Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Splunk for
Continuous Monitoring
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk = Visibility
Splunk is IT searchengine for machine data-
”Google...
Copyright © 2011, Splunk Inc. Listen to your data.
Machine Generated Data Across All IT
No real standards– formats,types
a...
Copyright © 2011, Splunk Inc. Listen to your data.
Dashboards and Views for Every Role
Executive Overview
4
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk is Used Across IT and the Business
5
Web
Analytics
App
Mgmt
Comp...
Copyright © 2011, Splunk Inc. Listen to your data.
What is CM?
Theobjectiveof a continuousmonitoringprogram is to determin...
Copyright © 2011, Splunk Inc. Listen to your data.
What is CM?
CM is not Continuous Patching or Continuous Patch Complianc...
Copyright © 2011, Splunk Inc. Listen to your data.
BridgingtheGap
Storage
ServiceDesk
Applications
Servers
Compliance
Deve...
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk & Data Challenge
9
SplunkTraditional Approaches
Any data format,...
Copyright © 2011, Splunk Inc. Listen to your data.
Multiple Datacenters
10
Headquarters
Arizona California Georgia New Yor...
Copyright © 2011, Splunk Inc. Listen to your data.
Problem Investigation
ServiceDesk
EventConsole
SIEM
Send Data to Other ...
Copyright © 2011, Splunk Inc. Listen to your data.
Integrate External Data
12
LDAP, AD Vulnerability
Lists / Waivers
Servi...
Copyright © 2011, Splunk Inc. Listen to your data.
Integrate Users and Roles
13
Problem Investigation Problem Investigatio...
Copyright © 2011, Splunk Inc. Listen to your data.
Palo Alto
Networks
Centrify
F5
Networks
FISMA
Monitoring
Splunk
Enterpr...
Splunk for FISMA
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk for FISMA v1.1
16
Isn’t it about time you automated your complia...
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk for FISMA v1.1
17
Core Splunk has always provided our customers
...
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk for FISMA v1.1
18
Control Families:
• Access Control (AC)
• Audi...
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk for FISMA v1.1
19
• AC-2 Account Management
• AC-3 Access Enforc...
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk for FISMA v1.1
20
Control references are built into
each dashboa...
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk for FISMA v1.1
21
Core Splunk features allow you to easily
move ...
Copyright © 2011, Splunk Inc. Listen to your data.
CM Compliance Simplified
22
Thank You
Email: fed@splunk.com
Upcoming SlideShare
Loading in …5
×

