Splunk: "A business can never have too much security"

ITProPortal spoke to Splunk's security markets VP Haiyan Song at Infosecurity Europe 2014 about what's new in the security industry, and what the biggest frustrations are when dealing with security vendors.

We've been talking about this a lot over the last two months. We've been trying to work out exactly what Splunk is going to focus on, and looking at all the different changes in the landscape. People are looking at the vulnerabilities in OpenSSL, the Heartbleed bug and so on and thinking "How can big data help us with this?"

The interest with big data comes from people trying to figure out how to get ahead of the unknown. The biggest challenge is how can you leverage a lot of the technology we've developed – there's the network technology, the deep packet inspection technology, the big data analytics.

But how do you get to the data in a way that's fast and meaningful and that really allows you to respond to the threats? I think that's the biggest challenge. It's not each individual point, it's allowing us to fuse human intelligence together with technology and do this in a unique way.

I think analytics is really the aspect that's going to being a lot of things together. It's going to give us an early warning system so we know what we're looking for, and also give you the historical context so you know what to prevent going into the future.

I think Europe is way ahead of the rest of the world in protecting privacy. Europe has a lot more regulations in place around encryption, in privacy, and not shipping data all around the world.

What frustrates me about the security industry is that there's a lot of market messaging coming out, and it's a little confusing sometimes for the consumers to work out what product does what. It seems like everyone's doing the same. What's frustrating for the vendor is finding new ways to communicate to your customers that this is what the differentiator is.

A lot of the messaging at the high levels I pretty much the same, but for the less tech-savvy users you need to find a new way to demonstrate what's different about your product. There are a lot of buzzwords. This year it's all about security analytics. Last year it was security information management (SIM), but you don't hear that so much this year. That seems to be the way the industry's going. Everyone's like: "We have that too!"

I don't think a business can ever have too much security. I think people have a general tendency to not do 100 per cent what they're asked to do with security. So the more you can raise awareness, the better the policy is going to be implemented. You have to be considerate of the gap between what you ask people to do and what they can do.