Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SplunkLive! Stockholm 2019 - Customer presentation: ISS


Published on

ISS demonstrates their cloud journey with impressively fast time to value

Published in: Technology
  • Be the first to comment

  • Be the first to like this

SplunkLive! Stockholm 2019 - Customer presentation: ISS

  1. 1. 1 Splunk@ISS SplunkLive! Stockholm 2019
  2. 2. About ISS Founded in 1901, ISS is one of the world’s leading facility services companies We are a global provider of workplace management and facility services. We service and maintain customers’ facilities, helping to create workplaces that are pleasant, safe and nurturing for their employees and visitors. 2
  3. 3. Activities in 74 countries 485,908 employees 130+ different languages spoken Among the world’s 10 largest private employers Our Global Platform 3
  4. 4. Our Service Offering • Daily Office Cleaning • Janitorial Services • Washroom Services • Dust Control • Industrial Cleaning • Street Cleaning • Clean Room Services • Green Cleaning • Reception Services • Office Logistics • Call Centre • Mail-room Services • Shipping & Receiving • Reprographics & Xerox • Document Handling • Transportation (logistics) • Warehouse Services • Operations & Maintenance • Landscaping • Pest Control • Project Management • Moves and Changes • M & E • Energy Management • Company Restaurants • Canteen Services • Executive Dining • Coffee / Beverage Service • Vending • Fruit Deliveries • Conference Room Services • Access Control • Concierge Services • Mobile Patrols • Alarm Response Services • Emergency First • Risk Consulting • Guard Services Cleaning Services Support Services Catering Services Security ServicesTechnical Services Facility Management 4
  5. 5. Our Strategy Key Accounts We want to build the large and global key- accounts The current business strategy is to cultivate large, global accounts and grow these. We will endeavor to get more like these either by bidding or growing small local accounts with large potential. 5
  6. 6. Global Information Security How we support the strategy: • Create visibility • Enable compliance • Secure the IT environment • Drive Information Security Projects • Advise and support business units • IoT • Architecture • Controls • And a lot more  7
  7. 7. Who is Global Information Security 8 Contact: All started Nov 2018 to Jan 2019 (Except David) We replaced a team of one man We are terribly busy Additionally ISS has 20+ persons around the world working with IS (part-time for many)
  8. 8. Splunk Estate Splunk Cloud (150GB) Heavy Forwarder(s) Many Universal forwarders Many syslog sources Many Apps and add-ons Enterprise Security Possibly ITOps 9
  9. 9. Why Splunk? 10 Basic Security Monitoring • Splunk is the leading vendor in providing centralized security information and event management (SIEM), • According to Gartner Group (leading market analyst company) Splunk are the leading vendor 6 years in a row, and got the highest scores across several areas in their MQ companion report. • Splunk is used by 90% of the fortune 100 companies in the US and several of our global key accounts (see following reference slide) • A benefit with Splunk, is that it is well known in the market, therefor there are many people with Splunk skills already, some of our existing internal IT resources even have the necessary skills, thereby elimination the need for a large upfront training cost. • Splunk is the largest neutral and open security platform provider, with over 850 integrations for other IT and IT security vendors. Thereby not locking ourselves in with just one main security vendor, which can be a risk in the modern cyber security world. • Splunk can be used on-premises, in AWS/Azure/Google or in their own cloud. Their cloud is even ISO 27001 and SOC 2 compliant, plus offers 100% uptime SLA, data availability in the relevant regions, where ISS are present. • Splunk provides us with a platform that can support our security and compliance journey, not only supporting visibility for the short term, but also advanced detection for out- and insider threats + potential automation for the long term, which in the end will help us to reduce costs and improve our overall security and compliance + confirm that the Splunk platform is the right choice for both the short and long term. • Splunk is a data platform, that that can be utilized across the company for optimizing both IT security, compliance, IT operations, data analytics and IOT, thereby providing us with a low TCO and high ROI. Complex Security Monitoring
  10. 10. Why Splunk Support visibility in the organization Provide the basis for SoC work Provide compliance (Customer requirements as well as frameworks) Central log monitoring and alerting (from a very diverse environment) ES module for security visibility and correlation 11
  11. 11. Splunk Cloud • Splunk Core and Enterprise Security (SIEM) • Based in Splunk Cloud, which has a 100% up-time SLA, multiple datacenters within the EU, SOC 2 and ISO 27000 compliant • Data is encrypted both in transit and at rest • Data is then stored for 90 days, retention time can be longer at a cost • Data can also be exported to long term storage of our choice • 100% uptime • Splunk support instal l apps and add-ons No operations hassels 12
  12. 12. Results so far - 5 months in Found five security hotspots in the company Reduced the number of brute force attempts on the estate Able to report on compliance in a number of areas Started Threat intel detection (Not hunting yet) Support dashboards for incident response playbooks Micro SoC established Gaining support from the business units Wrote several addons, and working on ticket integration Actively using Splunk to support IR 13
  13. 13. Security Future and recommendations The Future Ingest more logs to establish more coverage of current use cases Establish SoC (buy as a Service) Establish Use Cases (Hopefully we can get some from vendor) Establish Play books (Hopefully vendor has some framework we can use) Automate (SOAR) (Either from vendor or establish our own to integrate with vendor) Recommendations Think about what you want out of it before ingesting Limit logs to relevant entries (use routing) 14
  14. 14. Splunk IT Operations - future This is dependent on the operations people having success, but I see the following quick wins: • Support customer facing systems • Reduce Time to Fix/Repair • Provide visibility into causes • Improve processes based on causes and Fixes 15
  15. 15. 16 Q&A
  16. 16. Thank you 18