflows including ES detections OOB to be powered through Federated Analytics. This tight integration with Splunk Enterprise Security, OCSF (Open Cyber Security Framework) and Amazon Security Lake enables organizations to immediately gain the benefits of Federated Analytics for security use cases.

Federated Analytics offers both cost efficiency and agility for organizations, to react to new information and not compromise on high performance searches because of the storage choices of the past. It offers optionality to leverage high performance searches for the limited duration of the investigation without incurring cost and management overhead. Click the link to learn more and sign up for the Preview program., and check out the .conf24 sessions PLA 1261B and PLA 1320B for more details.

Follow all the conversations coming out of #splunkconf24!

Follow @splunk