What’s ahead for Splunk in 2025

Andrew Leonzo - January 2025

2025 is here, and so are the changes to Splunk. 

In 2024, the North American Energy Reliability Corporation (NERC) required registered entities to comply with more than 500 new Critical Infrastructure Protection (CIP) standards. This compelled utility and energy companies to work diligently (and strenuously) to optimize their practices in order to meet these new and often onerous requirements.

It’s no surprise that updates are on deck for the software behemoth. With ever-changing data regulations, increased security scrutiny, transformations in operational technology, and a focus on ROI for tech advancements, Splunk Enterprise users are demanding more for their time, money, and organizations. 

We’ve already covered what to expect in OT security and NERC CIP in 2025. Here’s a brief overview of the changes that happened in late 2024, and what we expect to see from Splunk in the coming year.


AN EYE ON MORE AI. 

With an estimated $154 billion invested last year, Artificial Intelligence made news throughout 2024. More headlines are on the way as customers and investors alike look to separate the help from the hype. 

Splunk is among many organizations seeking to unite AI with ROI through practical applications. Splunk is expected to leverage AI to help SOC and IT teams improve productivity and observability by automating alerts and responses, while helping to detect anomalies and analyze root causes. 

Check out Splunkbase, and you’ll see that Splunk’s AI Assistant for SPL App is already on the scene, translating natural language prompts into SPL queries. This efficiency-forward app reduces query writing time and enhances SPL fluency among users. 

 

SIEM digital resilience (with a boost from Cisco). 

There is also a downside to AI: more–and more virulent–cyber attacks. 

Cybercriminals have begun weaponizing AI, emboldening them to increase the number and sophistication of attacks. 

Cue Arnold Schwarzenegger as the Terminator–or maybe don’t. 

We already know that Splunk can help improve security posture. With the expansion of complex network architectures and vendor relationships, it’s more important than ever to leverage technology and human ingenuity to gain visibility, improve risk forecasting, create digital resilience, and enhance the entire TDIR life cycle. 

Splunk will fight AI fire with fire with its Asset and Risk Intelligence product, which will help companies keep track of their cloud assets and attendant linkages and logs. (No mean feat in today’s dynamic environment.) 

The recently debuted AI Assistant mentioned above not only supports natural language queries about security events rather than creating SPLs. It also summarizes alerts and creates drafts of investigation reports, saving substantial time and effort. 

To evolve with the changing cybersecurity landscape, Splunk has recently updated its Attack Analyzer. Splunk customers now have access to Cisco’s Talos threat intelligence research directly in Splunk apps. This will deliver key intelligence data to optimize SIEM and SOAR for enterprise security.

The takeaway: better predictive ability to move organizations from reactive to proactive in the face of costly, debilitating security threats and disruptions. 

 

Prioritizing regulatory compliance

More cybersecurity threats equals more regulation. In order to stem the tide of cyberattacks, which rose an average of 30% YoY per organization, a number of regulatory initiatives have been implemented worldwide. 

To wit: the Digital Operational Resilience Act (DORA), an EU law that takes effect this month. 

With evolving cybersecurity regulations, Splunk will likely prioritize features to help organizations comply with new standards. This may include AI automation, as discussed above, BI tools that optimize OT, and product changes geared towards actionable insights. With a 33% growth rate for information security (InfoSec) roles, OT and IT professionals need software that can keep pace with their changing needs.

 

SUnsetting legacy systems

All things must come to an end. For Splunk, this includes Rigor and TruSTAR, as well as Splunk Assist.  

The legacy Rigor platform will be replaced by February 28, 2025. Splunk will also be ending support for its legacy TruSTAR system on June 30, 2025. 

The reasons? Splunk is transitioning users to new products to ensure an optimal experience. 

Splunk will officially sunset Splunk Assist, which enables Splunk Enterprise users to attain deployment insights, on January 30, 2025. This change will allow Splunk to further develop its Monitoring Console, which offers similar functionality without an internet connection. This change does not affect Splunk Cloud Platform users. 

The Rigor platform will be replaced by Splunk Synthetic Monitoring, which offers a similar synthetic testing experience in the Splunk Observability Cloud. This best-in-class synthetic monitoring product helps users proactively identify and address performance issues to improve uptime and user journeys, with end-to-end visibility and competitive benchmarking. It also complies with GDPR and SOC 2 and offers higher SLAs.

Splunk Intel Management (TruSTAR) users will transition to Splunk’s integrated Threat Intelligence Management. Splunk Threat Intelligence Management gives SOC analysts normalized risk scores and intelligence context, simplifying security workflows and empowering analysts to investigate and respond to security events and suspicious activity with greater understanding and speed to triage. An integrated service of Enterprise Security, eligible customers can access Splunk Threat Intelligence Management functionality via Mission Control.

 

Streamlining Splunk user experience for better operational technology

Customer demands evolve with technology, with personalization and better user experience leading the charge. In fact, a recent survey indicates that 40% of customer experience leaders plan to make organizational investments on personalization, AI-powered chatbots, and omnichannel communications. 

We expect to see Splunk streamline their interface and improve experiences around Splunkbase and app navigability and use of Splunk's products and features. 

 

New Year, new opportunities.

In 2025, Splunk is expected to focus heavily on integrating AI capabilities, enhancing cybersecurity features, and streamlining its platform with a focus on digital resilience and customer experience. 

Arcus will be there for customers every step of the way with products and services that improve operational technology, cybersecurity, analytics, monitoring, leverage metadata, and more. In short, we’re here in 2025 and beyond to make Splunk…Splunk better. 

Reach out to see how we can help your organization.