Group Health Cooperative Customer Presentation

•

1 like•766 views

Group Health Cooperative uses Splunk's software and CIRTA system to conduct incident response. It ingests logs from various systems using Splunk and analyzes the data to detect anomalies and security incidents. When incidents are found, CIRTA is used to track, investigate, and categorize each incident to measure the effectiveness of the response. Examples provided show how Splunk detected phishing attempts and vulnerable systems to help Group Health address security issues.

Technology

Copyright © 2015 Splunk Inc.
Incident Response at
Group Health Cooperative
Chris White
Sr. Information Security Engineer

2
• At Group Health since 2012
• Part of Information Security
Engineering and Operations
• Splunk user since 2011.
• Favorite joke
My Background and Role

3
Company Overview
Member-governed, nonprofit health care
system coordinating care and coverage
Founded in 1947 and based in Seattle,
Washington
25 locations in 17 cities
Serves more than 600,000 residents in
Washington and North Idaho

4
Enterprise Security Assurance
• Detect when prevention
mechanisms fail
• Manage and measure incident
response
• Enterprise log management and
analysis
• All things security engineering
Protect the systems, patients and the patient data
Enterprise Security
Assurance
Governance
and Policy
Engineering
and Operations
Operations (2)
Engineering
(me)

5
Splunk at Group Health
~10 active users
Significant effort towards
managing knowledge objects
Git repositories on top of all
Splunk configurations
Complete set of config
packaged into single
application for easier
deployment
Load balancer used for all
inbound syslog. (No more
facility/priority shuffling!)
1 search head
3 indexers
Dev Search Head
Deployment Server
Git Deployment Versioning
Syslog-ng
Heavy Forwarder
Sentry
Win/*NIX

6
Splunk Development at Group Health
Simple XML
•Basic dashboards
•Drag & drop
Simple XML
•Advanced
•Drag & drop
Advanced XML
•Full customization
•Obsolete
Web framework
•Rich, interactive
experiences
2013 Present

7
Anomaly
Detection
• Snort IDS
• Bro IDS
• Sandboxing
•
Alerting
•
•
Investigation &
Incident Tracking
• CIRTA
•
Incident Response at Group Health

8
Incident Response Workflow
CIRTA
(Computer Incident
Response Team Analysis)
• Original incident
response system
• Accelerates post
detection Incident
Response
• Automates and archives
data for incidents
• Builds picture of event
over time
• Incident contextual
visualization, anomaly
detection and search
• Nearly instantaneous
results
• Tracks each incident
stage
• Measures incident
response effectiveness
• Incident categorizations
Incident Logs
CIRTA Logs
Collected Logs
Collateral Events

13
Splunk CIRTA Frontend (Analyst Trend)

14
Example: Phishing Attempts
Anomaly
Detection
• Correlate web
logs from OWA
and geolocation
• Apply weighted
scoring and
“speed of light”
tests
Alerting
• Send alerts if
“speed of light”
tests fail
Investigation
• Verify phishing
attempt and
prevent access

16
Example: Java Vulnerabilities
• Rule: Resource must have latest
version of Java to access Internet
• Vulnerable java requests for exploit
code blocked
• Incidents processed in CIRTA and
pushed to Splunk for incident
metrics on compromises
• 50% decrease in incidents/mon

17
Splunk for Privacy Monitoring
Simple, dynamic, multiuser analysis experience
Complete context through demographics and encounters
Increase efficacy through weighted scores
Reporting performance
– Avoid live analytical searches
– Summarize scenario reports
– Display pre-analyzed data
Framework design supports
pluggable sources of privacy data.
On Splunkbase

18
Why Splunk?
Easier to
visualize data
to detect
anomalies
Endless
possibilities with
SDK and Web
Framework
Log analysis
accessible vs.
command line
expertise

Group Health Cooperative Customer Presentation

This document summarizes Tyler Germer's presentation on AdvancedMD's use of Splunk for log management and monitoring. Some key points: - AdvancedMD uses Splunk to gain visibility across its infrastructure including applications, networking, and other systems. This has helped reduce troubleshooting time. - Their Splunk deployment includes indexers, search heads, forwarders and syslog servers ingesting logs from over 600 systems. - Splunk has provided operational intelligence and helped identify issues quickly, such as spotting errors in a software release within 30 minutes. - AdvancedMD aims to expand Splunk usage to other teams and applications and upgrade their deployment.

