• Save
SplunkLive! Customer Presentation - ExxonMobil
 

Like this? Share it with your network

Share

SplunkLive! Customer Presentation - ExxonMobil

on

  • 270 views

SplunkLive! Customer Presentation - ExxonMobil

SplunkLive! Customer Presentation - ExxonMobil

Statistics

Views

Total Views
270
Views on SlideShare
265
Embed Views
5

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 5

http://www.slideee.com 3
https://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Long Walks <br /> Father of Splunk @ XOM
  • If not, <br /> <br /> Detecting, alerting, remediating threats <br /> Investigations <br />

SplunkLive! Customer Presentation - ExxonMobil Presentation Transcript

  • 1. Copyright © 2014 Splunk Inc. July 15th, 2014 ExxonMobil Splunk Razi Asaduddin Cyber Security Advisor & Splunk Shared Service Team Lead July 15th, 2014
  • 2. 2 About ExxonMobil Corp 2 • Pretty Big - Fortune 1-ish  • ~50 Countries • 80,000 Employees • $32.5bn in earnings in 2013 • 2M Barrels per day • 11.8bn cubic feet of natural gas
  • 3. 3 About Me – Razi Asaduddin Cyber Security Technical Advisor – Monitoring, Process Design, Incident Handling, Threat Assessment, Malware Reverse Engineering, Digital Forensics Splunk Shared Service Team Lead – Designed, Architected, Implemented, Coded, and Administered Global Splunk Instance – Responsible for Splunk service and strategy – In-house consulting for prospective use cases – Evangelizing, PoCs, modeling, and tool rationalization Two-year Splunker and 2013 Revolution Award nominee • Contact: Razi.asaduddin@gmail.com
  • 4. 4 Agenda Why Splunk? How we use Splunk How we have evolved Best practices Future
  • 5. 5 Why Splunk? Extensibility Speed Late-binding Schema Scalability
  • 6. 6 Why Splunk?
  • 7. 7 Before Splunk Manual data Lag Time Visibility Silos Data knowledge
  • 8. 8 How We Use Splunk Cyber Security Network Performance Application Performance Capacity PlanningCall Quality Misconfiguration Linux Administration
  • 9. 9 How We Use Splunk – Cyber Security • Investigation and Incident Response • Complex Correlation • Proactive Alerting • Auto-remediation 
  • 10. 10 How We Use Splunk – Performance • Reduce Data to: – OS + Application + Server + DB + Network + Endpoint Performance • 10,000 foot view & 1-foot view • Pivot
  • 11. 11 Thought Process Gather Correlate Enrich Visualize Alert Action
  • 12. 12 Evolution One-dimensional Multi-dimensional Pivoting Visualizing & Base-lining
  • 13. 13 Best Practices Ask simple questions and build up Double-check raw data What data do we not have? Splunk it! Build a Splunk network Alert on it or automate it Policing
  • 14. 14 Policing I’ll just run this at midnight when no one else does 
  • 15. 15 Policing CPU & Memory Performance Number of searches Errors Long searches Wall of Shame
  • 16. 16 Fun Stuff Longest running search – 96 hrs Longest search text – 80 lines Magical Midnight – pitfall Wall of Shame –  Splunk in life
  • 17. 17 Future More Visualization - Turn raw events into this:
  • 18. 18 Future Then reduce:
  • 19. 19 Questions? Happy -ing!
  • 20. Thank You