SlideShare a Scribd company logo

SplunkLive! Denver - Nov 2012 - Interac

Splunk
Splunk

This document discusses Interac Association/Acxsys Corporation and how Josh Diakun uses Splunk. It provides the following information: - Interac Association was formed in 1984 and operates the Inter-Member Network, providing services like Interac Cash and Debit. Acxsys Corporation was founded in 1996 and provides management services to Interac Association. - Before Splunk, Josh faced challenges like slow incident response, a lack of single visibility across infrastructure, and stress due to unclear root causes. Splunk helped address these by consolidating logs and providing faster investigations. - Josh built several apps with Splunk like ones for enterprise storage, security analysis, and application monitoring to help various business units with control

Business
1 of 18
Interac/Acxsys Corporation Josh Diakun Specialist, Info Security Operations twitter: @iam_joshd #splunklive
Interac Association/Acxsys Corporation Interac Association – Formed in 1984 – Responsible for the development and operations of the Inter-Member Network (IMN) – Services include Interac Cash, Interac Debit and the contactless enhancement Interac Flash Acxsys Corporation – Founded in 1996 – Provides management services to the association – Specializes in the development & operation of new payment service opportunities. – Services include Interac Online, Interac e-Transfer and international services Toronto May 3, 2012 2 Copyright © 2011, Splunk Inc.
Key Challenges Before Splunk Fault occurs Confusion ensues Weekend work No clarity, much stress  Many different log formats  Slow incident and fault response times  Variety of tools for incident investigation  Lack of single point of visibility across and root cause analysis entire infrastructure Toronto May 3, 2012 3 Copyright © 2011, Splunk Inc.
Originally Why Splunk? Security was the original driver Looking for a log management solution – Reviewed LogLogic, ArcSight, others – Bought on Price, Speed, Support for Open Source platforms – Bring logs together in a single system – Try and Buy model Better view of network and application activity Toronto May 3, 2012 4 Copyright © 2011, Splunk Inc.
The Splunk Adventure…  Downloaded Splunk Free  Immediately producing reports/metrics previously unavailable  Obtained trial enterprise license  Debuted reports to management, secured funding and resources  Focused on first building an application for Security  Applications then built for Infrastructure, Development and Operations Toronto May 3, 2012 5 Copyright © 2011, Splunk Inc.
Whats Feeding Splunk Centralized logging and distributed Splunk Universal Forwarders feeding the right combination of data sources. – Active Directory – IPS/HIPS – Host performance data – Syslog – Custom application data – AV Data – Webserver logs – Firewall data – Enterprise storage metrics – VPN data – Database audit logs – SNMP data – SSO application data – Backup event data – External sources (ie. blacklists) – Proxy logs – Physical Badge Access Data Toronto May 3, 2012 6 Copyright © 2011, Splunk Inc.
Splunk Use Cases Application Monitoring Traffic Monitoring and Troubleshooting and Trends Reporting for Enterprise Storage Security Analysis System Toronto May 3, 2012 Copyright © 2011, Splunk Inc.
Continuous Infrastructure Monitoring  Alerting on various application, system and environmental thresholds  Event correlation to identify a variety of attacks or issues  Data loss prevention  Alerting on “out of the norm” privilege escalations  VPN summary and utilization times  Change reporting – applications, users, groups, etc… Toronto May 3, 2012 8 Copyright © 2011, Splunk Inc.
Our Splunk Apps What we’ve built... • Enterprise Storage Analytics App for Hitachi USP Series • In-house Application Monitoring App • In-house Operational Monitoring App • In-house Systems Management App • RSA SecurID Appliance Reporting App (available on Splunkbase!) • Barracuda Web Filter Reporting App (available on Splunkbase!) Toronto May 3, 2012 9 Copyright © 2011, Splunk Inc.
Building an Enterprise Security App Worked with the Security dept. GQM (Goal-Question-Metric) approach to understand their goals and map to metrics Worked with IT architecture and development Menu and form driven – users can quickly find the view and information they need Over 80 reports driven through 8 menus and 26 individual views! Toronto May 3, 2012 10 Copyright © 2011, Splunk Inc.
Enterprise Security App Menu driven navigation Easily access the reports need Enables better control and policy decisions Toronto May 3, 2012 11 Copyright © 2011, Splunk Inc.
HDS Enterprise Storage Analytics App  Provides the ability to easily drill down resource utilization by host, port, parity group & cache partition.  Easily identify bottlenecks  Allows to access activity in near real-time Toronto May 3, 2012 12 Copyright © 2011, Splunk Inc.
RSA SecurID Appliance Reporting App • Provides entire view of all actions against your SecurID appliance • Understand user actions, admin actions, etc… • Identify “out of the norm” events over short time frames. • Dashboards: Summary, User Activity, Network Activity & Event Search Form Toronto May 3, 2012 13 Copyright © 2011, Splunk Inc.
In-house Application Monitoring • Provides access to production data without • Understand function & method calls – need for access to production systems execution times, responses, size of • Ability to understand user actions calls, etc… throughout their lifetime in the application Toronto May 3, 2012 14 Copyright © 2011, Splunk Inc.
Splunk Benefits Reports formatted to support BU’s across their use cases A more proactive view of the applications and infrastructure Helped restructure our environment and applications Faster investigations & fault identification Improved performance of business initiatives such as marketing campaigns Simplified business processes meaning resource time is freed up allowing for focus on new initiatives. Toronto May 3, 2012 15 Copyright © 2011, Splunk Inc.
Tips for Selling Splunk Internally Know your audience Understand requirements & budgets Simplify “Big Data” Listen… Toronto May 3, 2012 16 Copyright © 2011, Splunk Inc.
Achievement Unlocked - ROI FTW! • Provides $100,000 ROI as an analytics engine for our enterprise storage system • File delivery issues were previously costing $1,125 per incident with an avg. of one incident per week costing $58,500 per year. – Splunk reduced the cost per incident to $75 or $3900 per year -- $54,600 savings per year!! • Extensive soft cost savings: – Ability to configure real-time alerts for quicker response times preventing potential data & profit loss. – Improved performance of business initiatives such as marketing campaigns • Splunk TCO is less than 10% of the $$ savings. Splunk increases productivity for our Security department by approximately $500,000 per year! Toronto May 3, 2012 17 Copyright © 2011, Splunk Inc.
Questions? @iam_joshd