WestJet Customer Presentation

Splunk

WestJet Airlines is a Canadian airline founded in 1996 that has grown to operate over 425 flights per day to over 90 destinations across North America and Central America. The Solutions Architect at WestJet discusses how they implemented Splunk to gain visibility into their various systems like websites and apps. Splunk has helped WestJet troubleshoot issues faster, identify performance problems, and answer ad-hoc questions by consolidating their logs in one place.

University of Alberta Customer Presentation

Splunk

Greg Dostatni is the team lead for application hosting at the University of Alberta. He manages a 10 person team responsible for managing applications and databases across the university. The university implemented Splunk in 2013 to help address challenges around siloed data and reactive troubleshooting after restructuring IT operations. Splunk provides centralized logging, real-time monitoring and alerts, and customizable dashboards. This has improved initial incident response times from half an hour to gather data to immediately investigating issues. Splunk also allows tracking of key metrics like authentication system transactions and performance monitoring across the university's systems.

SplunkLive! Customer Presentation - Cisco Systems, Inc.

Splunk

This document discusses using Splunk as a security information and event management (SIEM) tool. It describes how Cisco's Computer Security Incident Response Team (CSIRT) uses Splunk to monitor over 1 terabyte of log data per day across Cisco's global operations. The document contrasts old approaches that relied on vendor-provided reports with new approaches like hunting for threats by building custom queries. It emphasizes an iterative process of filtering, refining queries to find bad traffic and saving reusable searches to automate threat detection.

Customer Presentation, FirstSolar

Splunk

First Solar is a global leader in solar energy solutions with over 10 GW installed worldwide. They chose Splunk as their security information and event management (SIEM) solution after their previous solution provided cryptic, unusable alerts that wasted analysts' time. Splunk has provided First Solar with clarity into their environment, allowing them to distinguish real threats from false positives in under 30 minutes and improving security. They use Splunk for dashboards, malware detection, and accurate searches to quickly respond to incidents. First Solar now has complete visibility and faster response times with Splunk.

Machine Learning and Analytics Breakout Session

Splunk

This document provides an overview of machine learning and how it can be used with Splunk. It discusses what machine learning is, the different types of machine learning, and common use cases in IT operations, security, and business analytics. It also summarizes how machine learning can be implemented using Splunk, including exploring data, building models, applying and validating models, and operationalizing models. The document encourages attendees to try out the free Splunk Machine Learning Toolkit and Showcase app.

How to Design, Build and Map IT and Biz Services Breakout Session

Splunk

This document provides information on how to design and implement service intelligence using Splunk. It discusses identifying critical business services and issues to focus on, bringing subject matter experts together in a collaborative workshop to design service models before configuration. The workshop uses a case study of the gaming company Buttercup Games to design a supply chain service intelligence model, mapping key performance indicators and services across infrastructure, application, and business layers to gain visibility into issues impacting customer experience and revenue. Attendees are encouraged to sign up for a similar joint workshop with Splunk to start unlocking the value of their machine data.

