Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

SplunkLive! Customer Presentation - ExxonMobil

395
views

Published on

SplunkLive! Customer Presentation - ExxonMobil

SplunkLive! Customer Presentation - ExxonMobil

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
395
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Long Walks
    Father of Splunk @ XOM
  • If not,

    Detecting, alerting, remediating threats
    Investigations
  • Transcript

    • 1. Copyright © 2014 Splunk Inc. July 15th, 2014 ExxonMobil Splunk Razi Asaduddin Cyber Security Advisor & Splunk Shared Service Team Lead July 15th, 2014
    • 2. 2 About ExxonMobil Corp 2 • Pretty Big - Fortune 1-ish  • ~50 Countries • 80,000 Employees • $32.5bn in earnings in 2013 • 2M Barrels per day • 11.8bn cubic feet of natural gas
    • 3. 3 About Me – Razi Asaduddin Cyber Security Technical Advisor – Monitoring, Process Design, Incident Handling, Threat Assessment, Malware Reverse Engineering, Digital Forensics Splunk Shared Service Team Lead – Designed, Architected, Implemented, Coded, and Administered Global Splunk Instance – Responsible for Splunk service and strategy – In-house consulting for prospective use cases – Evangelizing, PoCs, modeling, and tool rationalization Two-year Splunker and 2013 Revolution Award nominee • Contact: Razi.asaduddin@gmail.com
    • 4. 4 Agenda Why Splunk? How we use Splunk How we have evolved Best practices Future
    • 5. 5 Why Splunk? Extensibility Speed Late-binding Schema Scalability
    • 6. 6 Why Splunk?
    • 7. 7 Before Splunk Manual data Lag Time Visibility Silos Data knowledge
    • 8. 8 How We Use Splunk Cyber Security Network Performance Application Performance Capacity PlanningCall Quality Misconfiguration Linux Administration
    • 9. 9 How We Use Splunk – Cyber Security • Investigation and Incident Response • Complex Correlation • Proactive Alerting • Auto-remediation 
    • 10. 10 How We Use Splunk – Performance • Reduce Data to: – OS + Application + Server + DB + Network + Endpoint Performance • 10,000 foot view & 1-foot view • Pivot
    • 11. 11 Thought Process Gather Correlate Enrich Visualize Alert Action
    • 12. 12 Evolution One-dimensional Multi-dimensional Pivoting Visualizing & Base-lining
    • 13. 13 Best Practices Ask simple questions and build up Double-check raw data What data do we not have? Splunk it! Build a Splunk network Alert on it or automate it Policing
    • 14. 14 Policing I’ll just run this at midnight when no one else does 
    • 15. 15 Policing CPU & Memory Performance Number of searches Errors Long searches Wall of Shame
    • 16. 16 Fun Stuff Longest running search – 96 hrs Longest search text – 80 lines Magical Midnight – pitfall Wall of Shame –  Splunk in life
    • 17. 17 Future More Visualization - Turn raw events into this:
    • 18. 18 Future Then reduce:
    • 19. 19 Questions? Happy -ing!
    • 20. Thank You