In today's rapidly evolving cybersecurity landscape and complex compliance mandates, traditional Security Operations Centres (SOCs) are being transformed by the integration of artificial intelligence (AI) and machine learning (ML).
At Splunk, we are no strangers to these technologies. For years, Splunk foresaw the value of AI and has invested, evolved and integrated AI into our platform, so we can help customers accelerate detection, investigation and response while controlling how AI is applied to their data.
For example, we have been laser-focused on building the SOC of the future with our industry-defining SIEM (Security Information and Event Management) solution. Powered by Splunk AI, it allows customers to unify detection, investigation, and automated response for enhanced speed and efficiency, while also addressing critical skills gaps in the industry.
In fact, Splunk recently ranked highest in all three categories of the Gartner Critical Capabilities for SIEM: Out-of-the-Box SIEM, Customizable SIEM and Threat Detection, Investigation and Response — a testament to our relentless focus on delivering solutions that deliver the value most needed by our customers.
While an industry-leading SIEM can truly help fortify your security posture, what does powering the modern SOC actually look like when it comes to Australia and New Zealand, and beyond?
Companies who are embracing the benefits of GenAI and expanding their use of embedded generative AI features are recovering faster from downtime, which is any service degradation or outage of a business system. Downtime can be caused by multiple reasons, from networking issues to security errors and malicious attacks.
Our recent Hidden Costs of Downtime report revealed downtime remains a significant issue for businesses, with unplanned outages costing companies both financially and reputationally. The report found that companies in Australia and New Zealand (ANZ) experienced more unplanned downtime per year than their global counterparts, averaging 249 hours compared to 238 globally.
These companies that are more mature in their adoption of generative AI features are known as "resilience leaders" and are increasing their use of AI tools at four times the rate of other organizations. AI empowers organizations with visibility and speed, allowing them to effectively detect and mitigate security issues and deal with downtime.
Automation is streamlining repetitive tasks within SOCs, freeing human analysts to focus on more complex and strategic activities. Tasks like log analysis, alert triage and threat hunting, which traditionally consumed lots of time and resources, can now be handled by AI systems with great efficiency.
For example, Hyperion 3, a Splunk partner in ANZ, has been adopting Splunk Cloud Platform across various government departments, using our automation and efficiency advancements. Splunk Cloud’s IRAP-certified solutions significantly enhance analytics, security, and operational intelligence. It was a delight to see Hyperion 3 recognized with the APAC Services Partner of the Year at the Global Partner Summit as they demonstrated an effective use of automation to empower departments with enhanced strategic insights and operational efficiency.
SOC teams are constantly under pressure and resource constrained due to the increasingly sophisticated threat landscape and evolving regulatory requirements. Embedding automation to daily processes should be table stakes when it comes to powering a modern SOC.
The cybersecurity skills gap poses a significant challenge, particularly in regions like Australia and New Zealand. AI can help bridge this gap by augmenting human capabilities and providing advanced tools that empower less experienced analysts.
According to our CISO report, 86% of CISOs believe that generative AI will alleviate skills shortages, highlighting its potential to transform the industry. Australia is also a leader in both generative AI adoption and policy creation, with 69% reporting that employees use public generative AI tools to do their jobs compared to 54% globally, and 73% reporting they had established security policies for generative AI use (66% globally).
As demonstrated in our State of Security report, AI can help SOC teams bridge skills gaps and improve defences. 90% of respondents said that entry-level staff can lean on generative AI to help develop their skills in the SOC once they’re hired. On the other hand, the technology will also be a force multiplier for seasoned security professionals. 65% of respondents believe it will make them more productive, enabling experienced practitioners to more easily synthesize news and information, and accelerate research and detection engineering.
While some may still question the practicality and useability of GenAI, at Splunk, we believe that when implemented with transparency, fairness and resilience, the modern SOC can embrace the technology to their advantage.
Splunk recently announced the availability of Cisco Talos Incident Response services to Splunk customers, as well as other security innovations to power SOCs of the future. Read more about this here.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.