SlideShare a Scribd company logo

.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)

Splunk
Splunk

.conf Go 2023 presentation: "Many roads lead to Rome - this was our journey" Speakers: Bruno Domingos (Julius Bär) Stefan Meier (Julius Bär)

1 of 10
© 2023 SPLUNK INC.
Bruno Domingos Stefan Meier
Bank Julius Bär
Bank Julius Bär
Many roads lead to Rome - this was our journey
Splunk .conf Go Zurich
Oct 2023
© 2023 SPLUNK INC.
Who are we?
Our organization and our your presenters
AGENDA
Where our journey has started
Why we started using Splunk
What we have seen along the way
Challenges and opportunities we faced by growing with Splunk in the past 10+ years
Where we are heading and key takeaways
Next steps in the foreseeable future
Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 3
© 2023 SPLUNK INC.
Who are we?
Introducing the speakers and the company
Bruno Martins Domingos
> Lead Engineer Splunk [Information Technology]
> Experienced in working with demanding customers
> With the company for 4 years
The Company
Julius Baer
> Engaged in private banking since 1890
> Shares listed on the SIX Swiss Exchange and included in Swiss Leader
Index (SLI)
> Present in more than 25 countries and over 60 locations
> Approx. 7’000 employees
> Approx. 23k assets to protect (clients, server, network devices & more)
> Hybrid IT setup: on-premises and cloud
Julius Baer is the leading Swiss wealth management group with assets under
management of CHF 441 billion (June 2023).
Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 4
Your Speakers
Stefan Meier
> Head of Cyber Fusion Center [Information Security]
> One of the most demanding customers
> With the company for 9 years
© 2023 SPLUNK INC.
Our road
Some high-level milestones along the way
2016 2018
2014
• Project:
Centralised
Logging
2012 2020 2023
• Phantom / SOAR
Growth in figures
▪ Started with 20 GB license in 2012, today we are on a 6 TB
license and 1,5PB of searchable data
▪ Started with 3 indexers and 1 search head. Today’s
infrastructure is ongoing a lifecycle and will result in 140
indexers and 20 search heads.
▪ 32 applications and 600 systems where logging to Splunk
in 2014. Currently over 250 applications and 20000
systems send their logs to Splunk
▪ ES, UBA and ITSI looked at but never used in production
▪ Splunk Enterprise & SOAR heavily used
Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 5
• Large Infrastructure
Redesign
• ITSI Pilot
• ES Pilot
• Continuous Assurance
Reporting Framework
• Baseline Compliance
Operationalization
• Vulnerability Mgmt
Operationalization
• SIEM Light
• SIEM
• IOC
Management
• Profiling/ML
Support for
SIEM
• Forensics
Readiness
• SOC
Readiness
• CMDB & more
Integration
• ES Re-
validated
• UBA Concept
• Security
Essentials for
Threat Mgmt
• Hunting with
Splunk
• Alerting
readiness
• Indexer
Cluster
• Search Head
Cluster
2021
• Smart Store
• Automation for
configuration deployment
© 2023 SPLUNK INC.
Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 6
Splunk as a technology was available, but no clear guidelines as to what logs had to be onboarded yet
Drivers
What got us started
Initial Use-Cases
Where we saw the need
Collect and store log data centrally
Protect log data from being overwritten/deleted/unauthorized access
Powerful log analysis & correlation capability for quicker troubleshooting
Focus on application logs rather than infrastructure logs
> E-Forensics: access to application log data in case of legal cases, fill gaps in existing e-discovery solution
> Security Operations Center: monitor data from web proxy, mail gateway, firewall and antivirus solution for malware in
dedicated dashboards, first attempts to correlate events based on hostnames
> IT Operations: to improve troubleshooting capabilities, not used extensively yet
Where our journey has started
The years 2012-2014
… kickstarted the SOC which would become the largest internal customer in BJB

Recommended

Information Security Policy – Bloom Design Group
Information Security Policy – Bloom Design GroupInformation Security Policy – Bloom Design Group
Information Security Policy – Bloom Design GroupCarla Bennington
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-CloudSplunk
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and MulticloudSplunk
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud Splunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 

