SlideShare a Scribd company logo

Julius Bär's 10+ Year Journey with Splunk

Splunk
Splunk

.conf Go 2023 presentation: "Many roads lead to Rome - this was our journey" Speakers: Bruno Domingos (Julius Bär) Stefan Meier (Julius Bär)

Technology
1 of 10
© 2023 SPLUNK INC. Bruno Domingos Stefan Meier Bank Julius Bär Bank Julius Bär
Many roads lead to Rome - this was our journey Splunk .conf Go Zurich Oct 2023
© 2023 SPLUNK INC. Who are we? Our organization and our your presenters AGENDA Where our journey has started Why we started using Splunk What we have seen along the way Challenges and opportunities we faced by growing with Splunk in the past 10+ years Where we are heading and key takeaways Next steps in the foreseeable future Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 3
© 2023 SPLUNK INC. Who are we? Introducing the speakers and the company Bruno Martins Domingos > Lead Engineer Splunk [Information Technology] > Experienced in working with demanding customers > With the company for 4 years The Company Julius Baer > Engaged in private banking since 1890 > Shares listed on the SIX Swiss Exchange and included in Swiss Leader Index (SLI) > Present in more than 25 countries and over 60 locations > Approx. 7’000 employees > Approx. 23k assets to protect (clients, server, network devices & more) > Hybrid IT setup: on-premises and cloud Julius Baer is the leading Swiss wealth management group with assets under management of CHF 441 billion (June 2023). Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 4 Your Speakers Stefan Meier > Head of Cyber Fusion Center [Information Security] > One of the most demanding customers > With the company for 9 years
© 2023 SPLUNK INC. Our road Some high-level milestones along the way 2016 2018 2014 • Project: Centralised Logging 2012 2020 2023 • Phantom / SOAR Growth in figures ▪ Started with 20 GB license in 2012, today we are on a 6 TB license and 1,5PB of searchable data ▪ Started with 3 indexers and 1 search head. Today’s infrastructure is ongoing a lifecycle and will result in 140 indexers and 20 search heads. ▪ 32 applications and 600 systems where logging to Splunk in 2014. Currently over 250 applications and 20000 systems send their logs to Splunk ▪ ES, UBA and ITSI looked at but never used in production ▪ Splunk Enterprise & SOAR heavily used Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 5 • Large Infrastructure Redesign • ITSI Pilot • ES Pilot • Continuous Assurance Reporting Framework • Baseline Compliance Operationalization • Vulnerability Mgmt Operationalization • SIEM Light • SIEM • IOC Management • Profiling/ML Support for SIEM • Forensics Readiness • SOC Readiness • CMDB & more Integration • ES Re- validated • UBA Concept • Security Essentials for Threat Mgmt • Hunting with Splunk • Alerting readiness • Indexer Cluster • Search Head Cluster 2021 • Smart Store • Automation for configuration deployment
© 2023 SPLUNK INC. Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 6 Splunk as a technology was available, but no clear guidelines as to what logs had to be onboarded yet Drivers What got us started Initial Use-Cases Where we saw the need Collect and store log data centrally Protect log data from being overwritten/deleted/unauthorized access Powerful log analysis & correlation capability for quicker troubleshooting Focus on application logs rather than infrastructure logs > E-Forensics: access to application log data in case of legal cases, fill gaps in existing e-discovery solution > Security Operations Center: monitor data from web proxy, mail gateway, firewall and antivirus solution for malware in dedicated dashboards, first attempts to correlate events based on hostnames > IT Operations: to improve troubleshooting capabilities, not used extensively yet Where our journey has started The years 2012-2014 … kickstarted the SOC which would become the largest internal customer in BJB
© 2023 SPLUNK INC. What we have seen along the way 2014 - 2023 Splunk Enterprise Security Splunk Enterprise SIEM High Availability and Disaster Recovery User Behaviour Analytics Phantom / SOAR Performance Management Continuous Assurance Reporting Powerful framework we would have loved to have in place when we started. You have to have your homework done though, starting from performance management to CIM compliance and its data models related. We chose to build our own SIEM about 8 years ago which is still in place today. This approach allowed for maximum flexibility at the cost of higher engineering and maintenance effort. Visibility / use-case coverage and functionality was rated state-of-the-art by penetration testers, red teams and regulators. Very early on the Indexer infrastructure was setup in a multi site clustered environment to assure continuous data availability. Once the overall usage and requirement justified it, also Search Head clusters were setup in CH in 2018 and APAC in 2020. Interesting approach but we wanted to have a more light-weight solution in place. Thus we created a “UBA light” which was reduced to the minimum and tuned to our individual setup in the bank. The key focus was on lateral movement and privileged access management. Phantom (Splunk SOAR) replaced and enhanced large chunks of our existing, proprietary incident response capabilities. A considerable investment from our end resulted in a few key achievements: faster incident response, standardized case handling & documentation and vendor-supported 3rd party interfaces for incident response. To respond to the continuously growing requirements for handling data volume and a long retention period, occasional increases on Indexer count were done. SmartStore was adopted to allow to keep all the required data searchable without overwhelming traditional storage and simultaneously increasing resiliency by detaching the storage from the indexers A framework based almost entirely on Splunk Enterprise and Lookup Tables that calculates Key Risk Indicators of Julius Baer every day, for every system along our ISMS. Replaced part of the ICS (internal control system) through automation. Many different KRIs are included, e.g. in the areas of vulnerability management, hardening, identity & access management, etc.. Milestones and Challenges encountered Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 7
© 2023 SPLUNK INC. Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 8 Somewhere in the future Strategy Use-Cases From a SOC perspective: > Less “make”, more “buy” as a general strategy in the SOC. Although make is the best fit, its also the most expensive one. > Buy smarter security products instead of sourcing raw log data and write monitoring patterns ourselves. From an IT perspective: > Prepare for a decentralized future for data. Adopt preprocessing solutions and federated searching for data access in a very diverse data landscape. > Scale up the infrastructure for the next 5 years of growth. > Automate repeatable administration tasks, implement configuration version control. > Vulnerability Management: identify vulnerabilities not taken care of in the regular patch cycle and triage an incident ticket to the right subject matter expert. Splunk Enterprise and/or SOAR are superior to other technologies in use, thus the migration. > Baseline Compliance Management: flag deviations from the baseline and triage an incident ticket to the right stakeholders in the organization. Process is very similar to vulnerability management. > Application monitoring: provide greater visibility for service and application teams related to system availability, application performance and behavior and user history building. Where we are heading The years yet to come … not too far away though
© 2023 SPLUNK INC. Happy to elaborate and engage in discussions during the breaks. Looking forward to meeting you. Key Takeaways Well, we have learned much in the past ~10 years. Here is what mattered most: > The enterprise’s IT Splunk infrastructure provider and the SOC need to be in close contact to ensure a working performance management and growth planning. > 10 years of SOC include a few legacy items. Sometimes things blow up and repair is needed. Have a plan B when this happens. > Quality management remains a big challenge (all sources still logging? all fields still available for extraction after a product upgrade? all sources logging without delay? …) Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 9
© 2023 SPLUNK INC. Thank you 10 Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey

