Copyright © 2012 Splunk, Inc.Jim Krev, FieldglassSr. Security Manager
About FieldglassVendor Management System (VMS) system provider founded in 1999Helps Global 2000 firms procure and manage t...
About the SpeakerJim KrevResponsible for information security andcompliance requirementsWith Fieldglass for 5 yearsFull ti...
From Logging Only to SIEM ReplacementBeen using Splunk for several yearsRelease of Enterprise Security made Splunk viable ...
Saving Time and Money with SplunkOnly one analystDon’t have time to wait on two menusWith Splunk I can create a search, I ...
Indexing Fieldglass Data (Exact Amount?)Collecting data from physical and logical network:–   Network devices–   Server ev...
Tracking Continuous Improvement for ISO               CertificationTracking vulnerabilities in theinfrastructureNeed to sh...
Building our own App with SplunkInternal Audit App– Proactively monitor passes– Monitors incompletes– Monitors failures– T...
9
AHA!Search on a fragment of an event and find the root causeCorrelate against all networking devices by indexCan see whats...
Extending with Splunk AppsSplunk App forWindowsSplunk on SplunkGoogle Maps forSplunk (IP mapping)Splunk for Symantec      ...
Growing Splunk within ITDaily reports to DBAsGaining momentum by showing Splunk environment in homeinfrastructureShowcasin...
Future• Splunk App for VMware• Building out scalable Splunk  infrastructure• Active directory integration• Using Splunk fo...
ROI           Replaced SIEM with SplunkSaving $30,000/year and an additional resource Saved hours of work to find issues/r...
Thank You!
Upcoming SlideShare
Loading in …5
×

SplunkLive! Chicago April 2013 - Fieldglass

855 views
664 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
855
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Align images to center of text
  • Alerts set for IDS and SQL job failures
  • We index by environment and device type, so I can correlate against all of our networking devices by the indexes, and that’s incredibly cool because I can see if something’s happening in all three networks.
  • Talk here to how splunk can use math/stats to find the outliers/anomalies that may be APTs. These APTS evade detection from traditional security products.Maybe make a note here on how Splunk does what a SIEM can do, plus much more, at a lower cost. And that is just for security use cases. Once you extend Splunk into the non-security use cases, the ROI gets even better
  • SplunkLive! Chicago April 2013 - Fieldglass

    1. 1. Copyright © 2012 Splunk, Inc.Jim Krev, FieldglassSr. Security Manager
    2. 2. About FieldglassVendor Management System (VMS) system provider founded in 1999Helps Global 2000 firms procure and manage the flexible workforce(contingent labor, project-based services, independent contractors)200 customers, including GlaxoSmithKline, Johnson & Johnson,Monsanto, Rio Tinto & Salesforce, use Fieldglass in 78 countries, 14+languagesRanked largest VMS with highest satisfaction rating for past threeconsecutive years, according to Staffing Industry Analysts 2
    3. 3. About the SpeakerJim KrevResponsible for information security andcompliance requirementsWith Fieldglass for 5 yearsFull time in security since 2004Lecturer at DePaul University– Encourages students to use Splunk for OSSEC 3
    4. 4. From Logging Only to SIEM ReplacementBeen using Splunk for several yearsRelease of Enterprise Security made Splunk viable SIEM replacementSIEM was overly complexMade the argument to replace SIEM with Splunk = FTW! “Our SIEM was overly complex and not as easy to use as Splunk” 4
    5. 5. Saving Time and Money with SplunkOnly one analystDon’t have time to wait on two menusWith Splunk I can create a search, I can create a dashboard from that, Ican schedule a reportDont waste a lot of time going back and forth between screens trying tofigure out how to produce a report “One person can do the job of two with Splunk.” 5
    6. 6. Indexing Fieldglass Data (Exact Amount?)Collecting data from physical and logical network:– Network devices– Server events– Application logs– Anti-virus– Vulnerability scanning events– IDS events from firewalls– Custom csv– Nmap scans– We have built apps and created some cool looking dashboards  Nessus and Nmap dashboard that correlates inventory  Virus statistics over systems and time 6
    7. 7. Tracking Continuous Improvement for ISO CertificationTracking vulnerabilities in theinfrastructureNeed to showcase continuousimprovement for ISO certificationSenior Management looks atdashboard 7
    8. 8. Building our own App with SplunkInternal Audit App– Proactively monitor passes– Monitors incompletes– Monitors failures– Tracks control area and owner– Shows how we did on internal Audit 8
    9. 9. 9
    10. 10. AHA!Search on a fragment of an event and find the root causeCorrelate against all networking devices by indexCan see whats happening in all three networksThe ability to get down to the raw event “Splunk is very addicting…once you start playing around with it, it’s hard to shake.” 10
    11. 11. Extending with Splunk AppsSplunk App forWindowsSplunk on SplunkGoogle Maps forSplunk (IP mapping)Splunk for Symantec 11
    12. 12. Growing Splunk within ITDaily reports to DBAsGaining momentum by showing Splunk environment in homeinfrastructureShowcasing internally as to how easy it is to correlate data in Splunk 12
    13. 13. Future• Splunk App for VMware• Building out scalable Splunk infrastructure• Active directory integration• Using Splunk for advanced persistent threats detection 13
    14. 14. ROI Replaced SIEM with SplunkSaving $30,000/year and an additional resource Saved hours of work to find issues/resolution Easy to show continuous improvement for ISO Quickly identify patches 14
    15. 15. Thank You!

    ×