SplunkLive! Austin Customer Presentation - Baylor

Splunk

- Baylor University is a private Christian university in Waco, Texas with over 17,000 students. The CISO, Jon Allen, built the university's security program from the ground up over 17 years. - Before Splunk, it was difficult and inefficient for the security team to search logs and get the information they needed across different systems in a timely manner. - Splunk provided a single platform to integrate and search all their log data, allowing the security team to quickly gain visibility, troubleshoot issues, and meet compliance requirements. It also helped break down silos between different IT teams. - Splunk has improved operational efficiency by reducing the time to find information from hours to minutes. It also fosters

This document discusses Splunk for developers. It provides an overview of empowering developers with Splunk, building Splunk apps, and gaining application intelligence across the development lifecycle. Key points include instrumenting application logs for insights, integrating and extending Splunk, building unit testing and code integration, and gaining end-to-end visibility across development tools. The document also discusses resources for Splunk developers including tutorials, code samples, SDKs, and developer licenses.

Splunk @ Adobe

Splunk

Splunk is a software company headquartered in San Francisco with additional offices in London and Hong Kong. They have over 2,100 employees and annual revenue of $668.4 million, growing 49% year-over-year. Their products include Splunk Enterprise, Splunk Cloud, and other solutions for collecting, analyzing, and visualizing machine-generated data from websites, applications, sensors, and other sources. Splunk has over 11,000 customers across more than 110 countries, including 80 of the Fortune 100. Their largest customer indexes over 1 petabytes of data per day.

SplunkLive! Customer Presentation – Covance Inc"

Splunk

Covance is a global drug development company headquartered in Princeton, NJ with over 12,000 employees worldwide. Jessie Ridge is a senior security engineer who helped build Covance's security program from the ground up. Previously, Covance had limited security visibility due to outdated tools and data silos. They implemented Splunk to gain a single source of visibility across their systems. Splunk provided improved security and faster investigations by ingesting various log types. It has since expanded to other teams and grown from processing 10GB of data per day to over 900GB with 25+ users.

Getting Started with Splunk Enterprise Hands-On Breakout Session

Splunk

Splunk in the Cisco Unified Computing System (UCS)

Splunk

Cisco has been a Splunk customer for 8 years, with a strong engineering partnership for 3+ years. Learn how several Cisco customers as well as Cisco IT have deployed, grown, and transformed our businesses using the advantages of Splunk Enterprise software together with Cisco UCS and Nexus hardware. We will also talk about scalability and performance considerations for all scales of data footprint and business growth.

Customer Presentation - Financial Services Organization

Splunk

The document discusses the experience of migrating from an old SIEM to Splunk Enterprise Security (ES). Key points include: - The old SIEM was difficult to maintain, slow, and lacked community support. Splunk provided better performance and capabilities. - Logs were migrated to Splunk one source at a time after normalization. Analysts found Splunk easier to use. - A proof of concept with ES showed its advanced correlations, dashboards, and incident management capabilities beyond core Splunk. - ES provides templates for searches, alerts, and workflows that would have taken months to recreate. It is a more complete SIEM solution.

Splunk for Enterprise Security featuring UBA Breakout Session

Splunk

This document provides an overview and update on Splunk's Enterprise Security and User Behavior Analytics solutions. It discusses the latest releases of Splunk Enterprise, Enterprise Security, and User Behavior Analytics. It describes the key functions and use cases of Enterprise Security, which provides security monitoring, alert management, and incident response capabilities. It also outlines the main functions and use cases of User Behavior Analytics, which uses unsupervised machine learning to detect anomalies and advanced threats. The document promotes Splunk as an effective security intelligence platform to collect, analyze, and investigate machine data from various sources.

Getting Started with Splunk Enterprise Hands-On

Splunk

This document provides an overview and demonstration of Splunk software. It outlines an agenda to discuss why Splunk, how to install and use Splunk through a live demonstration, Splunk deployment architectures, and communities for help. The live demonstration shows importing sample data, performing searches, creating alerts and dashboards. It also discusses pivoting, field extraction, analytics, and scaling Splunk deployments.

Machine Learning + Analytics in Splunk

Splunk

Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms. In this session, we'll present an overview of the app architecture and API and show you how to use Splunk to easily perform a variety of tasks, including outlier and anomaly detection, predictive analytics, and event clustering. We’ll use real data to explore these techniques and explain the intuition behind the analytics.

