I really enjoy it when my kids come home from school and tell me how a friend asked what I do for work. The answers have always been something like, “My Dad fixes computers” or “He’s a nerd”. As they got older they began to ask, “Hey Dad, what do you do at work?” To my own detriment, I never really drew them a picture or explained it well, so I said something generic like, “I work in computer security.” That does not really do justice to myself or my employees, but explaining SOC Services, or Social Engineering can get complicated quickly. So in the spirit of the traditional question, “What do you do at work?” I want to give a better answer.
I lead a team of twenty or so engineers focused on Splunk performance on behalf of our customers here at Deepwatch. Specifically, we’re responsible for the care and maintenance of how Splunk environments function. We are actively working to bring additional value from Splunk using our knowledge and expertise, while building new use cases to make Splunk even more effective and efficient, both for ourselves and our customers.
As a team we drive improvement in our own use of Splunk, while working to implement automation, curating our own playbooks, and striving to be more responsive and proactive to our customer’s needs. For example, we are currently working to provide clearer insights to health and performance metrics within their environments.
Splunk Is Here to Stay
As the industry evolves, as the definition of security data changes, we take an active role in supporting that shift. The need to reduce consumption while introducing more and more security sources is a constant struggle. This may seem counterintuitive as everyone wants more data and more visibility, but the avalanche of data and the costs of ingestion demand some careful considerations and deduplication efforts of data sources, DNS being a good example. We help reduce that consumption so that additional sources can be ingested and provide the guardrails needed to manage licensing costs.
While the SIEM space is changing, Splunk remains one of the most widely used, most effective tools in detection and response efforts. Deepwatch will continue to lead the industry in Splunk knowledge and expertise. With the Cisco acquisition, we hope to see new features rolled out through the support of a larger company and ecosystem. The Cisco family has presented some great opportunities to expand Splunk’s capabilities and we are looking forward to it. Splunk isn’t going away, it’s evolving just as we continue to evolve at Deepwatch.
Deepwatch, Splunk, and Cyber Resilience
We drive cyber resilience through our own utilization of best practices from our years of experience and the freedoms we have to innovate at Deepwatch. We drive it through our automation efforts, health and performance monitoring, and our own development efforts.
↑
Share