RSAC 2024

Interview: Splunk SVP On The Evolution Of SIEM And SOAR, Cisco Acquisition  

Expert Insights interviews Patrick Coughlin, SVP of Global Technical Sales at Splunk.

Patrick Coughlin Splunk

Splunk is the market leader in the Security Information and Event Monitoring (SIEM) space, with over 14,000 customers worldwide. In March 2024, Cisco closed its acquisition of the Splunk platform, with the aim of combining Splunk’s observability platform with Cisco’s network security solutions.  

“Cisco has such a huge center of gravity, with so many customers around the world. The product lines they have, will allow us to bring components of our portfolio to more parts of the customer base and drive deeper value for customers,” Patrick Coughlin, the SVP of Global Technical Sales at Splunk tells Expert Insights. 

Coughlin started his career at Booz Allen Hamilton, working as a Senior Analyst, before starting up co-founding TruSTAR, a cyber threat intelligence solution, which he ran as CEO. In 2021, TruSTAR was acquired by Splunk, where Coughlin is now the SVP of Global Technical Sales. This role includes managing all technical sales functions at Splunk, including incubating new product launches and features being launched into the market. Coughlin also sits on the California Technology Council as an advisory board member for cybersecurity. 

AI And The Future Of SIEM & SOAR 

Expert Insights spoke to Coughlin at RSAC 2024 in San Francisco, where one of the many discussions raised was the evolution of the SIEM and SOAR space. “SIEM and SOAR are foundational components of security operations,” Coughlin says. The market is “maturing,” but there are still challenges, particularly around ease of use, and the gap between event detection and response. “Splunk has 30% [market share] in SIEM, we are the undeniable market leader in the space. But we have to continue to innovate.” 

A key driver in that innovation are new AI technologies. “Splunk has taken a very sober approach to AI. We’re of course rolling out assistants and technologies that can help unlock the value of complex technologies faster. You’re going to see that coming from us in the next couple of months,” he says.  

“That opens up the tent to bring in more people into the security operations mission. You no longer have to be a Splunk ninja with 15 years of experience. The investments we are making in AI are all pointed at bringing down the maximum barrier of entry and getting maximum value of the products that you have.” 

Splunk is uniquely positioned to help organizations make the most of AI technologies in a proactive way, Coughlin says. “I see a ton of opportunity helping out CISOs, CIOs, CTOs get comfortable moving production workloads into AI and opening up AI for their employees. Because they can have confidence that across the Splunk portfolio, they can monitor for that affect… We believe deeply that a human-in-the-loop approach, along with AI is important. But how do you insert that human-in-the-loop piece in the right places, and remove them fromall that data janitor work that they’re doing on the sidelines.” 

Under The Cisco Umbrella 

There is a lot of “synergy” between Splunk and Cisco’s customers, Coughlin says, especially around detection, alerting and visibility. “When you pair Splunk Enterprise Security with Cisco XDR, all of a sudden, visibility into the network multiplies.”  

“We’ve been talking a lot for years about the convergence of observability and security. The truth is at every enterprise that’s happening in different places. With Splunk bringing a pure data platform into the Cisco world, where there is so much data coming from so many different sensors, means that we’re going to be able to turn that into more insights for our shared customers across security and observability.” 

Over the next couple of quarters, the Splunk team will work on making it easier for their customers to manage content, deploy detections and see how detections are performing, Coughlin says. This includes features like recommending playbooks, so that rather than creating a whole new playbook, you can get started with one that can take 80% there toward where you need to be. 

“Splunk has, [for] a long time (and a lot of this has to do with our roots), been un-opinionated about how customers use the technology. We built a foundational investigative technology, response technology, and said, ‘do what you want with it’. You’re going to see us lean into making it super easy for our customers to manage content and making it easy for them to manage detections.” 

Bringing Down The Barriers To Entry In Cybersecurity 

What excites Coughlin most in the cybersecurity space is how AI is bringing down the barriers to entry within the cybersecurity space. 

“I think the long-term promise of AI is that it will bring down the barrier of entry. We can start to bring in more people that don’t have to come from technical or have spent years working for the government trying to bring down bad guys. Just like other departments in the organization, you can bring in a diversity of thought and background into the Security Operations Center, into the security operation.” 

“In some ways it’s scary, because we’ve prided ourselves for years in being the high priests of complexity in the enterprise. We go to the board and say, “I’ve spent years working in security, you couldn’t possibly understand the threats, give me my budget!” But I think the future we’re seeing is that the CISOs that are still playing that game will be struggling, and the ones that are winning are far more open.”