Interac/Acxsys CorporationJosh DiakunSpecialist, Info Security Operationstwitter: @iam_joshd      #splunklive
Interac Association/Acxsys CorporationInterac Association– Formed in 1984– Responsible for the development and operations ...
Key Challenges Before Splunk    Fault occurs              Confusion ensues        Weekend work            No clarity, much...
Originally Why Splunk?Security was the original driverLooking for a log management solution–   Reviewed LogLogic, ArcSight...
The Splunk Adventure…   Downloaded Splunk Free   Immediately producing reports/metrics previously unavailable   Obtaine...
Whats Feeding SplunkCentralized logging and distributed Splunk Universal Forwarders feedingthe right combination of data s...
Splunk Use Cases   Application                                   Monitoring Traffic Monitoring and Troubleshooting        ...
Continuous Infrastructure Monitoring Alerting on various application, system and environmental thresholds Event correlat...
Our Splunk AppsWhat we’ve built...•   Enterprise Storage Analytics App for Hitachi USP Series•   In-house Application Moni...
Building an Enterprise Security AppWorked with the Security dept.GQM (Goal-Question-Metric) approach to understandtheir go...
Enterprise Security App  Menu driven   navigationEasily access the reports need  Enables bettercontrol and policy    decis...
HDS Enterprise Storage Analytics App Provides the ability  to easily drill down  resource utilization  by  host, port, pa...
RSA SecurID Appliance Reporting App•   Provides entire view    of all actions against    your SecurID    appliance•   Unde...
In-house Application Monitoring• Provides access to production data without          • Understand function & method calls ...
Splunk BenefitsReports formatted to support BU’s across their use casesA more proactive view of the applications and infra...
Tips for Selling Splunk InternallyKnow your audienceUnderstand requirements& budgetsSimplify “Big Data”Listen…          To...
Achievement Unlocked - ROI FTW!•   Provides $100,000 ROI as an analytics engine for our enterprise storage system•   File ...
Questions?@iam_joshd
Upcoming SlideShare
Loading in …5
×

SplunkLive! Denver - Nov 2012 - Interac

863 views

Published on

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
863
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Interac Association, formed in 1984, is responsible for the development and operations of the Inter-Member Network (IMN), a national payment network that allows Canadians to access their money through Automated Banking Machines and Point-of-Sale terminals across Canada. Services include Interac Cash, Interac Debit and the contactless enhancement Interac Flash.Acxsys Corporation, founded in 1996, provides management services to the association and specializes in the development and operation of new payment service opportunities. Services include Interac Online, Interac e-Transfer and international services, which provide Canadian cardholders with POS access at nearly 2 million U.S. retailers, and PULSE, Discover, Diners Club International and China UnionPay cardholders access to ABMs in Canada
  • SplunkLive! Denver - Nov 2012 - Interac