Recommended

SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-CloudSplunk
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud Splunk
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and MulticloudSplunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 

Recommended

SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-CloudSplunk
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud Splunk
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and MulticloudSplunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
 
Innovation at Meraki
Innovation at MerakiInnovation at Meraki
Innovation at MerakiCisco Canada
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Rafael Santos
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesSplunk
 
Taking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudTaking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudSherWeb
 
Meeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.EMeeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.ENuvollo
 
Nuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014Bessie Wang
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringInfluxData
 
Internet of Everything: The CIO's Point of View
Internet of Everything: The CIO's Point of ViewInternet of Everything: The CIO's Point of View
Internet of Everything: The CIO's Point of ViewCisco Canada
 
MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019Julian Douch
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElasticsearch
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITOld Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITPrecisely
 
Legacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimeLegacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimePrecisely
 
J Tobolski Cloud Computing
J Tobolski Cloud ComputingJ Tobolski Cloud Computing
J Tobolski Cloud ComputingArt Upton
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 

More Related Content

Similar to Julius Bär's 10+ Year Journey with Splunk

Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
Innovation at Meraki
Innovation at MerakiInnovation at Meraki
Innovation at MerakiCisco Canada
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Rafael Santos
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesSplunk
 
Taking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudTaking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudSherWeb
 
Meeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.EMeeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.ENuvollo
 
Nuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014Bessie Wang
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringInfluxData
 
Internet of Everything: The CIO's Point of View
Internet of Everything: The CIO's Point of ViewInternet of Everything: The CIO's Point of View
Internet of Everything: The CIO's Point of ViewCisco Canada
 
MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019Julian Douch
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElasticsearch
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITOld Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITPrecisely
 
Legacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimeLegacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimePrecisely
 
J Tobolski Cloud Computing
J Tobolski Cloud ComputingJ Tobolski Cloud Computing
J Tobolski Cloud ComputingArt Upton
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 

Similar to Julius Bär's 10+ Year Journey with Splunk (20)

Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Innovation at Meraki
Innovation at MerakiInnovation at Meraki
Innovation at Meraki
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk Enterprises
 
Taking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudTaking Control of SharePoint in the Cloud
Taking Control of SharePoint in the Cloud
 
Meeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.EMeeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.E
 
Nuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.E
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
 
Internet of Everything: The CIO's Point of View
Internet of Everything: The CIO's Point of ViewInternet of Everything: The CIO's Point of View
Internet of Everything: The CIO's Point of View
 
MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factory
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITOld Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe IT
 
Legacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimeLegacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and Uptime
 
J Tobolski Cloud Computing
J Tobolski Cloud ComputingJ Tobolski Cloud Computing
J Tobolski Cloud Computing
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
Best of .conf22 Session Recommendations
Best of .conf22 Session RecommendationsBest of .conf22 Session Recommendations
Best of .conf22 Session RecommendationsSplunk
 
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0Splunk
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungSplunk
 
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC BetriebDer Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC BetriebSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
Best of .conf22 Session Recommendations
Best of .conf22 Session RecommendationsBest of .conf22 Session Recommendations
Best of .conf22 Session Recommendations
 
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
 
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC BetriebDer Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Julius Bär's 10+ Year Journey with Splunk

