Splunk + Phantom: Turning Security Data into Answers and Action

I am delighted to announce that as of today, Phantom is officially joining the Splunk team. Along with 100 other Phantom employees, our mission with Splunk is now one in the same: to make machine data accessible, usable, and valuable to everyone.

Combining Phantom’s Security Orchestration, Automation, and Response (SOAR) technology with Splunk’s industry-leading big data analytics platform represents a significant advancement for security and IT customers who are looking to eliminate threats faster and keep their business ahead of the threat landscape.

Joining me today for a sit-down chat is Haiyan Song, senior vice president and general manager of Security Markets at Splunk.




Oliver: Haiyan, thanks for joining me today. On behalf of the entire team at Phantom, we are so excited to be joining Splunk. I personally am thrilled to join your leadership team and can’t wait to see what we do together.

Haiyan: Thank you, Oliver. I’m thrilled that we have the opportunity to combine Splunk’s platform for machine data with Phantom’s SOAR technology to help our customers advance their cyber defense and find threats faster. Our technologies are a natural match.


Oliver: Now that we’re officially working together, what are you most excited about?

Haiyan: Great question, Oliver. Splunk and Phantom are both companies that value community. Over the years, Splunk has become the “Nerve Center” for Security Operations Centers- with that, we’ve built extensive networks for partners and customers who are passionate about using Splunk in tandem with Phantom and other technologies. Even though Phantom is a young company, Phantom has also built a fanatical base of customers and partners who rely on SOAR technology to help orchestrate, automate and respond to security incidents. I’m excited about our like-minded approach to community and am looking forward to rolling out solutions to our customers, whether they be members of SplunkTrust or new Phantom customers.


Oliver: As a new Splunk employee, I’m personally interested in this next question- what does the first 90 days look like?

Haiyan: Over the next 90 days, we’ll be helping Phantom’s employees settle in and introducing the team to Splunk’s five key values. At Splunk, we are innovative, passionate, open, disruptive and fun. I know these are all values that Phantom embraces as part of its culture, so the adjustment period should be easy as we welcome the team to the Splunk family.


Oliver: That’s great to hear. Our company cultures are absolutely like-minded in those regards. This acquisition is a big deal to our employees, but it’s a big deal to our customers as well. What are Splunk’s long-term goals of the acquisition?

Haiyan: Great question. Splunk has more than 15,000 customers in over 110 countries worldwide. Our security business is growing rapidly and our acquisition of Phantom will only contribute to our long-term growth. This acquisition will expand and strengthen Splunk’s realization of our vision for the security nerve center and for business revolution through IT.

As Splunk’s SIEM technology continues to evolve with new features, we’ll be looking into integrating Phantom’s SOAR technology within Splunk solutions to help our customers quickly and confidently orchestrate, automate and respond to security threats faster than ever.


Oliver: Although Splunk and Phantom are now one in the same, we’ve been long-time partners, as Phantom is a member of Splunk’s Adaptive Response Initiative. How does this impact the Adaptive Response initiative?

Haiyan: Splunk’s Adaptive Response initiative was built to help organizations better analyze, assess and respond to advanced attacks across the security ecosystem. Today, nearly 40 security vendors are members of our Adaptive Response community. You can probably tell by the number of partners in Adaptive Response, but Splunk has adopted a neutral approach to security- our acquisition of Phantom will only expand our engagement with other Adaptive Response partners. We will continue to work with all of our Adaptive Response partners, including other SOAR vendors, as we enable customers to analyze and correlate a wide range of data across their multi-vendor environments. A multi-vendor environment is required to gain end-to-end threat visibility, and Phantom is a big part of that equation.


Oliver:  I know first-hand how important partners are to Splunk, so that’s great to hear. Last question. Now that Splunk has acquired Phantom, what benefits can Splunk customers expect to see?

Haiyan: I love talking about our customers! We expect that both Splunk and Phantom customers will quickly realize many benefits of combining SIEM and SOAR. For brevity, I’ll give you three. First and foremost, Splunk and Phantom will help customers work smarter by fully embracing an analytics-driven approach to security. Second, our customers will be able to use Splunk and Phantom to help automate their SOC, which accelerates incident response. Lastly, we will help customers improve efficiency through reduced organizational risk. Essentially, we will help SOCs run smarter and faster than ever before.


Oliver: Outstanding. Thanks again, Haiyan, for the time. I for one can’t wait to get started, and I can’t wait to show our customers what Splunk and Phantom can do at RSA this year.

Haiyan: Likewise, Oliver. Thank you and welcome to the Splunk team!


Next Steps

Haiyan also had the opportunity to ask similar questions to Oliver. Read about his perspective on the Splunk Blog.


Haiyan Song, SVP Security Markets, Splunk
Haiyan Song has been with Splunk since 2014 and currently serves as our Senior Vice President, Security Markets. From 2012 to 2014, Ms. Song served as Vice President and General Manager of HP ArcSight, a security and compliance management company previously acquired by Hewlett-Packard Company. From 2005 to 2012, she served as Vice President of Engineering at ArcSight. Ms. Song previously served as Vice President of Engineering at SenSage, an event data warehousing company, from 2004 to 2005. She started her career at IBM/Informix, a database software company. Ms. Song is one of the thought leaders of the cyber security industry in the US. She is named Top 50 most powerful women in Technology in 2016 and 2017. Ms. Song holds a M.S. from Florida Atlantic University and studied Computer Science in Tsinghua University in China. 

Oliver Friedrichs, CEO and Founder, Phantom
With a remarkable record in building three successful enterprise security companies over the past two decades, Friedrichs served as the CEO of Phantom since 2014. Prior to Phantom, Friedrichs founded Immunet, acquired by Sourcefire in 2010 and a key component to Cisco’s $2.7b acquisition of Sourcefire in 2013; now thriving as Cisco’s Advanced Malware Protection (AMP) business. Friedrichs co-founded SecurityFocus (Bugtraq) and led DeepSight, the world’s first Internet early warning system, acquired by Symantec in 2002, and a recognized leader in security intelligence to this day. He also co-founded Secure Networks and led Ballista (CyberCop), one of the industry’s first vulnerability management solutions, acquired by McAfee in 1998. Friedrichs architected and developed a prototype of the first commercial