SplunkLive! London 2016 Splunk for Devops

Splunk

This document discusses how Splunk can be used for DevOps. It defines DevOps as integrating development and operations. It then discusses some common DevOps metrics like culture, process, quality, systems, activity, and impact metrics. It explains that machine data from across the development lifecycle and IT operations is a critical source of DevOps metrics. The document provides examples of how Splunk can provide visibility and collect machine data from various parts of the development and operations environments, like code review, version control, CI/build servers, testing, releases, and infrastructure systems. It discusses how Splunk can be used to increase delivery velocity, improve code quality, and enable data-driven continuous delivery for DevOps teams.

Distributed Management Console Breakout Session

Splunk

This document provides a summary of the Distributed Management Console (DMC) 6.2 from Splunk. It discusses the continuous investment in management and monitoring capabilities. It provides a history of Splunk's monitoring tools and describes the DMC architecture. It demonstrates the DMC's search head clustering, indexer clustering, indexes and volumes, and forwarder monitoring views which provide insights into deployments. It also shows the topology view that visually represents distributed Splunk installations.

FVCP Splunk Presentation

Straight North

Splunk is a tool that allows users to index, search, and analyze data from various IT systems and applications in a single interface. It features real-time indexing, ad-hoc searching, reporting, dashboards, monitors, alerts, and an API. Splunk is available in community and enterprise versions and supports Windows, Linux, and Mac operating systems. Documentation, software downloads, and whitepapers are available on Splunk's website.

Cisco and Splunk: Under the Hood of Cisco IT Breakout Session

Splunk

Cisco has a long-standing relationship with Splunk, using its software and services for IT operations, security analytics, and other purposes across its global data centers. Some key points: - Cisco has used Splunk for over 7 years to monitor over 70 applications and aggregate data from various systems. - Splunk helps Cisco improve IT operations by reducing issues by 50% and resolution times by 90%, and reducing operational costs by 80%. - Cisco's security team uses Splunk to conduct investigations, detecting up to 2-3 million security events per day from various sources. This allows for faster investigations and automated tasks. - Cisco designs and validates architectures for running Splunk on its Cisco UCS servers

SplunkLive! Austin Customer Presentation - Xerox

Splunk

Xerox uses Splunk to monitor its electronic payment processing systems. Some key benefits of Splunk include huge time savings over its previous Tivoli platform, increased efficiencies across the business from automated features, and improved visibility into transaction processing through Splunk dashboards. Splunk helps with IT operations monitoring, compliance activities, fraud management, and SSL certificate management. Xerox is able to track $90 billion in payments annually and monitor fraud in real-time using Splunk.

Improve the Impact of DevOps

Splunk

Design, Build and Map IT and Business Services in Splunk

Splunk

This document provides an overview of how to design, build, and map IT and business services in Splunk. It discusses identifying critical business services and problems, collaborating with subject matter experts to design service models, and using Splunk's service intelligence capabilities like glass tables and visualizations to gain insights. An example problem for a company called Buttercup Games is presented, showing how to map their supply chain services and key performance indicators to help address frequent issues impacting customer experience and revenue. The document promotes harnessing organizational knowledge through a collaborative workshop with Splunk to define methods for proactive monitoring, reduced risk, faster resolution, and increased performance of important business services.

Splunk live university of alberta 2015

dostatni

Greg Dostatni is the team lead for application hosting at the University of Alberta. He manages a 10 person team responsible for managing applications and databases across the university. The university implemented Splunk in 2013 to help address challenges around siloed data and reactive troubleshooting. Splunk provides centralized logging, real-time monitoring and alerts, and dashboards to help monitor performance, troubleshoot authentication systems, and provide insights for executives. While Splunk has helped improve visibility and incident response, challenges remain around log standardization and understanding normal system behavior from logs.