  • 1. © 2023 SPLUNK INC. Bruno Domingos Stefan Meier Bank Julius Bär Bank Julius Bär
  • 2. Many roads lead to Rome - this was our journey Splunk .conf Go Zurich Oct 2023
  • 3. © 2023 SPLUNK INC. Who are we? Our organization and our your presenters AGENDA Where our journey has started Why we started using Splunk What we have seen along the way Challenges and opportunities we faced by growing with Splunk in the past 10+ years Where we are heading and key takeaways Next steps in the foreseeable future Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 3
  • 4. © 2023 SPLUNK INC. Who are we? Introducing the speakers and the company Bruno Martins Domingos > Lead Engineer Splunk [Information Technology] > Experienced in working with demanding customers > With the company for 4 years The Company Julius Baer > Engaged in private banking since 1890 > Shares listed on the SIX Swiss Exchange and included in Swiss Leader Index (SLI) > Present in more than 25 countries and over 60 locations > Approx. 7’000 employees > Approx. 23k assets to protect (clients, server, network devices & more) > Hybrid IT setup: on-premises and cloud Julius Baer is the leading Swiss wealth management group with assets under management of CHF 441 billion (June 2023). Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 4 Your Speakers Stefan Meier > Head of Cyber Fusion Center [Information Security] > One of the most demanding customers > With the company for 9 years
  • 5. © 2023 SPLUNK INC. Our road Some high-level milestones along the way 2016 2018 2014 • Project: Centralised Logging 2012 2020 2023 • Phantom / SOAR Growth in figures ▪ Started with 20 GB license in 2012, today we are on a 6 TB license and 1,5PB of searchable data ▪ Started with 3 indexers and 1 search head. Today’s infrastructure is ongoing a lifecycle and will result in 140 indexers and 20 search heads. ▪ 32 applications and 600 systems where logging to Splunk in 2014. Currently over 250 applications and 20000 systems send their logs to Splunk ▪ ES, UBA and ITSI looked at but never used in production ▪ Splunk Enterprise & SOAR heavily used Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 5 • Large Infrastructure Redesign • ITSI Pilot • ES Pilot • Continuous Assurance Reporting Framework • Baseline Compliance Operationalization • Vulnerability Mgmt Operationalization • SIEM Light • SIEM • IOC Management • Profiling/ML Support for SIEM • Forensics Readiness • SOC Readiness • CMDB & more Integration • ES Re- validated • UBA Concept • Security Essentials for Threat Mgmt • Hunting with Splunk • Alerting readiness • Indexer Cluster • Search Head Cluster 2021 • Smart Store • Automation for configuration deployment
  • 6. © 2023 SPLUNK INC. Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 6 Splunk as a technology was available, but no clear guidelines as to what logs had to be onboarded yet Drivers What got us started Initial Use-Cases Where we saw the need Collect and store log data centrally Protect log data from being overwritten/deleted/unauthorized access Powerful log analysis & correlation capability for quicker troubleshooting Focus on application logs rather than infrastructure logs > E-Forensics: access to application log data in case of legal cases, fill gaps in existing e-discovery solution > Security Operations Center: monitor data from web proxy, mail gateway, firewall and antivirus solution for malware in dedicated dashboards, first attempts to correlate events based on hostnames > IT Operations: to improve troubleshooting capabilities, not used extensively yet Where our journey has started The years 2012-2014 … kickstarted the SOC which would become the largest internal customer in BJB
  • 7. © 2023 SPLUNK INC. What we have seen along the way 2014 - 2023 Splunk Enterprise Security Splunk Enterprise SIEM High Availability and Disaster Recovery User Behaviour Analytics Phantom / SOAR Performance Management Continuous Assurance Reporting Powerful framework we would have loved to have in place when we started. You have to have your homework done though, starting from performance management to CIM compliance and its data models related. We chose to build our own SIEM about 8 years ago which is still in place today. This approach allowed for maximum flexibility at the cost of higher engineering and maintenance effort. Visibility / use-case coverage and functionality was rated state-of-the-art by penetration testers, red teams and regulators. Very early on the Indexer infrastructure was setup in a multi site clustered environment to assure continuous data availability. Once the overall usage and requirement justified it, also Search Head clusters were setup in CH in 2018 and APAC in 2020. Interesting approach but we wanted to have a more light-weight solution in place. Thus we created a “UBA light” which was reduced to the minimum and tuned to our individual setup in the bank. The key focus was on lateral movement and privileged access management. Phantom (Splunk SOAR) replaced and enhanced large chunks of our existing, proprietary incident response capabilities. A considerable investment from our end resulted in a few key achievements: faster incident response, standardized case handling & documentation and vendor-supported 3rd party interfaces for incident response. To respond to the continuously growing requirements for handling data volume and a long retention period, occasional increases on Indexer count were done. SmartStore was adopted to allow to keep all the required data searchable without overwhelming traditional storage and simultaneously increasing resiliency by detaching the storage from the indexers A framework based almost entirely on Splunk Enterprise and Lookup Tables that calculates Key Risk Indicators of Julius Baer every day, for every system along our ISMS. Replaced part of the ICS (internal control system) through automation. Many different KRIs are included, e.g. in the areas of vulnerability management, hardening, identity & access management, etc.. Milestones and Challenges encountered Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 7
  • 8. © 2023 SPLUNK INC. Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 8 Somewhere in the future Strategy Use-Cases From a SOC perspective: > Less “make”, more “buy” as a general strategy in the SOC. Although make is the best fit, its also the most expensive one. > Buy smarter security products instead of sourcing raw log data and write monitoring patterns ourselves. From an IT perspective: > Prepare for a decentralized future for data. Adopt preprocessing solutions and federated searching for data access in a very diverse data landscape. > Scale up the infrastructure for the next 5 years of growth. > Automate repeatable administration tasks, implement configuration version control. > Vulnerability Management: identify vulnerabilities not taken care of in the regular patch cycle and triage an incident ticket to the right subject matter expert. Splunk Enterprise and/or SOAR are superior to other technologies in use, thus the migration. > Baseline Compliance Management: flag deviations from the baseline and triage an incident ticket to the right stakeholders in the organization. Process is very similar to vulnerability management. > Application monitoring: provide greater visibility for service and application teams related to system availability, application performance and behavior and user history building. Where we are heading The years yet to come … not too far away though
  • 9. © 2023 SPLUNK INC. Happy to elaborate and engage in discussions during the breaks. Looking forward to meeting you. Key Takeaways Well, we have learned much in the past ~10 years. Here is what mattered most: > The enterprise’s IT Splunk infrastructure provider and the SOC need to be in close contact to ensure a working performance management and growth planning. > 10 years of SOC include a few legacy items. Sometimes things blow up and repair is needed. Have a plan B when this happens. > Quality management remains a big challenge (all sources still logging? all fields still available for extraction after a product upgrade? all sources logging without delay? …) Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 9
  • 10. © 2023 SPLUNK INC. Thank you 10 Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey