The 14-year old big data company Splunk made its name in the IT operations space when founders Erik Swan and Rob Das set out to become the Google of enterprise IT, by ingesting and indexing machine data from logs to make the information searchable. But its current CEO says the vendor is best known for its security solutions - how did it get here?
Speaking at the company's .conf2017 event in Washington DC, Doug Merritt, CEO for two years now, said Splunk is seen as a "security-specific vendor today".
The fact is, Splunk fell into the security analytics business. "We started as an IT ops company, and we stumbled into security," Merritt said.
As the story goes, IT ops people started sharing Splunk with their security colleagues because they saw value in the streams of systems information they were using for anyone that was tasked with spotting potentially malicious activity across the network and various enterprise systems.
"They soon realised if they take that data and augment it with firewall data, for example, I get all of this additional insight," Merritt explained.
This shift towards becoming a security vendor started under Merritt's predecessor, Godfrey Sullivan, who created 'market groups' within the company so that certain divisions could focus on either IT or security. Merritt has since added an IoT market group into the company.
In terms of reputation, Splunk is now best known for its security solutions, which helps analysts spot threats with Splunk dashboards, which crunch through systems data in close to real time.
From a business perspective, it's closer to 50-50 though. Merritt said: "The interesting piece is in any different quarter it is 40-50 percent an IT ops quarters and 40-50 percent security quarters, and there is really no consistency or pattern between one or the other."
That's an interesting admission from the CEO of a company which specialises in pattern recognition for complex data sets.
What next for Splunk Enterprise Security?
Now that Splunk is deeply embedded in the security space, what is it doing to stay ahead of the competition?
Monzy Merza, head of security at Splunk, told Computerworld UK that the cloud is changing the priorities of its enterprise customers the most. "We have many customers who want visibility into the cloud, that's by far the biggest set of evolutionary steps people are taking," he said.
Merza splits Splunk's security customers into two distinct groups, high and low maturity. What these two groups want from Splunk differs slightly.
He explained: "For the ones that have the higher maturity level with security expertise - the federal customers or big financial services organisations - they want a platform because they have skills and competencies within their organisation that want to exert their own capabilities to do more. So that is how we built the platform.
Sign up for Computerworld eNewsletters.