More Related Content

Similar to .conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)

How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
Innovation at Meraki
Innovation at MerakiInnovation at Meraki
Innovation at MerakiCisco Canada
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesSplunk
 
Taking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudTaking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudSherWeb
 
Meeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.EMeeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.ENuvollo
 
Nuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014Bessie Wang
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringInfluxData
 
Internet of Everything: The CIO's Point of View
Internet of Everything:  The CIO's Point of ViewInternet of Everything:  The CIO's Point of View
Internet of Everything: The CIO's Point of ViewCisco Canada
 
MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019Julian Douch
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElasticsearch
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITOld Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITPrecisely
 
Legacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimeLegacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimePrecisely
 
J Tobolski Cloud Computing
J Tobolski Cloud ComputingJ Tobolski Cloud Computing
J Tobolski Cloud ComputingArt Upton
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 

Similar to .conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär) (20)

How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Innovation at Meraki
Innovation at MerakiInnovation at Meraki
Innovation at Meraki
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk Enterprises
 
Taking Control of SharePoint in the Cloud
Taking Control of SharePoint in the CloudTaking Control of SharePoint in the Cloud
Taking Control of SharePoint in the Cloud
 
Meeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.EMeeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.E
 
Nuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.E
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
 
Internet of Everything: The CIO's Point of View
Internet of Everything:  The CIO's Point of ViewInternet of Everything:  The CIO's Point of View
Internet of Everything: The CIO's Point of View
 
MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019MuleSoft Meetup Singapore March 2019
MuleSoft Meetup Singapore March 2019
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factory
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITOld Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe IT
 
Legacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and UptimeLegacy IBM Systems and Splunk: Security, Compliance and Uptime
Legacy IBM Systems and Splunk: Security, Compliance and Uptime
 
J Tobolski Cloud Computing
J Tobolski Cloud ComputingJ Tobolski Cloud Computing
J Tobolski Cloud Computing
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
IT Sicherheitsgesetz 2.0
 IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0Splunk
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungSplunk
 
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC BetriebDer Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC BetriebSplunk
 
Die Grundlagen für den KI gestützten IT-Betrieb
Die Grundlagen für den KI gestützten IT-BetriebDie Grundlagen für den KI gestützten IT-Betrieb
Die Grundlagen für den KI gestützten IT-BetriebSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
IT Sicherheitsgesetz 2.0
 IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
 
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC BetriebDer Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
 
Die Grundlagen für den KI gestützten IT-Betrieb
Die Grundlagen für den KI gestützten IT-BetriebDie Grundlagen für den KI gestützten IT-Betrieb
Die Grundlagen für den KI gestützten IT-Betrieb
 

Recently uploaded

CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...ShapeBlue
 
iOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingeriOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingerssuser9354ce
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubShapeBlue
 
Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...BookNet Canada
 
Low Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsLow Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsScyllaDB
 
Boosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUG
Boosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUGBoosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUG
Boosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUGRick Ossendrijver
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarThousandEyes
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...ShapeBlue
 
PrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyPrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyMustafa Kuğu
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...James Anderson
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...DianaGray10
 
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueShapeBlue
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)François
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...Neo4j
 
Centralized TLS Certificates Management Using Vault PKI + Cert-Manager
Centralized TLS Certificates Management Using Vault PKI + Cert-ManagerCentralized TLS Certificates Management Using Vault PKI + Cert-Manager
Centralized TLS Certificates Management Using Vault PKI + Cert-ManagerSaiLinnThu2
 
AI for Educators - Integrating AI in the Classrooms
AI for Educators - Integrating AI in the ClassroomsAI for Educators - Integrating AI in the Classrooms
AI for Educators - Integrating AI in the ClassroomsPremsankar Chakkingal
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 
AI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficientAI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficientKari Kakkonen
 
SKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesSKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesNeo4j
 

Recently uploaded (20)

CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
 
iOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingeriOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostinger
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
 
Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...
 
