PagerDuty deployed Splunk Cloud running on AWS to gain end-to-end visibility across their operations and enhance their security and compliance efforts. With Splunk, PagerDuty sped incident investigations, provided analysts with rich context for decision making, and reduced costs by 30% over their previous solution. Splunk Cloud provided PagerDuty with security, real-time monitoring, compliance reporting, and insights for engineering and operations across their AWS environment.

1. How PagerDuty Achieved
End-to-End Visibility with
Splunk and AWS

2. Today’s Presenters
David Potes, Manager, Solutions Architecture, Amazon Web Services
Arup Chakrabarti, Director of Engineering, PagerDuty
Erin Sweeney, Senior Director Security Product Marketing, Splunk

3. • An overview of AWS and AWS Marketplace, with an emphasis on AWS
Security solutions and Splunk
• Challenges faced by PagerDuty
• The PagerDuty success story with AWS and Splunk
• Overview of the Splunk solutions featured in our story
• Q&A/ Discussion
Today’s Agenda

4. Learning Objectives
• How proactive security measures help prevent breaches that can significantly impact
business
• How Splunk’s analytics-driven approach to security makes it easy to gain end-to-end
visibility across your AWS and hybrid environment and prevent or resolve threats

5. Partnering to ensure protection from
every vantage point
Introduction to
AWS Security

6. $6.53M 56% 70%
Your data and IP are your most valuable assets
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-
breaches/
Average cost of a
data breach
https://www.csid.com/resources/stats/data-breaches/

7. In June 2015, IDC released a report which found that most customers can be more secure
in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS can be more secure than your existing environment

8. AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications & content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
AWS and you share responsibility for security

9. The AWS infrastructure is protected by extensive
network and security monitoring systems:
• Network access is monitored by AWS
security managers daily
• AWS CloudTrail lets you monitor
and record all API calls
• Amazon Inspector automatically assesses
applications for vulnerabilities
Constantly monitored

10. The AWS infrastructure footprint protects your data
from costly downtime
• 43 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
• Retain control of where your data resides
for compliance with regulatory requirements
• Protect yourself from a DDoS attack with the newly
released AWS Shield service
Highly available

11. AWS enables you to improve your security using
many of your existing tools and practices
• Integrate your existing Active Directory
• Use dedicated connections as a secure,
low-latency extension of your data center
• Provide and manage your own encryption
keys if you choose
Integrated with your existing resources

12. Key AWS Certifications and Assurance Programs

14. PagerDuty-at-a-Glance
Cloud-based incident resolution
9,000+ customers
Startups to Fortune 500
Advanced Technology Partner 200+ Native IntegrationsQuarter million incidents per day
Founded in 2009 200,000+ Users

15. PagerDuty’s Security Challenge
PagerDuty needed to take a more elastic security stance to investigate and
respond quickly in order to:
• Monitor and triage threats
• Maintain security posture
• Mitigate risk
• Ensure optimal customer experience and minimize service interruption
• Meet operational analysis needs
PagerDuty had previously relied on a logging solution that output data—not
answers, and couldn't scale to meet the growing business needs.

16. The Solution – Why Splunk?
PagerDuty adopted Splunk Cloud running on AWS in order to:
• Speed incident investigations and response times
• Provide analysts with rich contextual info for informed decision-making
• Mitigate risk
• Provide high availability of its services
• Scale to meet customer demand as needed
• Reduce cost by 30% over previous solution

17. Enterprise-wide Visibility and High Availability
• Security
Ensures product security; fast time to investigate,
minimizes risk and downtime
• Compliance
Automated daily searches ensure compliance across a
range requirements with no manual intervention
• Operations
Delivers on goal of being one of most highly available
services worldwide
• Application Development
Enables DevOps/ Distributed Operations with real time
visibility into production environments

18. Enhancing Security and Compliance
• Prior solution provided data…but not answers
• Made our security program more effective and easier to run
• Threshold-based alerts helps minimize alert fatigue, prioritize investigations
• Dashboards quickly pinpoint anomalies warranting further investigation
• Eliminates need for disparate tools
• AWS App provides change mgt./change tracking audit trail for compliance

19. Powering Engineering and Distributed Operations
• Delivering new product securely
with speed and agility
• Historical trending helps team
understand where to invest energy
• Keep engineering resources
focused on running the business
and customer satisfaction versus
tools maintenance

20. Business Analytics and Beyond
• Finance team using platform for visibility into customer usage trends
• Leading indicator of renewals/ at-risk accounts
• Execs and Product Management use Splunk for view into overall
business health

21. Why Splunk on AWS?
• No infrastructure management or
admin – just need to point data onto
Splunk Cloud
• Trust and reliability with Splunk that
you don’t get with other solutions
• Born on the cloud, can’t live without
scalability, agility

