Splunk’s purpose is to build a safer and more resilient digital world. This year, it was acquired by Cisco to help customers continue to build resilience across their entire digital footprint. With 7,500 employees worldwide, Splunk is a cybersecurity and observability leader. Tom Casey, Senior VP, Splunk Products & Technology Group, spoke to Intelligent CXO about what leaders should be asking themselves about their business and cybersecurity currently. He also spoke about the most concerning aspects of cybersecurity and which product innovation he is most excited about.
Can you tell me more about your role at Splunk and what your day-to-day looks like?
Since joining Splunk two years ago, I’ve led our product and technology strategy, focusing on developing and delivering Splunk’s security and observability products and platform. Since Cisco’s acquisition, I have also been responsible for Splunk product integrations at Cisco.
One of my current priorities is managing the evolution of Splunk’s unified security and observability platform. For our purposes, Foundational AI and Generative AI are productivity tools, so we’re building and implementing them into our offerings without customers incurring an additional cost. We also work closely across Cisco teams to integrate our tools so customers can leverage data to connect and protect every aspect of their organisations.
Outside of strategy, I spend a lot of time interacting with customers to learn firsthand what challenges they’re facing and how Splunk and Cisco can help alleviate pain points. Listening to customer feedback and meeting them where they’re at with our products will always be a top priority.
What should leaders be asking themselves about their businesses and cybersecurity?
To create an effective cybersecurity strategy, you must first understand your organisation’s unique cybersecurity environment. Doing so will help improve your organisational security posture, which is your company’s overall readiness and preparation level to guard against a cyberattack.
A great way to start is by conducting an audit. Assessing risk by identifying all of your technology assets and assigning a vulnerability level to each, based on its underlying technology and importance to the business, allows you to prioritise the systems most in need of protection. Splunk Security natively integrates the MITRE attack framework standard to aid customers in making these assessments. This is a universally accessible, continuously updated knowledge base /framework for modelling, detecting, preventing and fighting cybersecurity threats based on cybercriminals’ known adversarial behaviours.
Leaders should also always be thinking about how to expand their organisation’s cybersecurity toolkit. For example, what weaknesses are present in the company’s infrastructure that would benefit from introducing a new tool? Are you automating phishing detection and response effectively, given this is a common entry point for attackers? Are you consolidating your tools and data management strategy in the Security Operations Centre (SOC) to make analysts more productive?
With Splunk as part of the Cisco portfolio, we bring together leading network security with the leading SIEM (Security Information and Event Management system) in the market. Already trusted by thousands of the world’s largest enterprises, our security products and partners are ready to help customers mature their security operations.
What’s the most concerning aspect of cybersecurity at the moment?
My top concern is the impact Generative AI will have on cybersecurity. There is significant uncertainty around who benefits most from AI in the cybersecurity landscape. In Splunk’s State of Security 2024 report, we found that 45% of respondents believe adversaries will benefit most from AI, 43% believe defenders will benefit most and 12% believe they will cancel each other out.
We’re already seeing significant shifts in the threat environment. AI is expanding organisations’ attack surface through adversarial attacks, data poisoning and model theft. AI continues to lower the barriers to entry as attackers benefit from AI with deep fake videos and voice generation increasing the risk of social engineering, one of the most common ways organisations are compromised. New challenges also arise from relying on inaccurate LLMs (Large Language Models), which can lead to the wrong decisions being made. All of this creates more headaches for those tasked with keeping organisations secure and operational.
At the same time, we are embedding AI assistants into our products to improve the effectiveness and efficiency of SOC analysts, giving them a productivity boost. We are also working on new ways to help companies secure their various AI implementations and services against these modes of attack to help detect model poisoning, hallucination and model efficacy drift. On balance, AI is similar to any other technology, bringing both risk and opportunity.
How do you promote innovation within your team and keep them motivated?