Splunk for Enterprise Security featuring UBA Breakout Session

Splunk

This document provides an overview of a presentation given by Dave Herrald, a security architect at Splunk, on Splunk's Enterprise Security and User Behavior Analytics solutions. The presentation covered new features in Splunk Enterprise Security 4.1, including enhanced threat intelligence integration, risk-based searching and incident review, and integration with Splunk User Behavior Analytics. It also reviewed capabilities in Splunk User Behavior Analytics 2.2 like custom threat modeling, expanded attack coverage, and context enrichment.

Customer Presentation - KCP&L

Splunk

William Aune is the lead security analyst at KCP&L, an electric utility company serving over 800,000 customers. He has over 12 years of experience in IT security. KCP&L implemented Splunk in 2014 to centralize log management and has continued finding value from the platform. They index around 80GB of data per day from various sources. Some examples of how Splunk has helped KCP&L include identifying a vendor issue from firewall and DoS appliance logs, gaining geographic context with GeoIP, and detecting potential network scanning. Going forward, KCP&L aims to index more logs and develop custom apps to provide tailored insights for different teams.

Secure360 May 2018 Lessons Learned from OWASP T10 Datacall

Brian Glas

Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This session will provide tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.

Building a Next-Generation Security Operations Center (SOC)

Sqrrl

So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations. Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc

IDS for Security Analysts: How to Get Actionable Insights from your IDS

AlienVault

The document discusses best practices for intrusion detection systems (IDS). It recommends a three phase process: collection, evaluation, and tuning. In the collection phase, an IDS gathers baseline data for 2 weeks. In evaluation, valuable and actionable events are identified based on policy, risk, and environment. Trending helps eliminate normal activity. Tuning removes unnecessary events to reduce false positives and save time through threshold adjusting and awareness of network details. Updates may require periodic re-evaluation and tuning to account for changes.

What's hot

Splunk for Developers

Splunk

Splunk @ Adobe

Splunk

SplunkLive! Customer Presentation – Covance Inc"

Splunk

Getting Started with Splunk Enterprise Hands-On Breakout Session

Splunk

Splunk in the Cisco Unified Computing System (UCS)

Splunk

Customer Presentation - Financial Services Organization

Splunk

Splunk for Enterprise Security featuring UBA Breakout Session

Splunk

Getting Started with Splunk Enterprise Hands-On

Splunk

Machine Learning + Analytics in Splunk

Splunk

SplunkLive! London 2016 Splunk for Devops

Splunk

Distributed Management Console Breakout Session

Splunk

FVCP Splunk Presentation

Straight North

Cisco and Splunk: Under the Hood of Cisco IT Breakout Session

Splunk

SplunkLive! Austin Customer Presentation - Xerox

Splunk

Improve the Impact of DevOps

Splunk

Design, Build and Map IT and Business Services in Splunk

Splunk

Splunk live university of alberta 2015

dostatni

Greg Dostatni is the team lead for application hosting at the University of Alberta. He manages a 10 person team responsible for managing applications and databases across the university. The university implemented Splunk in 2013 to help address challenges around siloed data and reactive troubleshooting. Splunk provides centralized logging, real-time monitoring and alerts, and dashboards to help monitor performance, troubleshoot authentication systems, and provide insights for executives. While Splunk has helped improve visibility and incident response, challenges remain around log standardization and understanding normal system behavior from logs.

