Resellers should tap machine learning opportunities, urges security firm

Splunk also pushing for channel to embrace the machine learning market

Splunk is pushing for its VAR and MSP partners to embrace the machine learning market, with such channel partners seeing opportunity in the technology to offer more preventative cyber security measures.

During Splunk's .conf2017 in Washington, D.C. last week, Atif Ghauri, VP of customer success at security firm Herjavec Group, noted that Splunk's technology, including its User Behavior Analytics (UBA) offering, are a key part of Herjavec's business.

"The machine learning algorithms [Splunk uses] in UBA in addition to the machine learning algorithms that are in the core Splunk product are pivotal in our day-to-day operations with our customers," he said.

Today, machine learning is enabling Herjavec to elevate the quality of its escalations. For example, if the firm has to alert a customer about a problem in the middle of the night, customers would prefer to also be informed of a route of action and remediation, Ghauri explained.

He added that with machine learning, and in particular predictive intelligence, can enable computers to generate associated indicators of compromise, notable IP addresses or other related materials to allow for a better quality escalation.

"That means the analyst…can focus more on the manual processes to pull data when we escalate the alert. At the end of the day, from a customer success standpoint, the escalation has more enriched alerting because we're going beyond what can be automated through machine learning," he said.

Further, predictive intelligence allows the MSSP to identify abnormalities and get ahead of them and see if they are a threat or not.

"That's where we want to get to; that's valuable. That's customer success versus ‘thanks for telling me it happened. Now what?' The predictive intelligence is the buzz [phrase] there that would help drive value for our customers," Ghauri said.

"We have to be [ahead] of it - not just aware and able to respond to it. With most of the security breaches you see today… The damage is already done. The hackers already left. The data's already gone. And we as an industry have kind of accepted that that's okay. That's not okay.

"We need to block it, detect it and eliminate it so the data's never lost. It's time to block. It's time to be ahead."

But while the benefits machine learning can have in key areas like security can add appeal to Splunk's technology, it is ultimately the channel that will help Splunk drive more mainstream adoption, according to Ghauri, who said partners are the vendor's "force multiplier".