Splunk, a leading provider of data analytics solutions, has announced a series of updates to its AI capabilities, particularly in the area of security operations (SecOps). The updates were unveiled at the .conf23 conference, where Splunk showcased the results of its efforts to prioritize artificial intelligence for operations (AIOps) under the leadership of CEO Gary Steele.
Splunk has been incorporating AI and machine learning into its observability and security monitoring tools since 2015. However, the recent updates aim to make it easier for IT professionals to utilize the company’s existing Search Processing Language (SPL), Machine Learning Toolkit (MLTK), and App for Data Science and Deep Learning through natural language processing. These enhancements provide enterprise customers with more accessible and user-friendly AI capabilities.
What sets Splunk’s latest AI updates apart is their focus on security. The company’s threat research team has spent the past year training deep learning AI models on security data. As a result, they have developed six new AI-driven automation tools that address specific SecOps challenges, including detecting DNS exfiltration attempts. These tools, available in Splunk’s Enterprise Security Content Update, leverage deep learning models such as recurrent neural networks and convolution neural networks. This enables them to identify security issues proactively, potentially preventing cyberattacks before they occur.
Unlike other large language models (LLMs) used by Splunk’s competitors, Splunk’s specialized language models require less data to train effectively. While LLMs demand massive amounts of data that many IT vendors don’t have access to, Splunk provides more accessible AI analytics through its specialized language models, such as the Machine Learning Toolkit (MLTK). This allows customers to benefit from domain-specific insights and analytics.
The six AI models for SecOps developed by Splunk generate Notable Events workflows within the Splunk Enterprise Security platform. These workflows are designed to streamline incident detection and response in security information and event management (SIEM) systems. Through its integration with Splunk Mission Control, Splunk Enterprise Security offers a comprehensive solution that combines security analytics, threat intelligence, and orchestration and automation capabilities, empowering organizations to effectively manage security incidents.
In addition to the security-focused updates, Splunk also introduced other incremental enhancements to its AIOps tools. One such addition is the Splunk AI Assistant, which replaces the previous product known as SPL Copilot. The new AI Assistant offers natural language interfaces and generates SPL query code from plain English prompts. It also provides explanations of the queries in plain English, making it easier for users to understand the purpose and functionality of the generated code.
Furthermore, updates to Splunk’s observability product, IT Service Intelligence, enhance anomaly detection by allowing the exclusion of outliers from adaptive alert thresholds. The company also introduced ML-assisted thresholding, a feature that automatically sets alert thresholds based on historical data patterns. These updates aim to improve the accuracy and efficiency of anomaly detection, enabling organizations to identify and address abnormal behavior in their IT systems with greater ease.
Although the updates brought by Splunk are not groundbreaking in the industry, they offer valuable additions to Splunk’s existing toolsets. The Splunk AI Assistant, in particular, has the potential to benefit site reliability engineers (SREs), SecOps professionals, and DevOps teams by providing faster access to relevant information for incident management.
Despite the advantages offered by the Splunk AI Assistant, some customers have raised concerns. For example, the preview version of the tool collects data that could be used for model refinement, raising privacy and compliance concerns. Additionally, the cost implications of using the assistant for numerous queries across thousands of users could be a potential issue. Customers expect Splunk to address these concerns and provide robust data control measures and cost management features before the tool’s general availability.
In conclusion, Splunk’s recent updates to its AI capabilities, particularly in the area of SecOps, demonstrate the company’s commitment to delivering innovative solutions to its customers. With its specialized language models and the introduction of the Splunk AI Assistant, Splunk aims to empower organizations to enhance security and gain valuable insights from their data more easily. While some customers have expressed concerns, Splunk is expected to address these issues to ensure a satisfactory and secure user experience.