• Like
  • Save

SplunkLive! Customer Presentation - ExxonMobil

  • 231 views
Uploaded on

SplunkLive! Customer Presentation - ExxonMobil

SplunkLive! Customer Presentation - ExxonMobil

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
231
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Long Walks
    Father of Splunk @ XOM
  • If not,

    Detecting, alerting, remediating threats
    Investigations

Transcript

  • 1. Copyright © 2014 Splunk Inc. July 15th, 2014 ExxonMobil Splunk Razi Asaduddin Cyber Security Advisor & Splunk Shared Service Team Lead July 15th, 2014
  • 2. 2 About ExxonMobil Corp 2 • Pretty Big - Fortune 1-ish  • ~50 Countries • 80,000 Employees • $32.5bn in earnings in 2013 • 2M Barrels per day • 11.8bn cubic feet of natural gas
  • 3. 3 About Me – Razi Asaduddin Cyber Security Technical Advisor – Monitoring, Process Design, Incident Handling, Threat Assessment, Malware Reverse Engineering, Digital Forensics Splunk Shared Service Team Lead – Designed, Architected, Implemented, Coded, and Administered Global Splunk Instance – Responsible for Splunk service and strategy – In-house consulting for prospective use cases – Evangelizing, PoCs, modeling, and tool rationalization Two-year Splunker and 2013 Revolution Award nominee • Contact: Razi.asaduddin@gmail.com
  • 4. 4 Agenda Why Splunk? How we use Splunk How we have evolved Best practices Future
  • 5. 5 Why Splunk? Extensibility Speed Late-binding Schema Scalability
  • 6. 6 Why Splunk?
  • 7. 7 Before Splunk Manual data Lag Time Visibility Silos Data knowledge
  • 8. 8 How We Use Splunk Cyber Security Network Performance Application Performance Capacity PlanningCall Quality Misconfiguration Linux Administration
  • 9. 9 How We Use Splunk – Cyber Security • Investigation and Incident Response • Complex Correlation • Proactive Alerting • Auto-remediation 
  • 10. 10 How We Use Splunk – Performance • Reduce Data to: – OS + Application + Server + DB + Network + Endpoint Performance • 10,000 foot view & 1-foot view • Pivot
  • 11. 11 Thought Process Gather Correlate Enrich Visualize Alert Action
  • 12. 12 Evolution One-dimensional Multi-dimensional Pivoting Visualizing & Base-lining
  • 13. 13 Best Practices Ask simple questions and build up Double-check raw data What data do we not have? Splunk it! Build a Splunk network Alert on it or automate it Policing
  • 14. 14 Policing I’ll just run this at midnight when no one else does 
  • 15. 15 Policing CPU & Memory Performance Number of searches Errors Long searches Wall of Shame
  • 16. 16 Fun Stuff Longest running search – 96 hrs Longest search text – 80 lines Magical Midnight – pitfall Wall of Shame –  Splunk in life
  • 17. 17 Future More Visualization - Turn raw events into this:
  • 18. 18 Future Then reduce:
  • 19. 19 Questions? Happy -ing!
  • 20. Thank You