22. Summary of Results
PagerDuty deployed Splunk Cloud as its platform for operational visibility and triage
across the business—from IT operations monitoring to security and compliance.
With Splunk Cloud, Engineering has a solution for monitoring and alerting, and then
can dig deeper into the source of issues and resolve them quickly.
• Ensured customer satisfaction and highly available cloud services
• Reduced IT & security incident resolution from hours to minutes & seconds
• Realized 30% cost savings over prior service

23. Splunk Analytics-Driven Security

24. Analytics-Driven Security Provides Visibility
“You can’t protect what
you can’t see.”
Best Practices for
Securing Workloads in
Amazon Web Services
Gartner, April 2015
Neil MacDonald, Greg Young
“Security
requires visibility.”
Amazon Web Services
“Intro to AWS Security”
2015 AWS Summit Series
“Security monitoring
will make or break
a technology risk
management program.”
Assessing the Risk:
Yes, the Cloud Can Be
More Secure Than Your
On-Premises Environment
IDC, July 2015, Pete Lindstrom

25. Splunk Cloud: Analytics-Driven Security
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Lambda
Servers
Messaging
GPS
Location
Config
EC2
Online
Services
DatabasesCall Detail
Records
Energy Meters
CloudTrail
End-to-End VisibilityIndex Untapped Data: Any Source, Type, Volume
Application Delivery
IT Operations
Security, Compliance
and Fraud
Business Analytics
Internet of Things
and Industrial Data
Splunk App for AWS
VPC
IAM

26. Splunk Cloud Features

27. Security Intelligence Use Cases
End-to-end security visibility and posture assessment
to make remediation decisions with confidence
Security &
Compliance
Reporting
Real-time
Monitoring of
Known Threats
Advanced Threat
Detection and
Response
Fraud
Detection
Insider
Threat
Incident
Investigations
& Forensics

28. AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications & content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You +
Inventory
& Config
Data
Encryption
Shared responsibility for security

29. Security Ecosystem for Coverage and Protection
Threat
Intelligence
Auth - User Roles
Host
Activity/Security
Network
Activity/Security
Command & ControlExploitation & InstallationDelivery Accomplish Mission

30. Usage
Topology
Security
Timeline
Billing
Insights
Splunk App for AWS: The Value
▶ View user activity
▶ Gain a full audit trail
▶ Detect anomalous behavior
Security Visibility
▶ Who added that rule in the security
group that protects our application
servers?
▶ Where is the blocked traffic into that
VPC coming from?
▶ What was the activity trail of a
particular user before and after that
incident?
▶ Alert me when a user imports
key-pairs or when a security group
allows all ports
▶ What instances are provisioned
outside of a VPC, by whom and when?
▶ What security groups are defined but
not attached to any resource?
Security Use Cases

35.  Four Years in a Row as a Leader
 Furthest overall in Completeness of
Vision
 Splunk also scores highest in 2016
Critical Capabilities for SIEM report
in all three Use Cases
Splunk Positioned as a Leader
Gartner 2016 Magic Quadrant for Security Information and Event Management*
*Gartner, Inc., 2016 Magic Quadrant for Security Information and Event Management, and Critical Capabilities for
Security Information and Event Management, Oliver Rochford, Kelly M. Kavanagh, Toby Bussa. 10 August 2016 This
graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context
of the entire document. The Gartner document is available upon request from Splunk. Gartner does not endorse any
vendor, product or service depicted in its research publications, and does not advise technology users to select only
those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of
Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties,
expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a
particular purpose.
Leader

36. Thousands of Global Security Customers

37. IT
Operations
Application
Management
Developer Platform (REST API, SDKs)
Security,
Compliance
and Fraud
Delivers Value Across IT and the Business
Business
Analytics
Industrial
Data and
Internet of
Things

38. Splunk Online Experience
Try it out!
https://www.splunk.com/en_us/form/security-investigation-online-experience-endpoint.html
Step-by-step instruction1
Launch instruction video2
One click
Online Session
3
Learn Splunk Skills for Security
•Use sample data to safely
practice security investigation
techniques
•Embedded help features step-
by-step how to guides on
finding security problems
•Contains sample
ransomware data set
and tips and tricks for you to
learn

39. Benefit of AWS Marketplace
• Easily discover & deploy
software & SaaS
• Simplified Buying Process
• Reduces Time to Procure
• Eliminate License Management
• One, consolidated AWS Bill
• Apply to contract commitments
• Automatic Renewals
Splunk Cloud Specifics
• Annual and Multi-Annual
contract subscriptions
• Automatic discount for Multi-
Annual Options
• Buy in increments of
5GB,10GB, and 20GB
index/day
• Easily Upgrade Splunk License
• Private pricing available for
larger index volumes, apps and
add-ons.
Splunk Cloud
Now Available on AWS Marketplace
www.splunk.com/aws-marketplace
Find out more or Buy Now:

40. Recommendations
• Organizations should look for a seamless AWS security solution fit
• Ensure the partner you choose has expertise on, in, and around AWS
• End-to-end visibility and actionable security best practices are the
keys to success

41. Q&A