In the hybrid-cloud hybrid-work era, organizations need real-time insights and visibility, especially when security is becoming an “AI-vs-AI” race.

In the hybrid-cloud hybrid-work era, traditional perimeter protection is no longer sufficient.

And here’s where observability and platformization come in.

Organizations need solutions that can consolidate data across teams, providing real-time insights during outages and helping to direct the right teams to rectify issues before customers are impacted.

At Splunk’s .conf 2024, CybersecAsia spoke to Jason Lee, Global CISO, Splunk, who shared some key security trends he observed globally:

  • Consolidation: Vendors are still marketing security products separately – physical or digital. “At some point soon, somebody is going to see the need to combine both,” said Lee.
  • Platformization: To meet this challenge of complexity, platformization is seen as the solution. Lee said: “We’re starting to see consolidation now to develop security platforms for unified threat detection and response.”
  • Hybrid cloud: “With lots of points to manage and secure out there, as well as many more on-prem, consolidation is the answer.”
  • AI: Human-in-the-loop AI is the answer to the ‘AI vs AI’ arms race in cybersecurity. As “we’re still in the early days of AI”, Lee explained that organizations cannot leave too much to AI.
  • Human error: “Outside of AI, the vulnerabilities and targets of attacks we’re seeing are largely human error,” Lee commented.

Simon Davies, SVP and General Manager, APAC, Splunk, concurred: “Business leaders in the hybrid-cloud, hybrid-workplace era in Asia Pacific see increasing complexity of the environment. There’s a lot of conversation around AI, both from cyber-attack and internal capability perspectives. Also, critical infrastructure legislation is driving a lot of conversations.”

Observability & AI

With regards to AI, Davies commented: “CISOs in the region are very aware and taking into consideration AI-enhanced attacks. But our recent findings show that 65% of security professionals don’t really understand GenAI, while 45% of security leaders believe AI is giving criminals the edge.”

“All the best practices in cybersecurity need to be applied in AI too,“ he added. “For CISOs, digital resilience shapes their world. Complexity makes it more difficult to deliver outcomes.”

Cloud analytics and machine learning are key to innovations in observability. Developer teams with secure and fast access to data can create amazing features faster, leading to better customer engagement, operational productivity and revenue opportunities.

Patrick Lin, SVP and General Manager, Observability, Splunk, explained: “Observability is not a technology, but a set of tools and practices. The term became a lot more popular when cloud infrastructure and appdev became more pervasive, especially with the introduction of containers and microservices. The complexity, rate of change and volume of data require a different approach.”

While still a form of infrastructure management, observability provides a different way of managing, processing and analyzing data. “It’s more useful to think about cybersecurity and infrastructure management as two sides of the same coin,” said Lin. “It all boils down to resilience, or what some experts refer to as DevSecOps.”

Splunk ES 8.0, for example, combines capabilities that were previously separate, bringing together functionalities such as observability and AI, while ensuring they work well together on a unified data platform.

Consolidation & platformization

In the increasingly complex hybrid-cloud hybrid-work environment, consolidation of tools help ensure experts and other resources are not adversely affected or wasted due to downtime.

“Security teams in SOCs deploy an average of 26 different cybersecurity tools,” said Splunk’s Global CISO Lee. That’s why consolidation via platformization is considered the answer.

Referring to Cisco’s recent acquisition of Splunk with regards to consolidation, Davies said: “Cisco’s strength in on-prem APM and Splunk’s strength in microservices and containers (Kubernetes) offer a combination that is super powerful!”

How Asia organizations do it

Singapore Airlines, the national carrier of Singapore, needed continuous high service availability across its complex systems to support its digital transformation efforts and continuously improve passenger experience.

With full-stack observability from Splunk, Singapore Airlines can now find and fix issues faster — maximizing service uptime, optimizing customer experience and keeping the brand’s reputation sky-high. With Splunk, they’ve seen more than 75% faster issue detection and 90% fewer backend issues.

135 million Indonesians use DANA’s digital payment platform, making it one of the largest e-wallet providers in the country. DANA had a restricted view across its hybrid infrastructure and application layers that critically hindered visibility. They turned to Splunk as they needed a solution that captures and monitors all data across all dimensions and domains of their technology environment. 

Splunk Observability Cloud gives DANA full-fidelity observability that powers its platform, accelerates recovery and minimise downtime for customers. By saying goodbye to siloes, DANA is now able to make smarter decisions and stay ahead of digital trends.