Splunk for Enterprise Security featuring UBA Breakout Session

Splunk

Customer Presentation - KCP&L

Splunk

Secure360 May 2018 Lessons Learned from OWASP T10 Datacall

Brian Glas

What's hot (20)

Splunk for Developers

Splunk @ Adobe

SplunkLive! Customer Presentation – Covance Inc"

Getting Started with Splunk Enterprise Hands-On Breakout Session

Splunk in the Cisco Unified Computing System (UCS)

Customer Presentation - Financial Services Organization

Splunk for Enterprise Security featuring UBA Breakout Session

Getting Started with Splunk Enterprise Hands-On

Machine Learning + Analytics in Splunk

SplunkLive! London 2016 Splunk for Devops

Distributed Management Console Breakout Session

FVCP Splunk Presentation

Cisco and Splunk: Under the Hood of Cisco IT Breakout Session

SplunkLive! Austin Customer Presentation - Xerox

Improve the Impact of DevOps

Design, Build and Map IT and Business Services in Splunk

Splunk live university of alberta 2015

Splunk for Enterprise Security featuring UBA Breakout Session

Customer Presentation - KCP&L

Secure360 May 2018 Lessons Learned from OWASP T10 Datacall

More from Splunk

.conf Go 2023 - Data analysis as a routine

Splunk

.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV

Splunk

.conf Go 2023 - Navegando la normativa SOX (Telefónica)

Splunk

.conf Go 2023 - Raiffeisen Bank International

Splunk

This document discusses standardizing security operations procedures (SOPs) to increase efficiency and automation. It recommends storing SOPs in a code repository for versioning and referencing them in workbooks which are lists of standard tasks to follow for investigations. The goal is to have investigation playbooks in the security orchestration, automation and response (SOAR) tool perform the predefined investigation steps from the workbooks to automate incident response. This helps analysts automate faster without wasting time by having standard, vendor-agnostic procedures.

.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett

Splunk

.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)

Splunk

.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...

Splunk

.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...

Splunk

.conf go 2023 - De NOC a CSIRT (Cellnex)

Splunk

El documento describe la transición de Cellnex de un Centro de Operaciones de Seguridad (SOC) a un Equipo de Respuesta a Incidentes de Seguridad (CSIRT). La transición se debió al crecimiento de Cellnex y la necesidad de automatizar procesos y tareas para mejorar la eficiencia. Cellnex implementó Splunk SIEM y SOAR para automatizar la creación, remediación y cierre de incidentes. Esto permitió al personal concentrarse en tareas estratégicas y mejorar KPIs como tiempos de resolución y correos electrónicos anal

conf go 2023 - El camino hacia la ciberseguridad (ABANCA)

Splunk

Este documento resume el recorrido de ABANCA en su camino hacia la ciberseguridad con Splunk, desde la incorporación de perfiles dedicados en 2016 hasta convertirse en un centro de monitorización y respuesta con más de 1TB de ingesta diaria y 350 casos de uso alineados con MITRE ATT&CK. También describe errores cometidos y soluciones implementadas, como la normalización de fuentes y formación de operadores, y los pilares actuales como la automatización, visibilidad y alineación con MITRE ATT&CK. Por último, señala retos

Splunk - BMW connects business and IT with data driven operations SRE and O11y

Splunk

BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.

Splunk x Freenet - .conf Go Köln

Splunk

Splunk Security Session - .conf Go Köln

Splunk

The document is a presentation on cyber security trends and Splunk security products from Matthias Maier, Product Marketing Director for Security at Splunk. The presentation covers trends in security operations like the evolution of SOCs, new security roles, and data-centric security approaches. It also provides updates on Splunk's security portfolio including recognition as a leader in SIEM by Gartner and growth in the SIEM market. Maier highlights some breakout sessions from the conference on topics like asset defense, machine learning, and building detections.

Data foundations building success, at city scale – Imperial College London

Splunk

Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.

Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...

Splunk

SOC, Amore Mio! | Security Webinar

Splunk

.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own. Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo. So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including: Top challenges faced in improving security posture Key KPIs implemented in order to measure success Strategies and approaches applied in the SOC How MITRE ATT&CK and Splunk Enterprise Security were utilised Next steps in their maturity journey ahead

.conf Go 2022 - Observability Session

Splunk

This document summarizes a presentation about observability using Splunk. It includes an agenda introducing observability and why Splunk for observability. It discusses the need for modernization initiatives in companies and the thousands of changes required. It presents that Splunk provides end-to-end visibility across metrics, traces and logs to detect, troubleshoot and optimize systems. It shares a customer case study of Accenture using Splunk observability in their hybrid cloud environment. Finally, it concludes that observability with Splunk can drive results like reduced downtime and faster innovation.

