Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Splunk User Group Edinburgh - November Event

362 views

Published on

The slides used at our November meet up to cover the topics of IT Service Intelligence and Use Case Development.

Published in: Technology
  • Hello! Who wants to chat with me? Nu photos with me here http://bit.ly/helenswee
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Splunk User Group Edinburgh - November Event

  1. 1. Copyright © 2016 Splunk Inc. Splunk User Group Edinburgh IT Ops / Use Case Dev November 2016
  2. 2. Introduction - Harry McLaren 2 ● Alumnus of Edinburgh Napier ● Security Consultant at ECS – Role: Specialist Splunk Consultant & Enablement Lead – Specialism: Enterprise Security (SIEM) / IT Service Intelligence ● Splunk User Group Edinburgh: Leader / Founder
  3. 3. Introduction - ECS 3 Strategic Splunk Partner - UK – Type: Security / IT Operations / Managed Services – Awards: Splunk Revolution Award & Splunk Partner of the Year 2016
  4. 4. 4
  5. 5. Agenda • Housekeeping: Overview & House Rules • Presentation: IT Operations with IT Service Intelligence • Demo: IT Service Intelligence Demo • Presentation: Use Case Development • Discussion: Business Pain to Organisational Insight 5
  6. 6. Splunk [Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead Technical Discussions ● Sharing Environment ● Build Trust ● No Sales! 6
  7. 7. Use Case Development
  8. 8. What is a Use Case? 9 ● Software & Systems Engineering Definition (via Wikipedia) “A use case is a list of actions or event steps, typically defining the interactions between a role and a system, to achieve a goal.” Roles / Actors System Goals
  9. 9. Use Case Examples Security 10 SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS DETECT UNKNOWN THREATS INCIDENT INVESTIGATIONS & FORENSICS FRAUD DETECTION INSIDER THREAT
  10. 10. Security - Insider Threat 11 ● Roles / Actors – Security Analyst / SOC Manager / CISO ● System Requirements – Real-time monitoring based on event logs from relevant systems. – Abnormal Behaviour detection based on ‘Normal’ baselining. ● Goals – Detect / Alert on Insider Threats within the organisation. – Respond to Insider Threats with as much workflow automation as possible. INSIDER THREAT
  11. 11. Insider Threats using Splunk 12 ● Roles / Actors – Security Analyst / SOC Manager / CISO ● System (Splunk) – Real-time monitoring based on correlation search's of event logs such as Active Directory (AD) and Data Loss Prevention (DLP) software. – Insider Threat detection using Machine Learning models to baseline expected behaviour and alerting on outliers and abnormal behaviour patterns. – Workflow actions via ‘Enterprise Security’ App and the Adaptive Response Framework. ● Goals Achieved – Detection / alerting on Insider Threats within the organisation. – Responding to Insider Threats with workflow automation. INSIDER THREAT
  12. 12. 13 Business Process Analytics Customer Experience Analytics Product Analytics Digital Marketing Use Case Examples Business Analytics
  13. 13. Business Analytics - Customer Experience 14 ● Roles / Actors – Marketing Analyst / Product Owner / Website Manager ● System Requirements – Minimal ingestion of additional system logs / hardware (low cost / fast ROI). – Real-time mapping of customer journey of e-commerce platform. – Allow contextual information to be correlated with event information. ● Goals – Alerting when customer experience is degraded past defined KPIs. – Visual representation of useful information for non-technical users. – Create a single view of e-commerce platform for high level monitoring. Customer Experience Analytics
  14. 14. Customer Experience using Splunk 15 ● Roles / Actors – Marketing Analyst / Product Owner / Website Manager ● System (Splunk) – Leverages existing event logs and requires minimal additional log sources. – Processes event data into wide selection of interactive visual representations. – Pulls contextual information and correlate with event data for greater insight. ● Goals Achieved – Alerting based on time-sensitive KPIs which can self-set dynamically. – Dashboards showing business relevant information about SLAs in RAG. – High level view supporting drill downs and dependencies via Glass Tables. Customer Experience Analytics
  15. 15. Any Questions? 16
  16. 16. Business Pain to Organisational Insight
  17. 17. Discover > Design > Build > Deliver 18
  18. 18. Challenge: How Could You Use This? 19 Transformation & Delivery Data Enrichment & Acceleration Visualisation & Reporting Development Data Collection & On-boarding Collection Configuration & Optimisation Data Segmentation & Normalisation Use Case Discovery & Definition Discovery Workshops / Questionnaires Use Case Specification Document
  19. 19. Any Questions? 20
  20. 20. Updates Announced at .conf 2016 ● Introducing Splunk Enterprise 6.5 - Available Now ‣ Splunk ML Toolkit: Guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms. ‣ Tables: New feature that lets you create and analyse tabular data views without using SPL. ‣ Hadoop Data Roll: Gives you another way to reduce historical data storage costs while keeping full search capability. ● Premium Apps - New Releases: – Splunk Enterprise Security [Minor Release] – Splunk IT Service Intelligence [Major Release] – Splunk User Behaviour Analytics [Major Release] 21
  21. 21. Get Involved! ● Splunk User Group Edinburgh – https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html – https://www.linkedin.com/groups/12013212 ● Splunk’s Slack Group – Register via www.splunk402.com/chat – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu | harrymclaren.co.uk ‣ ECS | enquiries@ecs.co.uk | @ECS_IT | ecs.co.uk 22
  22. 22. Thank You

×