Uploaded bySplunk
Customer Presentation - QuikTrip
Splunk was implemented to consolidate asset data from various sources like Active Directory, network management tools, MDM, and spreadsheets into a centralized repository to kick start a CMDB. Professional services helped configure Splunk Enterprise Security which identified relevant data sources and how they could be used. The solution architecture included a master cluster, search head cluster, and indexer cluster. This allowed the organization to now have consolidated asset information in one place including hardware/OS details, users, locations, applications, network activity, security issues, and change history to feed their CMDB and improve IT maturity.
More Related Content
Similar to Customer Presentation - QuikTrip
Customer Presentation - QuikTrip
- 1. Kick starting aCMDB with Splunk Stacy Patten Cyber Security Operations Manager, QuikTrip
- 2. The Problem • ExistingSIEM offered little in the way of asset intelligence • Islands of asset data – Active Directory – Network Management Tool – MDM – Client Management Tool – Spreadsheets • Minimal ownership information • Minimal application to asset relationships 2 ?
- 3. The Solution • PurchasedSplunk & Splunk ES • Professional Services assisted with implementation – Configuration of Splunk ES kicked off the asset plan • What sources of data do we have? • What is important or relevant? • How can we use it? 3
- 4. Architecture 4 Master Cluster Node Enterprise Security License Server SHCluster Deployer Deployer Search HeadCluster Indexer Cluster Heavy Forwarders Cisco B200 64 Core 256GB RAM 6TB SSD – Hot 16TB SSD - Cold RHEL VM 16 Core 64GB RAM Scheduler RHEL VM 24 Core 128GB RAM RHEL VM 16 Core 128GB RAM VMware DCN Admin
- 5. The How 5 Firewall Logs Active Directory Rapid7 Network Mgmt. Splunk UF MDM MSSCCM Security Apps Other SQL Data What is it? Who is using it? Security issues? App Logs Splunk Stream Applications? Network Logs Changes?
- 6. The Result • Wehave consolidated all asset sources into one repository. • Now we can feed our CMDB with truth and expedite IT maturity. • Now we know; – Hardware and/or OS – Who is using it – Where it is – What applications it is running – What it’s talking to – Information Security issues – What changes were made by who 6 !
- 7. Asset Intelligence Timeline 7 JANMAR MAY AUG Splunk Purchase CMDB Integration Planning Execution
- 8.
- 9.
Editor's Notes
- #2 Good morning Ladies and Gentleman My name is Tom Peterson, Sales Director for the Midwest First of all, I want to welcome all of you to SplunkLive. It’s great to see some of our old time customers, but also new customers that are joining us today. I would like to begin by asking for a show of hands to a few questions: How many of you have been to a SplunkLive event before? How many of you are already Splunk customers? Of the customers, how many use Splunk for: Security & Compliance? Big Data? IT Operations & Application Management – for those of you who arent using Splunk for APM, we were recently named a Top10 APM vendor by Gartner, so we’ll cover a bit of why we won that designation and why you should tell your peers How about customers using Splunk for multiple use cases? It’s fascinating to see how customers adopt Splunk to solve a specific problem; get comfortable with the platform, then unleash their creativity to tackle even more business challenges within their enterprise. Our agenda is designed to appeal to all of you with a focus on three goals: Highlight how customers get value from Splunk and help you identify new ways to leverage your Splunk investment Provide a forum for you to meet and network with peers Provide you more training on Splunk
- #10 Thank you for joining me this morning and to Nate for his outstanding demonstrations.