.conf Go Zurich 2022 - Keynote

Splunk

This document contains slides from a Splunk presentation covering the following topics: - Updated Splunk logo and information about meetings in Zurich and sales engineering leads - Ideas for confused or concerned human figures in design concepts - Three buckets of challenges around websites slowing, apps being down, and supply chain issues - Accelerating mean time to detect, identify, respond and resolve through cyber resilience with Splunk - Unifying security, IT and DevOps teams - Splunk's technology vision focusing on customer experience, hybrid/edge, unleashing data lakes, and ubiquitous machine learning - Gaining operational resilience through correlating infrastructure, security, application and user data with business outcomes

.conf Go Zurich 2022 - Platform Session

Splunk

This document summarizes a presentation about Splunk's platform. It discusses Splunk's mission of helping customers create value faster with insights from their data. It provides statistics on Splunk's daily ingest and users. It highlights examples of how Splunk has helped customers in areas like internet messaging and convergent services. It also discusses upcoming challenges and new capabilities in Splunk like federated search, flexible indexing, ingest actions, improved data onboarding and management, and increased platform resilience and security.

.conf Go Zurich 2022 - Security Session

Splunk

The document appears to be a presentation from Splunk on security topics. It includes sections on cyber security resilience, the data-centric modern SOC, application monitoring at scale, threat modeling, security monitoring journeys, self-service Splunk infrastructure, the top 3 CISO priorities of risk based alerting, use case development, a security content repository, security PVP (posture, vision, and planning) and maturity assessment, and concludes with an overview of how Splunk can provide end-to-end visibility across an organization.

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine

.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV

.conf Go 2023 - Navegando la normativa SOX (Telefónica)

.conf Go 2023 - Raiffeisen Bank International

.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett

.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)

.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...

.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...

.conf go 2023 - De NOC a CSIRT (Cellnex)

conf go 2023 - El camino hacia la ciberseguridad (ABANCA)

Splunk - BMW connects business and IT with data driven operations SRE and O11y

Splunk x Freenet - .conf Go Köln

Splunk Security Session - .conf Go Köln

Data foundations building success, at city scale – Imperial College London

Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...

SOC, Amore Mio! | Security Webinar

.conf Go 2022 - Observability Session

.conf Go Zurich 2022 - Keynote

.conf Go Zurich 2022 - Platform Session

.conf Go Zurich 2022 - Security Session

Recently uploaded

Infrastructure Challenges in Scaling RAG with Custom AI models

Zilliz

Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

Mariano G Tinti - Decoding SpaceX

Mariano Tinti

Mind map of terminologies used in context of Generative AI

Kumud Singh

Building Production Ready Search Pipelines with Spark and Milvus

Zilliz

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

GenAI Pilot Implementation in the organizations

kumardaparthi1024

RESUME BUILDER APPLICATION Project for students

KAMESHS29

Serial Arm Control in Real Time Presentation

tolgahangng

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

Recently uploaded (20)

Infrastructure Challenges in Scaling RAG with Custom AI models

National Security Agency - NSA mobile device best practices

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

Introduction to CHERI technology - Cybersecurity

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Artificial Intelligence for XMLDevelopment

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

Uni Systems Copilot event_05062024_C.Vlachos.pdf

20240605 QFM017 Machine Intelligence Reading List May 2024

Mariano G Tinti - Decoding SpaceX

Mind map of terminologies used in context of Generative AI

Building Production Ready Search Pipelines with Spark and Milvus

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Microsoft - Power Platform_G.Aspiotis.pdf

