Splunk being a real-time analytics platform maintains a robust and scalable architecture

Splunk aims to empower IT, DevOps and security teams to transform their organizations with data from any source and on any timescale. Splunk is known throughout the financial services community. For many years now, firms have been deploying Splunk solutions within IT departments and data centers, for IT operations, infrastructure monitoring, DevOps, and event management. Their solutions are also used for fraud detection and prevention, anti-money laundering, sanctions compliance, and insider threat detection. In a chat with VARINDIA, Jyoti Prakash, Regional Sales Director, India & SAARC Countries, Splunk discusses about helping the FSI organizations, the latest cyber threats, modernizing security operations centers and improving infrastructure integrity.

Aiding the FSI organizations  
In this ever changing world, Jyoti feels there is a critical need for FSIs to reimagine existing data analytics strategies to help them manage disruptions by harnessing the power of their data. Data can help organizations improve product innovation, risk management, customer experience and security posture. All this is only possible with the help of a real-time data analytics platform.
He states, “In India, we are working with one of the largest private banks, where we have deployed our cloud services to help them deliver world-class customer experience. Through our cloud and enterprise security solutions, we are enabling them to improve on their operations, cut expenses, and increase agility while maintaining security, expanding their data visibility and stay compliant with industry regulations. Splunk Cloud is also being adopted by Indian insurance companies because of its prescriptive approach with relevant use cases.”

Real-time data analytics and performance monitoring offerings
To uncover the benefits of real-time data in infrastructure monitoring, Splunk observes how this data is collected and processed. It further analyzes the potential of the kind of insights it can provide and the kind of outcomes the organizations can expect.

According to Jyoti, “Splunk platform is a real-time analytics platform with a robust and scalable architecture. It can handle massive volumes of data and fulfill the low-latency requirements that any financial firm demands. It is flexible enough to allow users or developers to ask any question of the data and get an immediate response.”

The latest cyber threats
Splunk’s Threat Hunter Intelligence Report provides actionable insights on the latest cybersecurity threats and trends - helping organizations stay one step ahead of adversaries. The report unveiled the following cyber threats that are affecting the industry:

E-crime is on the rise, outpacing state-sponsored activity to account for more than 80% of interactive intrusions.
Ransomware is deploying malware for financial gains and holding peoples’ data for ransom during a pandemic has been a growing trend.
Phishing continues to be one of the biggest threats affecting the industry. Indian organizations are also faced with increased phishing attacks.

Modernizing security operations centers (SOC)
The Splunk platform is used extensively for security, with deployments in the security operations center (SOC) of organizations. “Splunk’s software covers a broad spectrum of security use cases, from advanced threat detection to orchestration, automation, and response. Splunk provides a platform of security products that allow a firm to conduct a wide range of security activities, from real-time data capture and advanced detection and threat intelligence to orchestration, automation, and response. Splunk products like Enterprise Security and Phantom come armed with hundreds of predefined scenarios that allow a firm to rapidly deploy its SOC and become effective very quickly,” comments Jyoti.

To improve infrastructure integrity
Jyoti  points out, “Splunk acts as the nerve center for security operations and can bring in data from any system and monitor all your systems and operations in real time. It offers a full Security Operations Suite addressing the entire security lifecycle, from threat investigation to monitoring, analysis and orchestration functions. By ingesting both machine data and any type of structured data, anomalous behaviors can easily be detected by identifying correlations between associated data points. Within the FSI organizations, the Security Operations teams are going to take the lead in adopting cloud.”

To conclude
In his concluding words, Jyoti further points out, “The security capabilities are coupled with ‘Content Updates’ within Splunk Enterprise Security (ES) - a set of correlation searches developed by researchers and released monthly to all ES users. Splunk also offers a Security Orchestration, Automation, and Response (SOAR) system called Splunk Phantom that combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate with the existing processes, and tools. As soon as detection occurs, Splunk Phantom automates actions that orchestrate the environment and connect to more than 260 third-party technologies to act in real time. It also handles the orchestration and automation of security events, making sure that critical issues are responded to promptly.”