SplunkLive! Customer Presentation--ServiceNow

Like this? Share it with your network

Share

SplunkLive! Customer Presentation--ServiceNow

  • 827 views
Uploaded on

SplunkLive! San Diego presentation from Justin Dolly, CISO, ServiceNow

SplunkLive! San Diego presentation from Justin Dolly, CISO, ServiceNow

More in: Software
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
827
On Slideshare
808
From Embeds
19
Number of Embeds
3

Actions

Shares
Downloads
10
Comments
0
Likes
0

Embeds 19

http://www.slideee.com 9
https://www.linkedin.com 8
http://www.linkedin.com 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Required manual creation of incidents based on Splunk events and alerts
    Excessive time and effort to duplicate information
    Needed incident management capabilities to track workflow through closure.
  • Ability to push Splunk events into ServiceNow as either an incident OR as an incident / event in the latest Eureka release
    Ability to pull in any info from ServiceNow and correlate that with info from any other sources within Splunk
  • New events associated to open incidents; unrelated events that are automatically assigned in error can be split out by the security analyst into separate incidents to be tracked and handled separately

Transcript

  • 1. Copyright © 2014 Splunk Inc. Justin Dolly CISO ServiceNow ServiceNow + Splunk Integration
  • 2. 2 ServiceNow Overview ServiceNow is the enterprise IT cloud company. We transform IT by automating and managing IT across the global enterprise. Organizations deploy our service to create a single system of record for IT and automate manual tasks, standardize processes, and consolidate legacy systems. Using our extensible platform, our customers create custom applications and evolve the IT service model to service domains inside and outside the enterprise Founded in 2004 IPO in June 2012 2300+ customers 2100+ employees 2013= $470m revenue
  • 3. 3 ServiceNow Overview Single system of record for IT Single Cloud Platform Robust Suite of IT Applications Custom Application Development Enterprise Cloud Infrastructure Lights-out, zero-touch automation Powerful Business Intelligence Reporting Accelerate time-to-value
  • 4. 4 My Background and Role Justin Dolly, VP & CISO at ServiceNow Former CISO at VMware Previously held security and technology leadership roles at – Kaiser Permanente, – CNET Networks / CBS Interactive, – Macromedia – Wells Fargo Bank
  • 5. 5 Security Challenges Most Security teams now have budget, staff & tools Having many tools can be cumbersome & inefficient Security teams typically work in a Silo Our Situation, a year ago: Log Analytics and Service Management were disparate systems Need threat identification and event correlation Information is there, but it’s difficult to access Needed to address compliance and audit reporting needs
  • 6. 6 Splunk @ ServiceNow Today Collecting over 400GB/ day and growing Enterprise Security is our SIEM collecting threat intelligence data and providing actionable results ‘Single pane of glass’ view across enterprise for threat identification and event correlation Splunk alerts trigger script actions which push events into ServiceNow via SOAP and XML Events are analyzed by a dedicated Security Operations team
  • 7. 7 Splunk @ ServiceNow Today Syslog Events • Network • Firewall • F5 LTM/ASM • Wireless IDS Syslog Store and Forward Splunk Indexers SplunkES Search Head Splunk Search Head ServiceNow Security Instance Event Console
  • 8. 8 Integration Overview Custom built integration using the Splunk REST APIs and ServiceNow APIs Splunk is periodically queried for security related events Script actions push event data into ServiceNow instance events table Business rules extract unique identifiers from the events table for de- duplication and correlation Security analyst reviews events in the ServiceNow console and elevates events to incidents for investigation New event data received is automatically associated to open incidents Open incidents drive response activities and workflow across the organization
  • 9. 9 What’s Next We continue to grow quickly Big Data analytics also grows in importance Leveraging the new Splunk integration with ServiceNow Event Management Console (newly released in Eureka) Integration with ServiceNow Threat Intelligence Portal
  • 10. 10 Top Takeaways Embrace the mind-shift in Security – Re-think the relationship between your systems, processes, and people – The traditional tools won’t save you Technology when done right is extremely liberating – Applying threat intelligence and real-time analytics makes response activity faster & more accurate The only metric that matters is how quickly you respond to a security event – Don’t chase the information, let it come to you