Video Streaming: Then, Now, and in the Future

GenAI Pilot Implementation in the organizations

RESUME BUILDER APPLICATION Project for students

Serial Arm Control in Real Time Presentation

20240607 QFM018 Elixir Reading List May 2024

Group Health Cooperative Customer Presentation

2. 2 • At Group Health since 2012 • Part of Information Security Engineering and Operations • Splunk user since 2011. • Favorite joke My Background and Role

3. 3 Company Overview Member-governed, nonprofit health care system coordinating care and coverage Founded in 1947 and based in Seattle, Washington 25 locations in 17 cities Serves more than 600,000 residents in Washington and North Idaho

4. 4 Enterprise Security Assurance • Detect when prevention mechanisms fail • Manage and measure incident response • Enterprise log management and analysis • All things security engineering Protect the systems, patients and the patient data Enterprise Security Assurance Governance and Policy Engineering and Operations Operations (2) Engineering (me)

5. 5 Splunk at Group Health ~10 active users Significant effort towards managing knowledge objects Git repositories on top of all Splunk configurations Complete set of config packaged into single application for easier deployment Load balancer used for all inbound syslog. (No more facility/priority shuffling!) 1 search head 3 indexers Dev Search Head Deployment Server Git Deployment Versioning Syslog-ng Heavy Forwarder Sentry Win/*NIX

6. 6 Splunk Development at Group Health Simple XML •Basic dashboards •Drag & drop Simple XML •Advanced •Drag & drop Advanced XML •Full customization •Obsolete Web framework •Rich, interactive experiences 2013 Present

7. 7 Anomaly Detection • Snort IDS • Bro IDS • Sandboxing • Alerting • • Investigation & Incident Tracking • CIRTA • Incident Response at Group Health

8. 8 Incident Response Workflow CIRTA (Computer Incident Response Team Analysis) • Original incident response system • Accelerates post detection Incident Response • Automates and archives data for incidents • Builds picture of event over time • Incident contextual visualization, anomaly detection and search • Nearly instantaneous results • Tracks each incident stage • Measures incident response effectiveness • Incident categorizations Incident Logs CIRTA Logs Collected Logs Collateral Events

9. 9 Splunk CIRTA Frontend (Alert)

10. 10 Splunk CIRTA Frontend (Web)

11. 11 Splunk CIRTA Frontend (Category)

12. 12 Splunk CIRTA Frontend (Trend)

13. 13 Splunk CIRTA Frontend (Analyst Trend)

14. 14 Example: Phishing Attempts Anomaly Detection • Correlate web logs from OWA and geolocation • Apply weighted scoring and “speed of light” tests Alerting • Send alerts if “speed of light” tests fail Investigation • Verify phishing attempt and prevent access

15. 15 Example: Phished Credentials

16. 16 Example: Java Vulnerabilities • Rule: Resource must have latest version of Java to access Internet • Vulnerable java requests for exploit code blocked • Incidents processed in CIRTA and pushed to Splunk for incident metrics on compromises • 50% decrease in incidents/mon

17. 17 Splunk for Privacy Monitoring Simple, dynamic, multiuser analysis experience Complete context through demographics and encounters Increase efficacy through weighted scores Reporting performance – Avoid live analytical searches – Summarize scenario reports – Display pre-analyzed data Framework design supports pluggable sources of privacy data. On Splunkbase

18. 18 Why Splunk? Easier to visualize data to detect anomalies Endless possibilities with SDK and Web Framework Log analysis accessible vs. command line expertise

Editor's Notes

You mentioned your team is 3 including you? What is the name of your team? Your extended team is 4, what team is that and how does it fit with the overall IT team?
Could you specify which applications logs?

Group Health Cooperative Customer Presentation

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Group Health Cooperative Customer Presentation

Similar to Group Health Cooperative Customer Presentation (20)

More from Splunk

More from Splunk (20)

Recently uploaded

Recently uploaded (20)

Group Health Cooperative Customer Presentation

Editor's Notes