Low Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsLow Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & Pitfalls
 
Boosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUG
Boosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUGBoosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUG
Boosting Developer Effectiveness with a Java platform team 1.4 - ArnhemJUG
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
 
PrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyPrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5Company
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
 
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
 
Centralized TLS Certificates Management Using Vault PKI + Cert-Manager
Centralized TLS Certificates Management Using Vault PKI + Cert-ManagerCentralized TLS Certificates Management Using Vault PKI + Cert-Manager
Centralized TLS Certificates Management Using Vault PKI + Cert-Manager
 
AI for Educators - Integrating AI in the Classrooms
AI for Educators - Integrating AI in the ClassroomsAI for Educators - Integrating AI in the Classrooms
AI for Educators - Integrating AI in the Classrooms
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & Esri
 
AI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficientAI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficient
 
SKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesSKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologies
 

.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)

  • 1. © 2023 SPLUNK INC. Bruno Domingos Stefan Meier Bank Julius Bär Bank Julius Bär
  • 2. Many roads lead to Rome - this was our journey Splunk .conf Go Zurich Oct 2023
  • 3. © 2023 SPLUNK INC. Who are we? Our organization and our your presenters AGENDA Where our journey has started Why we started using Splunk What we have seen along the way Challenges and opportunities we faced by growing with Splunk in the past 10+ years Where we are heading and key takeaways Next steps in the foreseeable future Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 3
  • 4. © 2023 SPLUNK INC. Who are we? Introducing the speakers and the company Bruno Martins Domingos > Lead Engineer Splunk [Information Technology] > Experienced in working with demanding customers > With the company for 4 years The Company Julius Baer > Engaged in private banking since 1890 > Shares listed on the SIX Swiss Exchange and included in Swiss Leader Index (SLI) > Present in more than 25 countries and over 60 locations > Approx. 7’000 employees > Approx. 23k assets to protect (clients, server, network devices & more) > Hybrid IT setup: on-premises and cloud Julius Baer is the leading Swiss wealth management group with assets under management of CHF 441 billion (June 2023). Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 4 Your Speakers Stefan Meier > Head of Cyber Fusion Center [Information Security] > One of the most demanding customers > With the company for 9 years
  • 5. © 2023 SPLUNK INC. Our road Some high-level milestones along the way 2016 2018 2014 • Project: Centralised Logging 2012 2020 2023 • Phantom / SOAR Growth in figures ▪ Started with 20 GB license in 2012, today we are on a 6 TB license and 1,5PB of searchable data ▪ Started with 3 indexers and 1 search head. Today’s infrastructure is ongoing a lifecycle and will result in 140 indexers and 20 search heads. ▪ 32 applications and 600 systems where logging to Splunk in 2014. Currently over 250 applications and 20000 systems send their logs to Splunk ▪ ES, UBA and ITSI looked at but never used in production ▪ Splunk Enterprise & SOAR heavily used Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 5 • Large Infrastructure Redesign • ITSI Pilot • ES Pilot • Continuous Assurance Reporting Framework • Baseline Compliance Operationalization • Vulnerability Mgmt Operationalization • SIEM Light • SIEM • IOC Management • Profiling/ML Support for SIEM • Forensics Readiness • SOC Readiness • CMDB & more Integration • ES Re- validated • UBA Concept • Security Essentials for Threat Mgmt • Hunting with Splunk • Alerting readiness • Indexer Cluster • Search Head Cluster 2021 • Smart Store • Automation for configuration deployment
  • 6. © 2023 SPLUNK INC. Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 6 Splunk as a technology was available, but no clear guidelines as to what logs had to be onboarded yet Drivers What got us started Initial Use-Cases Where we saw the need Collect and store log data centrally Protect log data from being overwritten/deleted/unauthorized access Powerful log analysis & correlation capability for quicker troubleshooting Focus on application logs rather than infrastructure logs > E-Forensics: access to application log data in case of legal cases, fill gaps in existing e-discovery solution > Security Operations Center: monitor data from web proxy, mail gateway, firewall and antivirus solution for malware in dedicated dashboards, first attempts to correlate events based on hostnames > IT Operations: to improve troubleshooting capabilities, not used extensively yet Where our journey has started The years 2012-2014 … kickstarted the SOC which would become the largest internal customer in BJB
