using splunk&enterprise&to&achieve&it& opera9ons&and ... · splunk use...
TRANSCRIPT
![Page 1: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/1.jpg)
Using Splunk Enterprise to Achieve IT Opera9ons and Business Agility
Jeff D Gill
Linkedin/in/jeffdgill
#splunkconf
![Page 2: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/2.jpg)
Agenda
• About Me and CSC • Splunk Architecture at CSC • Splunk Use Cases • Summary
2
![Page 3: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/3.jpg)
About Me and CSC
• Head of Global SaaS Infrastructure Chief Information Security Officer, CSC • Biography
– Executive / CIO-Advisor, IT Service Excellence, Accenture – Global Offering Lead, ITBM, Accenture – Research Lead, Innovation Management Services, Accenture – Co-founder / President, Executive Business Group – Senior Director, Infrastructure Management Services, Comcast
• Corporation Service Company (CSC) – Since 1899, a worldwide leader for business legal and financial services – Represents hundreds of thousands business entities worldwide including many Fortune 100 – Helping corporations maintain good status, manage annual reports, permits and other
corporate filings 3
![Page 4: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/4.jpg)
Splunk CSC Architecture (2012)
• Splunk Enterprise originally added to monitor application log files and improve service availability
• Data Sources – 275 types of application logs – Mostly Oracle’s WebLogic – Network logs – Syslog – 40+ GB/day average
• Splunk Deployment – One search head – Two indexers – Deployment server makes Splunk management easier
4 4
![Page 5: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/5.jpg)
Splunk CSC Architecture Today (2013)
• 400GB data indexed daily • Five lines of business • 90+ system architectures • 350 possible breach scenarios
Understanding which data is relevant is critical !
User Actions
Security / Intrusion
Connectivity Routing / Switching NTO Spider RSA/RAS & Wireless
Platforms / Apps FireEye Tipping Point BlueCoat Firewalls/VPN BlueCoat
QualSys
Web Logs Custom App Logs / Events Cyber Ark Honeyd
CDR Business Process Monitoring
5
![Page 6: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/6.jpg)
Splunk Use Cases at CSC
• Monitoring – DevOps, Security • Development process support • Agile development: Splunk allows for new features to be
prototyped and provided to the end user while still being in a development team’s backlog
• Decision support: Improving customer experience through technology
• Automation • Visualization and reporting
6
![Page 7: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/7.jpg)
Splunk for CSC DevOps
• Windows: Instant insight into Windows performance metrics • Linux: Proactive monitoring of CSC Linux infrastructure • NAS/SAN: Aggregating, monitoring and analyzing relevant IT data
from CSC storage systems • App and transaction logs: Monitoring webservers performance for
avoiding outages and increased customer satisfaction • Network health visibility (routers, switches firewalls) • Proprietary applications monitoring
7
![Page 8: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/8.jpg)
Security
• Correlation of intrusion prevention, FireEye, and Symantec SEP alerts to detect Zero-hour threats
• Windows AD, Linux internal authentication • Customer facing and SSO authentication • Identification of potential Cross Site Replay Forgery (CSRF) attacks in
customer facing apps
8
![Page 9: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/9.jpg)
• Custom applications to aid the customer service representative to better support our customers
• Splunk enables identification of domain registration trends • With Splunk, CSC can proactively resolve self-service order issues for
our customers
Decision Support System (DSS)
9
![Page 10: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/10.jpg)
DSS Report
10
![Page 11: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/11.jpg)
DSS Continued
11
![Page 12: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/12.jpg)
Automation
• Cisco service – alert remote NOC • FireEye alerts – open ticket via
external scripting • Splunk enables correlation of
potential incidents across multiple systems to accelerate identification and diagnosis of problems
12
![Page 13: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/13.jpg)
Enrichment and Correlation
13
![Page 14: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/14.jpg)
Referencing External Data
• Blackhole list services • Spamhaus • Threat list databases • Splunk protects our reputation by monitoring DNS, spam,
and other threat lists to ensure that CSC is not improperly categorized
• Splunk helps us protect our customers and resources by aggregating data lists and correlating them against logged hosts in various situations
14
![Page 15: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/15.jpg)
Telephony CDR
• Call Detail Records (CDR) allow CSC to make up for shortcomings in Cisco’s call reporting tools
• Gives end user ad-hoc querying capabilities as well as automated reports
• Visualization of inbound calls with Google Maps – future
15
![Page 16: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/16.jpg)
Security Operations Console • Windows Security Operations Console • Symantec Endpoint Protection Reporting • Virus activity reporting – CSC developed
16
![Page 17: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/17.jpg)
Summary
• Splunk Software helps us achieve exceptional customer satisfaction
• With Splunk Software, CSC is able to significantly improve IT operations and business agility
• Splunk Software accelerates incident response by identifying errant events and correlating information that most monitoring systems can’t
• Splunk Software speeds recovery in that the operators can link potential problems and get to the root cause of real problems quickly
17
![Page 18: Using Splunk&Enterprise&to&Achieve&IT& Opera9ons&and ... · Splunk Use Cases at CSC • Monitoring – DevOps, Security • Development process support • Agile development: Splunk](https://reader030.vdocument.in/reader030/viewer/2022041103/5f0227617e708231d402d68e/html5/thumbnails/18.jpg)
Thank you!
• Q&A
18