Powering Security Innovation: Executive Q&A on Splunk Joining AWS Security Hub Extended

To succeed in the AI era, customers need fast, easy access to security solutions that can harness the power of agentic AI and deliver business outcomes. They need seamless access to their data for faster threat detection, simpler incident response, and reduced risk. They need technology vendors to work together and not in silos.

That’s the gap this integration is designed to close. Splunk’s collaboration with Amazon Web Services (AWS) elevates AWS Security findings into native detections within Splunk, surfacing high-priority incidents in near real time and reducing operational friction for security teams. To explore the significance of this collaboration, Kamal Hathi, SVP and GM for Splunk, and Michael Fuller, Director, Security Services, AWS tell us more about the impact of this news.

Why should customers be excited about Security Hub Extended?

Michael Fuller: AWS Security Hub Extended gives customers choice in how they build their security stack but with the simplicity of AWS – one contract and one bill through AWS with Private Pricing eligibility. They have the flexibility of curating their security stack with AWS’ security detection services and best-in-class security solutions.

Security teams struggle with a high volume of data and disconnected alerts. How does Splunk Enterprise Security for AWS Security Hub Extended with findings-based detection help identify the threats that matter most?

Kamal Hathi: Splunk Enterprise Security correlates data from across the customer’s cloud and hybrid environments, including AWS Security Hub Extended findings. These AWS Security Hub findings are elevated as native Splunk findings in near real time, bypassing complex parsing and eliminating the need for additional Splunk detection rules. That correlated, context-rich data flows through Splunk’s industry-leading AI-powered SecOps platform to detect patterns like suspicious IAM activity across AWS and on-premises systems. It prioritizes real threats, reduces burnout, and strengthens an organization's ability to see patterns and disrupt adversaries early. Our collaboration makes it easier for customers to bring these capabilities together.

What outcomes should customers expect when using their AWS solutions with Splunk Enterprise Security for AWS Security Hub Extended?

Kamal Hathi: The ultimate goal of any SOC is to stop an attack before it reaches its objective. When customers use Splunk’s security analytics with AWS Security Hub Extended, they can natively surface AWS Security Hub detections and findings directly into the Splunk’s analyst workflow. As Splunk findings, those detections can be further enriched with additional correlation across data sources, threat intelligence, and AI-driven insights. We’re creating unified visibility and a single source of truth. This turns alerts into the actionable intelligence required to stop threats before they impact the business. It allows analysts to do more than just react; they can predict and intercept an attacker’s next move.

SOC teams must move beyond reactive logging to a proactive defense. Our approach reduces blind spots and saves the team from toggling between disjointed tools. Instead, they can make fast, data-driven calls based on high-fidelity correlation across the enterprise’s entire footprint.

How does this AWS and Splunk collaboration reflect your broader vision for modern security operations?

Michael Fuller: Speed is an advantage for attackers and defenders. AWS Security Hub Extended accelerates enterprise security procurement, deployment, and integration across the entire security stack. It creates a single vendor customer experience without giving up access to best-in-class third-party security solutions.

Kamal Hathi: And that’s where the real transformation begins. Splunk is redefining how organizations turn data into a decisive advantage across the complexities of hybrid and multi-cloud environments. We are working to end the era of fragmented silos and to give security teams a more unified, borderless view of their estate, powered by Splunk’s security analytics with the scale of AWS.

In conclusion, this integration empowers organizations to devote less energy to managing complexity and more to driving innovation and growth. By eliminating fragmented systems, security teams gain greater visibility and control, enabling faster, more confident responses to threats. As a unified and integrated security approach becomes the new standard for modern SOC, organizations can better protect their assets and reputation, regardless of which threats materialize.

As the digital landscape continues to evolve, cyber defenders can embrace this AWS and Splunk collaboration and to create a more proactive and resilient security posture. If you have questions or thoughts on how your SOC can capitalize on this integration, share them in the comments of Kamal’s recent LinkedIn post where he delves into the benefits of this streamlined approach to procurement and unified security.