Splunk, a Cisco company, this week at its .conf24 conference announced today added a suite of data management tools that make it easier to share and process data between Splunk Cloud Platform and Splunk Observability Cloud.
In addition, Splunk also unveiled the AI Assistant in Security that makes use of generative artificial intelligence (GenAI) to streamline incident investigations using a natural language interface to provide summaries and recommendations and invoke the Splunk Search Processing Language (SPL).
The data management tools added to the Splunk portfolio promise to make it possible for IT organizations to preprocess via a single pipeline to provide a consistent level of visibility across multiple DevOps, security and IT service management (ITSM) workflows. Specifically, Splunk has added Pipeline Builders based on its SPL2 data search and processing language to filter, mask, transform and enrich their data along with an Ingest Processor service to convert logs to metrics and route them to Splunk Observability Cloud, Splunk Cloud Platform or the Amazon S3 service. There is also now an Edge Processor that IT teams can alternatively deploy themselves to provide more control over how data is processed and routed.
Finally, Splunk committed to previewing a Federated Analytics service this summer to analyze data residing in Splunk and external data lakes, starting with Amazon Security Lake.
Tom Casey, senior vice and general manager for product and technology said there is a direct correlation between improving visibility and observability in collaboration with Cisco and reducing downtime. A study published today by Splunk, in collaboration with Oxford Economics, finds that 74% of 1,400 technology executives surveyed experienced delayed time-to-market, while 64% experienced stagnant developer productivity, as a result of downtime. A total of 44% of downtime incidents stemmed from application or infrastructure issues such as software failures, compared to 56% resulting from security incidents such as phishing attacks. In addition, 41% admit customers are often or always the first to detect downtime.
Overall, the report estimates downtime costs global 2000 companies $400 billion annually, including lost revenue at $49 million, regulatory fines that average $22 million per year, ransomware and extortion payouts at $19 million annually and service level agreement (SLA) penalties at $16 million. It can take 75 days for a global 2000 company to recover that revenue, the report noted.
The report also finds that the top 10% of organizations that are more resilient than others in the study have, on average, spent $12 million more on cybersecurity tools and $2.4 million more on observability tools. Overall, resilience leaders’ mean time to recover (MTTR) from application or infrastructure-related downtime is 28% faster than the other organizations and 23% faster from cybersecurity-related incidents. Overall, resilience leaders lessen revenue losses by $17M by reducing the financial impact of regulatory fines by $10 million and ransomware payouts by $7 million.
Probability of Incidents May Increase
It’s not clear what impact artificial intelligence (AI) may have on lowering the costs of IT incidents. However, in the months and years ahead the one certain thing is that as the pace as more applications are deployed the probability there will be more incidents only increases. While advanced AI should make it simpler for IT organizations to successfully enable more applications at scale, the overall application environment is going to be that much more complex as the number of dependencies between applications and services only increases.
