Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SplunkLive! Cincinnati - E.W. Scripps - Oct 2012


Published on

Published in: Business
  • Be the first to comment

  • Be the first to like this

SplunkLive! Cincinnati - E.W. Scripps - Oct 2012

  1. 1. Copyright © 2012 Splunk, Inc.Jim BundyManager Information SecurityE. W. Scripps
  2. 2. Safe Harbor StatementDuring the course of this presentation, we may make forward looking statements regarding future eventsor the expected performance of the company. We caution you that such statements reflect our currentexpectations and estimates based on factors currently known to us and that actual events or results coulddiffer materially. For important factors that may cause actual results to differ from those contained in ourforward-looking statements, please review our filings with the SEC. The forward-looking statementsmade in this presentation are being made as of the time and date of its live presentation. If reviewedafter its live presentation, this presentation may not contain current or accurate information. We do notassume any obligation to update any forward looking statements we may make. In addition, anyinformation about our roadmap outlines our general product direction and is subject to change at anytime without notice. It is for informational purposes only and shall not be incorporated into any contractor other commitment. Splunk undertakes no obligation either to develop the features or functionalitydescribed or to include any such feature or functionality in a future release. 2
  3. 3. E. W. ScrippsLeading media enterprise19 television stations in majormarkets and 13 newspapermarketshas operated the NationalSpelling Bee since 1941Expanding into social gamingfor multiple platforms6000 employees across 29locations 3
  4. 4. Jim Bundy, CISSP, CISMTechnology + Security roles across military, financial services and mediaorganizationsImplemented security program from start to finish at E.W. ScrippsCISSP, CISMWrites security articles in spare time 4
  5. 5. Getting Started with SecurityNeeded data/ log aggregation solution across 29 locations– WMI– Network logs, syslog– Servers, firewalls– TippingPoint IDS/ IPS, Symantec Virus– Unified threat management– DesktopsNeeded to secure across users and locations 5
  6. 6. Investigating SIEMEvaluated ArcSight, LogRhythm, Symantec/ McAfee, othersFound SIEM market to be immature– Relies on interoperability– Needed specific versions or specific OS on various devices to make it work– Too rigid– Each branch manages own IT, so broad spectrum of devices and solutions in play– SIEM provided canned reports  Data points, but no “context” – Last hour 50 failed logins. “Yes, but??” 6
  7. 7. Why Splunk? Role-based access + Flexibility and Speed Consolidated view Splunk ingests any data format withoutStaffers only see specific data, admins have parsers or adapters on our endpoints. view into entire infrastructure for alerting This sped the deployment and our time + troubleshooting. to value. Limited Visibility Dashboards and Reporting As with most IT and security Very limited prior to Splunk. Now we environments we had siloed views into have answers to the most importantour data. We needed to see everything in questions: Who? What? Where? When? Operations and Security … now we do! And Why? 7
  8. 8. How We Use Splunk: Single Source of Truth Automated and ad-hoc Time- Real-time alerting, Who created/ deleted this Based Data Analysis monitoring and dashboards UNIX account, for whom? What human behaviors vs. IDS IPS visibility + reporting malware vs. virus? Verification and Validation What are my known + Change monitoring and threats? management What data is being accessed Detecting brute force out of typical patterns for Cyberattacks this user?
  9. 9. “Execs love dashboards. I give them enough to know what’s going on without panicking them.” 9
  10. 10. INSERT DASHBOARD 2 HERE“If I can provide something with a dial I’m like a god!” 10
  11. 11. Flexibility to Use and Create AppsUsing– *Nix– Symantec– Juniper FirewallsInvestigating– Splunk App for VMware– Splunk App for Active DirectoryBuilt own CA app 11
  12. 12. Finding ROICan use Splunk beyond just security—network team + others– Significant operational value: server, desktop, etc.Small team, better to manage fewer apps; will likely decommissionother tools:– Quest change auditor– TippingPoint “We believe all tools should have operational as well as security value—Splunk does, and it’s just plain simple to use.” 12
  13. 13. What’s Next? 13
  14. 14. Questions?