Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SplunkLive! Customer Presentation - ExxonMobil

4,533 views

Published on

SplunkLive! Customer Presentation - ExxonMobil

Published in: Technology
  • Be the first to comment

SplunkLive! Customer Presentation - ExxonMobil

  1. 1. Copyright © 2014 Splunk Inc. July 15th, 2014 ExxonMobil Splunk Razi Asaduddin Cyber Security Advisor & Splunk Shared Service Team Lead July 15th, 2014
  2. 2. 2 About ExxonMobil Corp 2 • Pretty Big - Fortune 1-ish  • ~50 Countries • 80,000 Employees • $32.5bn in earnings in 2013 • 2M Barrels per day • 11.8bn cubic feet of natural gas
  3. 3. 3 About Me – Razi Asaduddin Cyber Security Technical Advisor – Monitoring, Process Design, Incident Handling, Threat Assessment, Malware Reverse Engineering, Digital Forensics Splunk Shared Service Team Lead – Designed, Architected, Implemented, Coded, and Administered Global Splunk Instance – Responsible for Splunk service and strategy – In-house consulting for prospective use cases – Evangelizing, PoCs, modeling, and tool rationalization Two-year Splunker and 2013 Revolution Award nominee • Contact: Razi.asaduddin@gmail.com
  4. 4. 4 Agenda Why Splunk? How we use Splunk How we have evolved Best practices Future
  5. 5. 5 Why Splunk? Extensibility Speed Late-binding Schema Scalability
  6. 6. 6 Why Splunk?
  7. 7. 7 Before Splunk Manual data Lag Time Visibility Silos Data knowledge
  8. 8. 8 How We Use Splunk Cyber Security Network Performance Application Performance Capacity PlanningCall Quality Misconfiguration Linux Administration
  9. 9. 9 How We Use Splunk – Cyber Security • Investigation and Incident Response • Complex Correlation • Proactive Alerting • Auto-remediation 
  10. 10. 10 How We Use Splunk – Performance • Reduce Data to: – OS + Application + Server + DB + Network + Endpoint Performance • 10,000 foot view & 1-foot view • Pivot
  11. 11. 11 Thought Process Gather Correlate Enrich Visualize Alert Action
  12. 12. 12 Evolution One-dimensional Multi-dimensional Pivoting Visualizing & Base-lining
  13. 13. 13 Best Practices Ask simple questions and build up Double-check raw data What data do we not have? Splunk it! Build a Splunk network Alert on it or automate it Policing
  14. 14. 14 Policing I’ll just run this at midnight when no one else does 
  15. 15. 15 Policing CPU & Memory Performance Number of searches Errors Long searches Wall of Shame
  16. 16. 16 Fun Stuff Longest running search – 96 hrs Longest search text – 80 lines Magical Midnight – pitfall Wall of Shame –  Splunk in life
  17. 17. 17 Future More Visualization - Turn raw events into this:
  18. 18. 18 Future Then reduce:
  19. 19. 19 Questions? Happy -ing!
  20. 20. Thank You

×