Phantom's expertise is in the security orchestration, automation and response (SOAR) space, which aims to automate tasks associated with monitoring and responding to security threats.
Splunk said it plans to integrate Phantom's security automation and orchestration platform into its security operations center (SOC) platform to help clients "accelerate incident response while addressing the skills shortage," according to the company's press release.
"Phantom's employees and technology significantly expand and strengthen Splunk's vision for the security nerve center and for business revolution through IT," said Splunk CEO and president Doug Merritt. "Splunk is committed to continuously pushing the limits of technology to help our customers get the answers they need from their data."
Ultimately Splunk is eying automation beyond incident response. The company cited recent data from Gartner that predicts 40 percent large enterprises will combine big data and machine learning functionality to support and partially replace monitoring, service desk and automation process tasks, up from five percent today.
Organizationally, Phantom founder and CEO Oliver Friedrichs will join Splunk in its security markets division, reporting to SVP Haiyan Song.
"Sourabh Satish and I founded Phantom to give SOC analysts a powerful advantage over their adversaries, a way to automatically and quickly resolve threats," Friedrichs said in a statement.
"Combining SOAR with the industry's leading big data platform is a revolutionary advance for security and IT teams and will further cut down the time it takes them to eliminate threats and keep the business running."
Splunk's last acquisition in the security space was in October when it scooped up SignalSense, makers of breach detection and data collection tools. SignalSense, based in Seattle, was folded into Splunk's product group. Around the same time Splunk also announced its acquisition of certain technology and intellectual property assets from smaller rival Rocana.