"On the other side we have the ones just starting out their security journey. Those customers want consulting services, best practices and solutions. That's not to say the high-end teams don't want solutions, but they're going to tweak those solutions."
More specifically: "Customers are asking for user behaviour analytics, insider threat protection. We had a set of customers who want a lot of automation and more around cloud computing and IoT through a security lens."
One of the biggest announcements at .conf2017 was the release of Enterprise Security Content Updates via Splunkbase, a new subscription service that offers pre-packaged security content to Splunk ES customers.
"The idea behind that is we want to provide analytics such that the customers can use that threat intelligence, not just as a report, but make it actionable," Merza said.
Merza gave the example of a typical piece of ransomware: "We know certain domains were being utilised and being generated by a domain algorithm. We know that in order to protect yourself against that type of attack there was a vulnerability that needs to be patched for your operating system, and we know that to ensure the long term assurance of your environment you should have good backups.
"So we know the specific elements and make that threat intel actionable."
Sign up for Computerworld eNewsletters.