Despite how quickly the landscape is changing, there’s nothing I would say that’s significantly different about how I approach team management today compared to two or three years ago. New technologies require new learnings and people to figure out how those technologies work, and product development teams like to learn new technologies, apply them to create something new and make a difference in how people live and work.
I encourage my team to have a forward-thinking mindset and revisit old paradigms in light of changing technology and access to new data. I also value diversity in teams. We’ve expanded our global development teams worldwide to create and build products with participation from each of our major theatres around the globe. This expanded talent pool encourages us to look at old problems through a new lens.
Which current product innovation are you most excited about?
One innovation we’re particularly proud of is our Federated Analytics feature. In our State of Observability 2024 report, we found that nearly three-quarters of leaders improved mean time to resolution (MTTR) after combining security and observability workflows. Federated Analytics does just that; it enables customers to analyse data sources across Splunk and certain external data lakes. In the past, if a user wanted to start an investigation for a vulnerability, they would need to call someone to give them access to the data log. With Federated Analytics, users can immediately extend analytics to their data lake without ever leaving Splunk Enterprise Security or the platform. This helps balance the cost of storage and access to data on demand in ways they never could before, without losing the benefits of tools consolidation and the productivity that comes from staying in tools primary to your everyday job.
Looking to the future, we will continue to integrate Splunk and Cisco products. Early into the acquisition, we delivered a unified observability experience between Cisco AppDynamics and Splunk to provide customers with unified visibility across any environment. This was only the first step in our Better Together vision, with many more great updates to come.
How can companies identify which areas to automate?
One of the biggest areas where automation can improve is in closing the cybersecurity skills gap. IT job vacancies in the US reached as high as 750,000 in 2023, according to a report from Cybersecurity Ventures, and it is becoming increasingly difficult to fill these roles. Automation can help expedite more repetitive workloads such as administrative tasks, so security professionals can focus on more strategic work as well as hone their own skills.
Companies looking to leverage automation should start by conducting an organisational audit to identify areas in need of efficiency and cost benefits. While I don’t think we’ll see a fully automated SOC, I do think we’ll continue to see more and more automation incorporated.
What is your approach to AI in terms of cybersecurity?
Navigating AI in cybersecurity is complex, and the landscape is constantly evolving. That said, there are a couple of things I always consider when approaching this area in security. First and foremost is understanding the risks associated with AI to know where the organisation is most vulnerable. This, along with keeping up with industry standards and regulatory requirements, helps set a strong foundation for building digitally resilient cybersecurity systems.
After building that foundation, it’s also important to consider what tactics will help secure the organisation. Developing clear policies and technical controls within organisations helps create a secure environment and prevents attacks before they happen. Feedback loops and continuous monitoring are also critically important to maintaining the security and effectiveness of security systems. Similarly, organisations should consistently reassess and update training models based on new inputs and data.
Can you share more about your career journey so far?
I’ve been working in technology for over 25 years, with a focus on helping scale cloud and enterprise software companies into multi-product platforms. Following the acquisition, my role at Splunk has shifted to include a key role in leading Cisco and Splunk product integrations, with a focus on the net new value that Splunk and Cisco create together. Before I joined Splunk, I served as SVP and GM at DocuSign to lead the products and technology team responsible for the development and operations of the company’s eSignature and Contract Lifecycle Management applications, along with its Agreement Cloud Platform. Prior to that, I spent 16 years at Microsoft in various product and engineering leadership roles.
What trends do you see emerging in your industry?
AI development within organisations is moving toward a more strategic posture rather than a reactive approach. There’s a clear interest in more specific descriptions of what AI can do for organisations, whereas a year ago customers wanted to know about all the different possibilities. Customers are no longer interested in what a tool or platform can do, but rather what it should do.
Outside of AI, I’m noticing a continued focus on data management. More and more, I hear from customers who are overwhelmed with the sheer volume of their data and are looking for solutions to navigate this. I expect more people will begin shifting their posture through a better data management strategy to get more value at less cost. We are squarely focused on helping customers address these challenges and helping them modernise their security and observability practices with Splunk.