Recommended

Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner Event
Josh D
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
Splunk
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Matthew Rosenquist
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
Andrew Gerber
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_security
Greg Hanchin
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided Tour
Splunk
 
SplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunkLive! Splunk for Security
SplunkLive! Splunk for Security
Splunk
 

Recommended

Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner Event
Josh D
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
Splunk
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Matthew Rosenquist
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
Andrew Gerber
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_security
Greg Hanchin
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided Tour
Splunk
 
SplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunkLive! Splunk for Security
SplunkLive! Splunk for Security
Splunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
Axxera ci siem
Axxera ci siemAxxera ci siem
Axxera ci siem
Reddy Marri
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary Session
Splunk
 
u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubein
Kent Haubein
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBA
Splunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
Mighty Guides, Inc.
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service Intelligence
CleverDATA
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheet
Devaraj Sl
 
Reveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENReveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet EN
ITrust - Cybersecurity as a Service
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire
 
Application Security Testing(AST)
Application Security Testing(AST)Application Security Testing(AST)
Application Security Testing(AST)
Arvind Bhardwaj [AB]
 
Bankinfonews
BankinfonewsBankinfonews
Bankinfonews
Vikram Kalkat
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
Mighty Guides, Inc.
 
eForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teasereForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teaser
eForensicsMag
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
Gabrielle Knowles
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
jpelletier123
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
Splunk
 

More Related Content

What's hot

u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubein
Kent Haubein
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheet
Devaraj Sl
 
eForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teasereForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teaser
eForensicsMag
 

What's hot (20)

Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Axxera ci siem
Axxera ci siemAxxera ci siem
Axxera ci siem
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary Session
 
u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubein
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBA
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service Intelligence
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheet
 
Reveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet ENReveelium Smart Predictive Analytics - Datasheet EN
Reveelium Smart Predictive Analytics - Datasheet EN
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
Application Security Testing(AST)
Application Security Testing(AST)Application Security Testing(AST)
Application Security Testing(AST)
 
Bankinfonews
BankinfonewsBankinfonews
Bankinfonews
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
 
eForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teasereForensics Free Magazine 01.12. teaser
eForensics Free Magazine 01.12. teaser
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
 

Similar to SplunkLive! Denver - Nov 2012 - Interac

SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
Splunk
 
SplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT Operations
Splunk
 
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
Splunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk
 

Similar to SplunkLive! Denver - Nov 2012 - Interac (20)

Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your PartnerPartner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
 
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Drive more value through data source and use case optimization
Drive more value through data source and use case optimization Drive more value through data source and use case optimization
Drive more value through data source and use case optimization
 
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
 
SplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT Operations
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
 
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
 
SplunkLive! Customer Presentation - SSA
SplunkLive! Customer Presentation - SSASplunkLive! Customer Presentation - SSA
SplunkLive! Customer Presentation - SSA
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 

More from Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
vineshkumarsajnani12
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 

Recently uploaded (20)

Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 

SplunkLive! Denver - Nov 2012 - Interac

  • 1. Interac/Acxsys Corporation Josh Diakun Specialist, Info Security Operations twitter: @iam_joshd #splunklive
  • 2. Interac Association/Acxsys Corporation Interac Association – Formed in 1984 – Responsible for the development and operations of the Inter-Member Network (IMN) – Services include Interac Cash, Interac Debit and the contactless enhancement Interac Flash Acxsys Corporation – Founded in 1996 – Provides management services to the association – Specializes in the development & operation of new payment service opportunities. – Services include Interac Online, Interac e-Transfer and international services Toronto May 3, 2012 2 Copyright © 2011, Splunk Inc.
  • 3. Key Challenges Before Splunk Fault occurs Confusion ensues Weekend work No clarity, much stress  Many different log formats  Slow incident and fault response times  Variety of tools for incident investigation  Lack of single point of visibility across and root cause analysis entire infrastructure Toronto May 3, 2012 3 Copyright © 2011, Splunk Inc.
  • 4. Originally Why Splunk? Security was the original driver Looking for a log management solution – Reviewed LogLogic, ArcSight, others – Bought on Price, Speed, Support for Open Source platforms – Bring logs together in a single system – Try and Buy model Better view of network and application activity Toronto May 3, 2012 4 Copyright © 2011, Splunk Inc.
  • 5. The Splunk Adventure…  Downloaded Splunk Free  Immediately producing reports/metrics previously unavailable  Obtained trial enterprise license  Debuted reports to management, secured funding and resources  Focused on first building an application for Security  Applications then built for Infrastructure, Development and Operations Toronto May 3, 2012 5 Copyright © 2011, Splunk Inc.
  • 6. Whats Feeding Splunk Centralized logging and distributed Splunk Universal Forwarders feeding the right combination of data sources. – Active Directory – IPS/HIPS – Host performance data – Syslog – Custom application data – AV Data – Webserver logs – Firewall data – Enterprise storage metrics – VPN data – Database audit logs – SNMP data – SSO application data – Backup event data – External sources (ie. blacklists) – Proxy logs – Physical Badge Access Data Toronto May 3, 2012 6 Copyright © 2011, Splunk Inc.
  • 7. Splunk Use Cases Application Monitoring Traffic Monitoring and Troubleshooting and Trends Reporting for Enterprise Storage Security Analysis System Toronto May 3, 2012 Copyright © 2011, Splunk Inc.
  • 8. Continuous Infrastructure Monitoring  Alerting on various application, system and environmental thresholds  Event correlation to identify a variety of attacks or issues  Data loss prevention  Alerting on “out of the norm” privilege escalations  VPN summary and utilization times  Change reporting – applications, users, groups, etc… Toronto May 3, 2012 8 Copyright © 2011, Splunk Inc.
  • 9. Our Splunk Apps What we’ve built... • Enterprise Storage Analytics App for Hitachi USP Series • In-house Application Monitoring App • In-house Operational Monitoring App • In-house Systems Management App • RSA SecurID Appliance Reporting App (available on Splunkbase!) • Barracuda Web Filter Reporting App (available on Splunkbase!) Toronto May 3, 2012 9 Copyright © 2011, Splunk Inc.
  • 10. Building an Enterprise Security App Worked with the Security dept. GQM (Goal-Question-Metric) approach to understand their goals and map to metrics Worked with IT architecture and development Menu and form driven – users can quickly find the view and information they need Over 80 reports driven through 8 menus and 26 individual views! Toronto May 3, 2012 10 Copyright © 2011, Splunk Inc.
  • 11. Enterprise Security App Menu driven navigation Easily access the reports need Enables better control and policy decisions Toronto May 3, 2012 11 Copyright © 2011, Splunk Inc.
  • 12. HDS Enterprise Storage Analytics App  Provides the ability to easily drill down resource utilization by host, port, parity group & cache partition.  Easily identify bottlenecks  Allows to access activity in near real-time Toronto May 3, 2012 12 Copyright © 2011, Splunk Inc.
  • 13. RSA SecurID Appliance Reporting App • Provides entire view of all actions against your SecurID appliance • Understand user actions, admin actions, etc… • Identify “out of the norm” events over short time frames. • Dashboards: Summary, User Activity, Network Activity & Event Search Form Toronto May 3, 2012 13 Copyright © 2011, Splunk Inc.
  • 14. In-house Application Monitoring • Provides access to production data without • Understand function & method calls – need for access to production systems execution times, responses, size of • Ability to understand user actions calls, etc… throughout their lifetime in the application Toronto May 3, 2012 14 Copyright © 2011, Splunk Inc.
  • 15. Splunk Benefits Reports formatted to support BU’s across their use cases A more proactive view of the applications and infrastructure Helped restructure our environment and applications Faster investigations & fault identification Improved performance of business initiatives such as marketing campaigns Simplified business processes meaning resource time is freed up allowing for focus on new initiatives. Toronto May 3, 2012 15 Copyright © 2011, Splunk Inc.
  • 16. Tips for Selling Splunk Internally Know your audience Understand requirements & budgets Simplify “Big Data” Listen… Toronto May 3, 2012 16 Copyright © 2011, Splunk Inc.
  • 17. Achievement Unlocked - ROI FTW! • Provides $100,000 ROI as an analytics engine for our enterprise storage system • File delivery issues were previously costing $1,125 per incident with an avg. of one incident per week costing $58,500 per year. – Splunk reduced the cost per incident to $75 or $3900 per year -- $54,600 savings per year!! • Extensive soft cost savings: – Ability to configure real-time alerts for quicker response times preventing potential data & profit loss. – Improved performance of business initiatives such as marketing campaigns • Splunk TCO is less than 10% of the $$ savings. Splunk increases productivity for our Security department by approximately $500,000 per year! Toronto May 3, 2012 17 Copyright © 2011, Splunk Inc.

Editor's Notes

  1. Interac Association, formed in 1984, is responsible for the development and operations of the Inter-Member Network (IMN), a national payment network that allows Canadians to access their money through Automated Banking Machines and Point-of-Sale terminals across Canada. Services include Interac Cash, Interac Debit and the contactless enhancement Interac Flash.Acxsys Corporation, founded in 1996, provides management services to the association and specializes in the development and operation of new payment service opportunities. Services include Interac Online, Interac e-Transfer and international services, which provide Canadian cardholders with POS access at nearly 2 million U.S. retailers, and PULSE, Discover, Diners Club International and China UnionPay cardholders access to ABMs in Canada