Splunk launched a cloud-based security product that combines security analytics, automation, and threat intelligence, investigation, and response capabilities.

Also today, the vendor said it received a $1 billion investment from private-equity firm Silver Lake. The company said it plans to use the investment to fund new growth initiatives and manage its capital structure, including a share-repurchase program of up to $1 billion.

The new Splunk Security Cloud follows its TruStar acquisition, which added cloud-native threat intelligence integration and automation to the vendor’s growing security arsenal.

While Splunk had already begun integrating some of TruStar’s capabilities into its platform, the new product more deeply integrates TruStar’s threat intelligence into Splunk’s security information and event management (SIEM) and security orchestration, automation, and response (SOAR) capabilities, said Jane Wong, VP of product management for security at Splunk.

“Threat intelligence should not be a manual thing where analysts have to go and manually look at IPs, or hashes, or indicators of compromise that might be attached to a SIEM finding,” she said. “That should be automatically integrated across multiple sources of intelligence, so open source, data you might get from ISACs, data that you might have built in-house. Also, you might be buying intelligence feeds from companies like Intel471 or Recorded Future. We’re going to de-dupe noise, and apply that data immediately with deep integration into every SIEM alert, whether it’s complex or simple, and into every response playbook.”

The new threat intelligence automatically collects, prioritizes, and integrates all sources of security data. And this drives faster time to detection, investigation, and response, Wong added. Alerts that used to take 30 minutes, now can take as little as 30 seconds to respond to, according to Splunk.

Splunk also added new machine-learning driven behavioral analytics capabilities to Security Cloud, which are now available in preview. “We see the SIEM and behavioral-analytics markets converging, so pulling those things together into this one platform is a complete revamp of analytics for us,” Wong said. The platform also does risk-based alerting to further help companies streamline response time, she added.

Additionally, as with Splunk’s existing products, the Security Cloud sits on top of customers’ third-party security and threat-intelligence tools to correlate data and detect threats across multi-cloud environments. Splunk currently counts more than 2,500 companies in its partners ecosystem. Plus, its automation ecosystem includes over 300 third-party integrations that support more than 2,000 operations actions, which Wong said allows customers to better correlate data across disparate security tools for increased visibility and more prescriptive detection.

“That’s a really different thing for Splunk — the agnostic piece,” she said. “We don’t own an endpoint for example. Our whole goal is streamlining and making it really easy for SOC [security operations center] analysts to process automation through streamlining things that are too manual and disjointed. Our whole goal is to streamline SOC workflows and help analysts be super productive. That’s our north star.”

This extends to Splunk Security Cloud’s automated response capabilities, too. “Automating the response to some things that you detect that may never need a human interaction, or they may not need a SOC analyst to go look at them because you’re very confident based on the nature of the detection and the intelligence validating it.”