Copyright © 2014 Splunk Inc.
July 15th, 2014
ExxonMobil Splunk
Razi Asaduddin
Cyber Security Advisor &
Splunk Shared Servi...
2
About ExxonMobil Corp
2
• Pretty Big - Fortune 1-ish 
• ~50 Countries
• 80,000 Employees
• $32.5bn in earnings in 2013
...
3
About Me – Razi Asaduddin
Cyber Security Technical Advisor
– Monitoring, Process Design, Incident Handling, Threat
Asses...
4
Agenda
Why Splunk?
How we use Splunk
How we have evolved
Best practices
Future
5
Why Splunk?
Extensibility
Speed
Late-binding Schema
Scalability
6
Why Splunk?
7
Before Splunk
Manual data
Lag Time
Visibility
Silos
Data knowledge
8
How We Use Splunk
Cyber Security
Network
Performance
Application
Performance
Capacity PlanningCall Quality
Misconfigurat...
9
How We Use Splunk – Cyber Security
• Investigation and Incident Response
• Complex Correlation
• Proactive Alerting
• Au...
10
How We Use Splunk – Performance
• Reduce Data to:
– OS + Application + Server + DB + Network + Endpoint Performance
• 1...
11
Thought Process
Gather Correlate Enrich
Visualize
Alert
Action
12
Evolution
One-dimensional
Multi-dimensional
Pivoting
Visualizing
&
Base-lining
13
Best Practices
Ask simple questions and build up
Double-check raw data
What data do we not have?
Splunk it!
Build a Spl...
14
Policing
I’ll just run this at midnight when no one else does 
15
Policing
CPU & Memory Performance
Number of searches
Errors
Long searches
Wall of Shame
16
Fun Stuff
Longest running search – 96 hrs
Longest search text – 80 lines
Magical Midnight – pitfall
Wall of Shame – 
S...
17
Future
More Visualization - Turn raw events into this:
18
Future
Then reduce:
19
Questions?
Happy -ing!
Thank You
Upcoming SlideShare
Loading in...5
×

SplunkLive! Customer Presentation - ExxonMobil

745

Published on

SplunkLive! Customer Presentation - ExxonMobil

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
745
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Long Walks
    Father of Splunk @ XOM
  • If not,

    Detecting, alerting, remediating threats
    Investigations
  • SplunkLive! Customer Presentation - ExxonMobil

    1. 1. Copyright © 2014 Splunk Inc. July 15th, 2014 ExxonMobil Splunk Razi Asaduddin Cyber Security Advisor & Splunk Shared Service Team Lead July 15th, 2014
    2. 2. 2 About ExxonMobil Corp 2 • Pretty Big - Fortune 1-ish  • ~50 Countries • 80,000 Employees • $32.5bn in earnings in 2013 • 2M Barrels per day • 11.8bn cubic feet of natural gas
    3. 3. 3 About Me – Razi Asaduddin Cyber Security Technical Advisor – Monitoring, Process Design, Incident Handling, Threat Assessment, Malware Reverse Engineering, Digital Forensics Splunk Shared Service Team Lead – Designed, Architected, Implemented, Coded, and Administered Global Splunk Instance – Responsible for Splunk service and strategy – In-house consulting for prospective use cases – Evangelizing, PoCs, modeling, and tool rationalization Two-year Splunker and 2013 Revolution Award nominee • Contact: Razi.asaduddin@gmail.com
    4. 4. 4 Agenda Why Splunk? How we use Splunk How we have evolved Best practices Future
    5. 5. 5 Why Splunk? Extensibility Speed Late-binding Schema Scalability
    6. 6. 6 Why Splunk?
    7. 7. 7 Before Splunk Manual data Lag Time Visibility Silos Data knowledge
    8. 8. 8 How We Use Splunk Cyber Security Network Performance Application Performance Capacity PlanningCall Quality Misconfiguration Linux Administration
    9. 9. 9 How We Use Splunk – Cyber Security • Investigation and Incident Response • Complex Correlation • Proactive Alerting • Auto-remediation 
    10. 10. 10 How We Use Splunk – Performance • Reduce Data to: – OS + Application + Server + DB + Network + Endpoint Performance • 10,000 foot view & 1-foot view • Pivot
    11. 11. 11 Thought Process Gather Correlate Enrich Visualize Alert Action
    12. 12. 12 Evolution One-dimensional Multi-dimensional Pivoting Visualizing & Base-lining
    13. 13. 13 Best Practices Ask simple questions and build up Double-check raw data What data do we not have? Splunk it! Build a Splunk network Alert on it or automate it Policing
    14. 14. 14 Policing I’ll just run this at midnight when no one else does 
    15. 15. 15 Policing CPU & Memory Performance Number of searches Errors Long searches Wall of Shame
    16. 16. 16 Fun Stuff Longest running search – 96 hrs Longest search text – 80 lines Magical Midnight – pitfall Wall of Shame –  Splunk in life
    17. 17. 17 Future More Visualization - Turn raw events into this:
    18. 18. 18 Future Then reduce:
    19. 19. 19 Questions? Happy -ing!
    20. 20. Thank You

    ×