BlueVoyant has launched the BlueVoyant Modern SOC for Splunk® Cloud Platform. The service is designed to make it easier for companies to get the most out of the Splunk Cloud Platform. It includes a range of new services ranging from technical workshops to faster onboarding onto the Splunk Cloud Platform. Thereis also 24/7 managed detection and response (MDR) powered by BlueVoyant’s cloud-based managed security operations centre (SOC).
Milan Patel, Global Head of Managed Security Services at BlueVoyant, said: “Although the consolidation of data into a SIEM has enabled organizations to gain visibility, CISOs continue to struggle with limited resources and budget to effectively manage core security technologies and scale security operations.
“The launch of the BlueVoyant Modern SOC for Splunk Cloud Platform represents a turning point in the relationship; in managing the entire security operations suite for Splunk Cloud Platform customers within the customer’s Splunk Cloud Platform instance, BlueVoyant is the first of Splunk’s partners to apply a true remote Security Operations Center-as-a-Service (SOCaaS) approach to the management of customer data in their environment, instead of wholesale exporting data outside of the customer environment.
“Keeping raw data in the customer’s Splunk Cloud Platform instance while still providing all the benefits of SOCaaS, will allow customers to maintain full control over their data and how it’s accessed.”
What is BlueVoyant delivering?
According to the press release, the Modern SOC for Splunk Cloud Platform key features include:
- Splunk Cloud Platform Accelerator – Security consulting workshops to build use-cases, dashboarding and rapid deployment of Splunk Cloud Platform
- 24/7 Security Monitoring – Alerting, triage, threat indicator enrichment, and investigations
- Splunk Cloud Platform Concierge – In addition to MDR, BlueVoyant’s Splunk Cloud Platform Concierge Engineers provide ongoing maintenance and customization for Splunk Cloud Platform customers to maximize their investment. Through regular reviews with customers, BlueVoyant can help customers with:
- Identifying additional requirements
- The development of additional insights for Splunk Cloud Platform customers
- Changing their Splunk Cloud Platform configuration or recommending other applications or technical add-ons for Splunk Cloud
Enterprise Times: What does this mean?
Anything that helps Splunk administrators improve security is welcome. Splunk already provides a mix of free and paid training on its platform. That includes several security courses ranging from how to detect malware and brute force attacks to its enterprise security tools and SIEM training.
What BlueVoyant is doing is offering its monitoring and concierge services to improve that training. By developing an integrated SOC solution aimed at Splunk, it is taking pressure off the IT Security teams. Many of those teams already struggle with alerts and notifications from multiple systems. To be able to hand that to a third-party managed service makes sense.
As BlueVoyant signs up Splunk users, it will be interesting to see how it uses the data it gathers. There is a benefit to providing a managed service in that you see a much wider and more diverse set of installations. It allows you to spot emerging attacks, especially those aimed at vertical markets. That intelligence can then be used to inform the wider customer base and be proactive in remediating risk.