Splunk’s cybersecurity and Security Orchestration, Automation, and Response (SOAR) suite can be combined with NVIDIA Morpheus running on Hewlett Packard Enterprise’s (HPE) Edgeline GPU-accelerated converged edge platform to provide AI-enabled real-time monitoring and remediation of an edge network, all while saving analysts and data scientists time.
At NVIDIA’s GTC Conference on March 23, Vivian Richards, a senior solutions engineer at Splunk, and Jeffrey Winterich, an account chief technologist for HPE’s Department of Defense Team, demonstrated how the solution works and how real-time monitoring can improve machine learning results and save employees time.
“The power behind being able to couple the SOAR, automated security orchestration, automation and response (+AR), with our adaptive response ecosystem, really scales pretty powerfully,” Richards said. “And it actually makes the best use of your analysts’ and your data scientists’ time by reducing the amount of time that they’re doing actions that can be actually remediated by using standard OpenAPI calls and integrations.”
Richards said that Splunk’s SOAR(+AR) can scale to about 50,000 events per hour, or about 1.2 million events per day that are “non-human-in-the-loop, automated remediation actions.”
Just at that 50,000 events per hour, Richards said it would take about 40 or 50 analysts doing roughly one to two events per minute “to even almost scale to that level during a standard work workday.”
“We all know that cybersecurity professionals, cybersecurity analysts, data scientists are not readily available to every single organization to where you can have an entire fleet of analysts that are doing all of these tasks,” Richards said. “So being able to automate those tasks… it really begins to speed up the effectiveness.”
Winterich explained that timing and speed were capabilities that HPE also looked for when designing HPE’s Edgeline GPU-accelerated converged edge platform.
“In the past, cybersecurity operations were very human-intensive,” Winterich said. “And what that led to was you know, hundreds of days… to find that you’ve been hacked and maybe even up to 70 days to remediate.”
“So, the whole point of this was to overcome a vulnerable cybersecurity posture,” he added. “Timing was of importance; can we detect in real-time? Can we take into account throughput and latency constraints? Can we automate remediation some, then take the human out of the loop, right, because cybersecurity professionals are in short supply these days and probably overworked to a certain extent.”
“Bringing Morpheus and Splunk together really kind of hit the nail on the head in a couple different ways,” Winterich said. “On the scale side, and then also prepping the data in a real efficient way, so that Splunk could really do its thing, and really taking you out of that labor-intensive kind of thing.”