Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Splunk today announced it plans to acquire security software company TruStar for an undisclosed amount. The acquisition will add TruStar’s cloud-native, cyber intelligence-sharing capabilities and automated processes to Splunk’s growing cybersecurity portfolio.

“TruStar will help us get even better at predictive threat assessments by strengthening our threat intelligence framework. This acquisition will allow customers to autonomously and seamlessly enrich their (security operation center) workflows with threat intelligence data feeds from heterogeneous sources,” Splunk president and CEO Doug Merritt told VentureBeat in an exclusive interview.

The pending deal is in line with Splunk’s philosophy that “security is a data problem,” he said. The announcement marks a return to M&A activity for Splunk and the massive $1.05 billion deal for SignalFX in 2019. The company also made four cloud-related acquisitions in 2020.

“We have been invested in SIEM (security information and event management) since 2011,” Merritt said. “We help customers with intelligence that identifies threats, focusing especially on insider threats and user behavior analysis to better predict where potential exposure exists.”


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

“What we like about TruStar is that they have the same focus. Like Splunk, TruStar’s platform is data-centric, with an emphasis on integration and automation. Like Splunk, TruStar takes an API-first approach to power an open ecosystem of integrations to deliver normalized intelligence in-workflow and on-demand,” he added.

Turning threat data into actionable intelligence

Founded in 2016, TruStar is also based in San Francisco. At the highest level, the TruStar Intelligence Platform enables SOC analysts to gather and share cybersecurity intelligence generated by automated data collection processes — tapping into internal and third-party threat intelligence sources. If the acquisition goes to plan, those capabilities will be added to Splunk’s Data-to-Everything Platform, according to Splunk. This will let Splunk customers “autonomously and seamlessly enrich their detection and response workflows” with additional threat intelligence, via a cloud-based delivery system.

TruStar users will also gain additional threat data from Splunk commercial threat intelligence integration partners like Intel471, Recorded Future, and Mandiant.

“We founded TruStar to help security teams unlock the signal in their data to accelerate automation and power seamless intelligence sharing while preserving privacy in the cloud,” cofounder and CEO Patrick Coughlin said in a statement. “We’re thrilled to join Splunk. Combining TruStar with Splunk’s leading enterprise data platform will bring security and IT teams to a new level of integration, automation, and resilience.”

Merritt said chief information security officers (CISOs) and other security leaders are taking an increasingly data-centric approach to security.

“At its core, security is a data problem, particularly in today’s hybrid and multicloud era, where enterprises are overwhelmed with a massive amount of data. Normalized, prioritized intelligence is critical to the automation of security operations,” Merritt said.

Splunk this week also announced it has hired Varoon Bhagat as vice president and head of corporate development. Bhagat will oversee the company’s M&A strategy and investment arm, Splunk Ventures, which was launched in 2019. Bhagat was most recently an M&A strategist with Salesforce, helping execute the acquisitions of companies like Slack and Tableau.

“We are really excited about Varoon. What a phenomenal addition to our team. Salesforce has been so successful with its M&A approach, and Varoon has added immediate value to Splunk already,” Merritt said.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.