Splunk FISMA for Continuous Monitoring

2,493 views

Published on

Splunk,Continuous Monitoring, FISMA Application for Splunk

Published in: Technology, Business
  • Be the first to comment

Splunk FISMA for Continuous Monitoring

  1. 1. Splunk for Continuous Monitoring
  2. 2. Copyright © 2011, Splunk Inc. Listen to your data. Splunk = Visibility Splunk is IT searchengine for machine data- ”Googlefor the Data Center” Provides visibility, reporting and searchacross all your IT systems and infrastructure 2 ReducesIT costs with one solution to solve many challenges Softwarethat runs on allmodern platforms
  3. 3. Copyright © 2011, Splunk Inc. Listen to your data. Machine Generated Data Across All IT No real standards– formats,types and sources vary widely IT environmentsbecomingmore dynamicand complex Volumesof log data growing Traditionalmanagementtools too costlyand don’t scale Logs containdatacriticalfor running, securingand auditingIT 3
  4. 4. Copyright © 2011, Splunk Inc. Listen to your data. Dashboards and Views for Every Role Executive Overview 4
  5. 5. Copyright © 2011, Splunk Inc. Listen to your data. Splunk is Used Across IT and the Business 5 Web Analytics App Mgmt ComplianceSecurityIT Ops Business Analytics Developer Framework
  6. 6. Copyright © 2011, Splunk Inc. Listen to your data. What is CM? Theobjectiveof a continuousmonitoringprogram is to determineif the completesetof planned,required, and deployed security controls within an informationsystemor inherited by thesystem continueto be effectiveover time in light of theinevitablechangesthatoccur. - The NISTCM FAQ Promotestheconceptof near real-timerisk managementand ongoing informationsystem authorizationthrough theimplementationof robust continuousmonitoringprocesses; (800-37) …tosupport consistent,well-informed,and ongoing securityauthorizationdecisions(through continuousmonitoring),transparencyof securityand risk management-relatedinformation,and reciprocity;(800-37) 6
  7. 7. Copyright © 2011, Splunk Inc. Listen to your data. What is CM? CM is not Continuous Patching or Continuous Patch Compliance 800-37 TASK 2-3: Develop a strategy for the continuous monitoring of security control effectiveness and any proposed or actual changes to the information system and its environmentof operation Continuouslyenforceapplicationofsecuritycontrols Continuouslymonitortheeffectivenessofsecuritycontrols – Serverlogs – Perimeterdefenses – Applicationlogs Tweakcontrols Rinse,repeat 7
  8. 8. Copyright © 2011, Splunk Inc. Listen to your data. BridgingtheGap Storage ServiceDesk Applications Servers Compliance Development Change Management Virtualization Security Networking Monitor & Alert Search & Investigate Reporting & Analytics
  9. 9. Copyright © 2011, Splunk Inc. Listen to your data. Splunk & Data Challenge 9 SplunkTraditional Approaches Any data format, any volume, any pattern-Machine Based Decide what to look for ahead of time-Human vs. Machine
  10. 10. Copyright © 2011, Splunk Inc. Listen to your data. Multiple Datacenters 10 Headquarters Arizona California Georgia New York Distributed Search Index and store locally. Distribute searches to datacenters, networks & geographies.
  11. 11. Copyright © 2011, Splunk Inc. Listen to your data. Problem Investigation ServiceDesk EventConsole SIEM Send Data to Other Systems Route raw data in real time or send alerts based on searches.
  12. 12. Copyright © 2011, Splunk Inc. Listen to your data. Integrate External Data 12 LDAP, AD Vulnerability Lists / Waivers Service Desk CMDB Associate IP addresses with locations, accounts with regions Extend search with lookups to external data sources.
  13. 13. Copyright © 2011, Splunk Inc. Listen to your data. Integrate Users and Roles 13 Problem Investigation Problem Investigation Problem Investigation Save Searches Share Searches LDAP,AD Usersand Groups SplunkFlexibleRoles Manage Users Manage Indexes Capabilities& Filters org=OIT app=ERP … Map LDAP & AD groups to flexible Splunk roles. Define any search as a filter. Integrate authentication with LDAP and Active Directory.
  14. 14. Copyright © 2011, Splunk Inc. Listen to your data. Palo Alto Networks Centrify F5 Networks FISMA Monitoring Splunk Enterprise Security BlueCoat Splunk PCI Compliance Cisco Security Splunk Apps for Security and Compliance 14 Developer Framework
  15. 15. Splunk for FISMA
  16. 16. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for FISMA v1.1 16 Isn’t it about time you automated your compliance audits? Executive dashboards. Auditor details.
  17. 17. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for FISMA v1.1 17 Core Splunk has always provided our customers with fantastic compliance and auditing insights, among other things. The new Splunk for FISMA app takes that to a whole new level. Splunk for FISMA is a comprehensive suite of reports and searches enabling customers to easily audit agency compliance of 800-53 revision 3 controls for the entire enterprise. Even custom applications and log formats.
  18. 18. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for FISMA v1.1 18 Control Families: • Access Control (AC) • Audit & Accountability (AU) • Security Assessment & Authorization (CA) • Configuration Management (CM) • Contingency Planning (CP) • Identification & Authentication (IA) • Incident Response (IR) • Personnel Security (PS) • Risk Assessment • System & Communications Protection (SC) • System & Information Integrity (SI) 11 Control Families 40 Controls 60 Searches Data Sources: • Windows • Unix • Proxy • Firewall • IDS • Wireless Security • Vulnerability Scanners • Network Scanners • Application Installation and Patching • Anti-virus systems • and more!
  19. 19. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for FISMA v1.1 19 • AC-2 Account Management • AC-3 Access Enforcement • AC-4 Information Flow Enforcement • AC-5 Separation of Duties • AC-6 Least Privilege • AC-7 Unsuccessful Login Attempts • AC-10 Concurrent Session Control • AC-11 Session Lock • AC-17 Remote Access • AC-18 Wireless Access • AC-19 Access Control For Mobile Devices • AU-2 Auditable Events • AU-3 Content Of Audit Records • AU-4 Audit Storage Capacity • AU-5 Response To Audit Processing Failures • AU-6 Audit Review, Analysis, And Reporting • AU-7 Audit Reduction And Report Generation • AU-8 Time Stamps • AU-9 Protection Of Audit Information • AU-11 Audit Record Retention • AU-12 Audit Generation Controls • CA-2 Security Assessment • CA-7 Continuous Monitoring • CM-2 Baseline Configuration • CM-6 Configuration Settings • CM-7 Least Functionality • CP-9 Information System Backup • IA-2 Identification And Authentication (Organizational Users) • IA-8 Identification And Authentication (Non-Organizational Users) • IR-4 Incident Handling • IR-5 Incident Monitoring • IR-6 Incident Reporting • IR-7 Incident Response Assistance • PS-4 Personnel Termination • RA-5 Vulnerability Scanning • SC-5 Denial Of Service Protection • AC-4 Information Flow Enforcement • SI-3 Malicious Code Protection • SI-4 Information System Monitoring
  20. 20. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for FISMA v1.1 20 Control references are built into each dashboard… as are real event data and a real search language
  21. 21. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for FISMA v1.1 21 Core Splunk features allow you to easily move from dashboards to alerts.
  22. 22. Copyright © 2011, Splunk Inc. Listen to your data. CM Compliance Simplified 22
  23. 23. Thank You Email: fed@splunk.com

×