  • 7. © 2023 SPLUNK INC. What we have seen along the way 2014 - 2023 Splunk Enterprise Security Splunk Enterprise SIEM High Availability and Disaster Recovery User Behaviour Analytics Phantom / SOAR Performance Management Continuous Assurance Reporting Powerful framework we would have loved to have in place when we started. You have to have your homework done though, starting from performance management to CIM compliance and its data models related. We chose to build our own SIEM about 8 years ago which is still in place today. This approach allowed for maximum flexibility at the cost of higher engineering and maintenance effort. Visibility / use-case coverage and functionality was rated state-of-the-art by penetration testers, red teams and regulators. Very early on the Indexer infrastructure was setup in a multi site clustered environment to assure continuous data availability. Once the overall usage and requirement justified it, also Search Head clusters were setup in CH in 2018 and APAC in 2020. Interesting approach but we wanted to have a more light-weight solution in place. Thus we created a “UBA light” which was reduced to the minimum and tuned to our individual setup in the bank. The key focus was on lateral movement and privileged access management. Phantom (Splunk SOAR) replaced and enhanced large chunks of our existing, proprietary incident response capabilities. A considerable investment from our end resulted in a few key achievements: faster incident response, standardized case handling & documentation and vendor-supported 3rd party interfaces for incident response. To respond to the continuously growing requirements for handling data volume and a long retention period, occasional increases on Indexer count were done. SmartStore was adopted to allow to keep all the required data searchable without overwhelming traditional storage and simultaneously increasing resiliency by detaching the storage from the indexers A framework based almost entirely on Splunk Enterprise and Lookup Tables that calculates Key Risk Indicators of Julius Baer every day, for every system along our ISMS. Replaced part of the ICS (internal control system) through automation. Many different KRIs are included, e.g. in the areas of vulnerability management, hardening, identity & access management, etc.. Milestones and Challenges encountered Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 7
  • 8. © 2023 SPLUNK INC. Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 8 Somewhere in the future Strategy Use-Cases From a SOC perspective: > Less “make”, more “buy” as a general strategy in the SOC. Although make is the best fit, its also the most expensive one. > Buy smarter security products instead of sourcing raw log data and write monitoring patterns ourselves. From an IT perspective: > Prepare for a decentralized future for data. Adopt preprocessing solutions and federated searching for data access in a very diverse data landscape. > Scale up the infrastructure for the next 5 years of growth. > Automate repeatable administration tasks, implement configuration version control. > Vulnerability Management: identify vulnerabilities not taken care of in the regular patch cycle and triage an incident ticket to the right subject matter expert. Splunk Enterprise and/or SOAR are superior to other technologies in use, thus the migration. > Baseline Compliance Management: flag deviations from the baseline and triage an incident ticket to the right stakeholders in the organization. Process is very similar to vulnerability management. > Application monitoring: provide greater visibility for service and application teams related to system availability, application performance and behavior and user history building. Where we are heading The years yet to come … not too far away though
  • 9. © 2023 SPLUNK INC. Happy to elaborate and engage in discussions during the breaks. Looking forward to meeting you. Key Takeaways Well, we have learned much in the past ~10 years. Here is what mattered most: > The enterprise’s IT Splunk infrastructure provider and the SOC need to be in close contact to ensure a working performance management and growth planning. > 10 years of SOC include a few legacy items. Sometimes things blow up and repair is needed. Have a plan B when this happens. > Quality management remains a big challenge (all sources still logging? all fields still available for extraction after a product upgrade? all sources logging without delay? …) Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey 9
  • 10. © 2023 SPLUNK INC. Thank you 10 Splunk .conf Go Zurich 2023 - Many roads lead to Rome - this was our journey