Splunk’s Ahmed El Saadi Highlights Innovations and Insights at Black Hat MEA 2024

2 weeks ago

What are you spotlighting at Black Hat MEA this year?

This year, we are showcasing the SOC of the future. Specifically, we are highlighting how AI integrates into SOC operations, along with an innovative, fully integrated platform. This platform enables analysts working in SOCs to manage and investigate all aspects of threat detection, incident response, and security investigations from a single, unified interface.

The benefits of this approach are twofold. First, it significantly improves efficiency by eliminating the need to navigate multiple tools. Second, it leverages AI to enhance detection and response times, enabling faster investigations even for users without extensive expertise in security operations.

In addition, we are emphasizing observability, a crucial pillar of our offering. This is particularly important because, when issues arise—such as application downtime—organizations often begin by investigating potential security breaches. If no attack is found, they shift their focus to application performance or infrastructure health. Our solution simplifies this process by providing a unified tool where customers can access all their data in one place. From there, they can investigate security incidents, analyze application performance, or evaluate infrastructure health, all from a centralized data lake.

This integrated approach helps organizations identify and address issues faster, improving both efficiency and responsiveness.

When you mention “SOC of the future,” are you referring to a completely automated SOC, or is there still a need for human oversight?

Our focus is on how technology can enhance the efficiency of analysts. Instead of spending time on repetitive, basic tasks that can be automated, analysts can shift their focus to what truly matters. This is achieved through the use of systems designed to handle these repetitive tasks efficiently, allowing analysts to prioritize critical operations.

The rationale behind this approach is the scarcity of skilled analysts in the market, their high cost, and the ever-expanding attack surface that organizations face. If we don’t address this challenge by, on one hand, investing in training and developing human capital—a critical aspect—and, on the other hand, ensuring that tools are in place to automate operations effectively, we risk falling behind in the fight against cyber threats.

We firmly believe in a balanced approach that combines tools for training and enabling local human talent with advanced automation. Leveraging technologies like AI helps to accelerate and streamline operations, creating a synergy between human expertise and automated processes.

Regarding the threat landscape, what have you observed this year, and what should we watch out for next year?

We are observing a continuous increase in the sophistication of attacks, which is directly correlated with the growing exposure of applications. Let me give you a small example. In today’s world, an organization may operate a single application, but its various functions could be spread across multiple environments. For instance, one function might be hosted on a hyperscaler or cloud provider, while another, such as billing, could be on-premises. Meanwhile, customer data might reside in a completely different location. These represent three distinct areas of exposure, each of which is a potential target for attackers.

Today’s attackers are incredibly sophisticated. They thoroughly analyze their target’s environment, work hours, habits, likes, and dislikes to craft highly targeted and opportunistic attacks. They look for vulnerabilities across multiple entry points. For example, while you may be focusing on one apparent threat, they might be exploiting a different vulnerability elsewhere. This kind of diversion tactic creates significant challenges in monitoring and securing a complex, multi-faceted infrastructure.

The key challenge now is how to effectively monitor these complex environments and counter increasingly advanced threats, such as ransomware and advanced persistent threats (APTs). The focus has shifted to finding solutions that can provide comprehensive coverage and detection capabilities.

In the market today, there is a growing demand for unified platforms. The term “platform” is frequently used by industry leaders, and the integration of AI is also a major focus. Organizations are seeking platforms that can centralize and correlate data, enabling advanced threat detection and investigation powered by AI to respond to threats more effectively.

Don't Miss

Splunk Cloud Now Live on AWS UAE

Splunk, a Cisco Company, today announced the official launch of Splunk’s Cloud

Splunk’s Strategic Vision at GITEX 2024: Enabling Digital Resilience and Cybersecurity in the Middle East

As VP for the MEA region, what drove Splunk’s decision to participate