Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SplunkLive! Chicago April 2013 - Fieldglass

927 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

SplunkLive! Chicago April 2013 - Fieldglass

  1. 1. Copyright © 2012 Splunk, Inc.Jim Krev, FieldglassSr. Security Manager
  2. 2. About FieldglassVendor Management System (VMS) system provider founded in 1999Helps Global 2000 firms procure and manage the flexible workforce(contingent labor, project-based services, independent contractors)200 customers, including GlaxoSmithKline, Johnson & Johnson,Monsanto, Rio Tinto & Salesforce, use Fieldglass in 78 countries, 14+languagesRanked largest VMS with highest satisfaction rating for past threeconsecutive years, according to Staffing Industry Analysts 2
  3. 3. About the SpeakerJim KrevResponsible for information security andcompliance requirementsWith Fieldglass for 5 yearsFull time in security since 2004Lecturer at DePaul University– Encourages students to use Splunk for OSSEC 3
  4. 4. From Logging Only to SIEM ReplacementBeen using Splunk for several yearsRelease of Enterprise Security made Splunk viable SIEM replacementSIEM was overly complexMade the argument to replace SIEM with Splunk = FTW! “Our SIEM was overly complex and not as easy to use as Splunk” 4
  5. 5. Saving Time and Money with SplunkOnly one analystDon’t have time to wait on two menusWith Splunk I can create a search, I can create a dashboard from that, Ican schedule a reportDont waste a lot of time going back and forth between screens trying tofigure out how to produce a report “One person can do the job of two with Splunk.” 5
  6. 6. Indexing Fieldglass Data (Exact Amount?)Collecting data from physical and logical network:– Network devices– Server events– Application logs– Anti-virus– Vulnerability scanning events– IDS events from firewalls– Custom csv– Nmap scans– We have built apps and created some cool looking dashboards  Nessus and Nmap dashboard that correlates inventory  Virus statistics over systems and time 6
  7. 7. Tracking Continuous Improvement for ISO CertificationTracking vulnerabilities in theinfrastructureNeed to showcase continuousimprovement for ISO certificationSenior Management looks atdashboard 7
  8. 8. Building our own App with SplunkInternal Audit App– Proactively monitor passes– Monitors incompletes– Monitors failures– Tracks control area and owner– Shows how we did on internal Audit 8
  9. 9. 9
  10. 10. AHA!Search on a fragment of an event and find the root causeCorrelate against all networking devices by indexCan see whats happening in all three networksThe ability to get down to the raw event “Splunk is very addicting…once you start playing around with it, it’s hard to shake.” 10
  11. 11. Extending with Splunk AppsSplunk App forWindowsSplunk on SplunkGoogle Maps forSplunk (IP mapping)Splunk for Symantec 11
  12. 12. Growing Splunk within ITDaily reports to DBAsGaining momentum by showing Splunk environment in homeinfrastructureShowcasing internally as to how easy it is to correlate data in Splunk 12
  13. 13. Future• Splunk App for VMware• Building out scalable Splunk infrastructure• Active directory integration• Using Splunk for advanced persistent threats detection 13
  14. 14. ROI Replaced SIEM with SplunkSaving $30,000/year and an additional resource Saved hours of work to find issues/resolution Easy to show continuous improvement for ISO Quickly identify patches 14
  15. 15. Thank You!

×