    1. 1. Interac/Acxsys CorporationJosh DiakunSpecialist, Info Security Operationstwitter: @iam_joshd #splunklive
    2. 2. Interac Association/Acxsys CorporationInterac Association– Formed in 1984– Responsible for the development and operations of the Inter-Member Network (IMN)– Services include Interac Cash, Interac Debit and the contactless enhancement Interac FlashAcxsys Corporation– Founded in 1996– Provides management services to the association– Specializes in the development & operation of new payment service opportunities.– Services include Interac Online, Interac e-Transfer and international services Toronto May 3, 2012 2 Copyright © 2011, Splunk Inc.
    3. 3. Key Challenges Before Splunk Fault occurs Confusion ensues Weekend work No clarity, much stress Many different log formats  Slow incident and fault response times Variety of tools for incident investigation  Lack of single point of visibility across and root cause analysis entire infrastructure Toronto May 3, 2012 3 Copyright © 2011, Splunk Inc.
    4. 4. Originally Why Splunk?Security was the original driverLooking for a log management solution– Reviewed LogLogic, ArcSight, others– Bought on Price, Speed, Support for Open Source platforms– Bring logs together in a single system– Try and Buy modelBetter view of network and application activity Toronto May 3, 2012 4 Copyright © 2011, Splunk Inc.
    5. 5. The Splunk Adventure… Downloaded Splunk Free Immediately producing reports/metrics previously unavailable Obtained trial enterprise license Debuted reports to management, secured funding and resources Focused on first building an application for Security Applications then built for Infrastructure, Development and Operations Toronto May 3, 2012 5 Copyright © 2011, Splunk Inc.
    6. 6. Whats Feeding SplunkCentralized logging and distributed Splunk Universal Forwarders feedingthe right combination of data sources. – Active Directory– IPS/HIPS – Host performance data– Syslog – Custom application data– AV Data – Webserver logs– Firewall data – Enterprise storage metrics– VPN data – Database audit logs– SNMP data – SSO application data– Backup event data – External sources (ie. blacklists)– Proxy logs – Physical Badge Access Data Toronto May 3, 2012 6 Copyright © 2011, Splunk Inc.
    7. 7. Splunk Use Cases Application Monitoring Traffic Monitoring and Troubleshooting and Trends Reporting forEnterprise Storage Security Analysis System Toronto May 3, 2012 Copyright © 2011, Splunk Inc.
    8. 8. Continuous Infrastructure Monitoring Alerting on various application, system and environmental thresholds Event correlation to identify a variety of attacks or issues Data loss prevention Alerting on “out of the norm” privilege escalations VPN summary and utilization times Change reporting – applications, users, groups, etc… Toronto May 3, 2012 8 Copyright © 2011, Splunk Inc.
    9. 9. Our Splunk AppsWhat we’ve built...• Enterprise Storage Analytics App for Hitachi USP Series• In-house Application Monitoring App• In-house Operational Monitoring App• In-house Systems Management App• RSA SecurID Appliance Reporting App (available on Splunkbase!)• Barracuda Web Filter Reporting App (available on Splunkbase!) Toronto May 3, 2012 9 Copyright © 2011, Splunk Inc.
    10. 10. Building an Enterprise Security AppWorked with the Security dept.GQM (Goal-Question-Metric) approach to understandtheir goals and map to metricsWorked with IT architecture and developmentMenu and form driven – users can quickly find the viewand information they need Over 80 reports driven through 8 menus and 26 individual views! Toronto May 3, 2012 10 Copyright © 2011, Splunk Inc.
    11. 11. Enterprise Security App Menu driven navigationEasily access the reports need Enables bettercontrol and policy decisions Toronto May 3, 2012 11 Copyright © 2011, Splunk Inc.
    12. 12. HDS Enterprise Storage Analytics App Provides the ability to easily drill down resource utilization by host, port, parity group & cache partition. Easily identify bottlenecks Allows to access activity in near real-time Toronto May 3, 2012 12 Copyright © 2011, Splunk Inc.
    13. 13. RSA SecurID Appliance Reporting App• Provides entire view of all actions against your SecurID appliance• Understand user actions, admin actions, etc…• Identify “out of the norm” events over short time frames.• Dashboards: Summary, User Activity, Network Activity & Event Search Form Toronto May 3, 2012 13 Copyright © 2011, Splunk Inc.
    14. 14. In-house Application Monitoring• Provides access to production data without • Understand function & method calls – need for access to production systems execution times, responses, size of• Ability to understand user actions calls, etc… throughout their lifetime in the application Toronto May 3, 2012 14 Copyright © 2011, Splunk Inc.
    15. 15. Splunk BenefitsReports formatted to support BU’s across their use casesA more proactive view of the applications and infrastructureHelped restructure our environment and applicationsFaster investigations & fault identificationImproved performance of business initiatives such asmarketing campaignsSimplified business processes meaning resource time isfreed up allowing for focus on new initiatives. Toronto May 3, 2012 15 Copyright © 2011, Splunk Inc.
    16. 16. Tips for Selling Splunk InternallyKnow your audienceUnderstand requirements& budgetsSimplify “Big Data”Listen… Toronto May 3, 2012 16 Copyright © 2011, Splunk Inc.
    17. 17. Achievement Unlocked - ROI FTW!• Provides $100,000 ROI as an analytics engine for our enterprise storage system• File delivery issues were previously costing $1,125 per incident with an avg. of one incident per week costing $58,500 per year. – Splunk reduced the cost per incident to $75 or $3900 per year -- $54,600 savings per year!!• Extensive soft cost savings: – Ability to configure real-time alerts for quicker response times preventing potential data & profit loss. – Improved performance of business initiatives such as marketing campaigns• Splunk TCO is less than 10% of the $$ savings. Splunk increases productivity for our Security department by approximately $500,000 per year! Toronto May 3, 2012 17 Copyright © 2011, Splunk Inc.
    18. 18. Questions?@iam_joshd

    ×