Splunk can ingest any type of machine data, from any source in real time. These are listed here on the left and are flowing into Splunk for indexing. Once indexed, users can perform the use cases on the top right on the data. They can search through the data, monitor the data and be alerted in real-time if scheduled search parameters are met. The raw data can be aggregated in seconds for custom reports and dashboards. Also Splunk is a platform that developers can build on. It uses a well documented Rest API and several SDKs so developers and external; applications can directly access and act on the data within Splunk. Lastly, besides indexing raw data into its flat file data store, Splunk can also retrieve and index data that resides in other data stores such as a SQL database or Hadoop.
Splunk enables many use cases. We are drilling into the red box, or security.
Key is you put data into Splunk *once* and then use it for many use cases. This enables a strong ROI.
Make sure to stress we are a Security Intelligence Platform and we can meet their needs these use cases plus more. We are more than a SIEM in that we are much more flexible and also can be used for use cases outside of security. Highlight that many customers already have a SIEM and are generally happy with it. But they do have some pain with current SIEM….maybe it struggles getting in non-security data, maybe it has limited search/reporting capabilities, etc. In these cases, Splunk can happily complement their SIEM. They perhaps use their existing SIEM for alerting, and they then log into Splunk to do the investigation, etc. But key point is that we can easily complement or replace a SIEM.
1 solution for Splunk for Security, but 3 offerings. At bottom is Splunk Enterprise, our core product. Every Splunk deployment includes this as this is where the core indexing and searching resides. Many customers build their own searches/reports/dashboards on top of it.
On top of it, optional Apps can be installed. Apps are basically a collection of reports, dashboards, and searches purpose-built for a specific use case or product. Can be built by Splunk, customer, partners and all but a few are free on Splunkbase. Apps are great for customers who want out-of-the-box content and do want to have to build it themselves, and want to extend point solutions. One key App is the Splunk-built Enterprise Security app. It is basically an out-of-the-box SIEM with reports, dashboards, correlation rules, and workflow for security use cases. (It does have a cost though) Besides this app there are over 80 security-centric free Apps on Splunkbase. These are offering 3 and includes the Splunk App for PAN which is in the red box.
A quick summary of who we are.
We were founded in 2005; in 2007 we brought to market the first next generation firewall to classify traffic based on application, regardless of the port, protocol, encryption or other evasive tactic. We have been described by Gartner as a disruptive security platform because we took a fresh, from the ground up approach to building a firewall for modern networks.
Our key differentiator is the ability to Safely Enable Applications: this means more than allowing or blocking – it means using business-relevant elements such as the application identity, who is using the application, and the type of content or threat as a more meaningful way to control network access and grow your business. This means you can build firewall policies to allow the application but apply function control, or bandwidth shaping, or threat prevention to the application.
Able to Address All Network Security Needs: We have a broad range of platforms that all support a rich firewall feature-set that can protect your perimeter, datacenter, distributed enterprise with
Exceptional Growth and Global Presence: Refer to the charts on the right for growth. We have over 12,500 customers in over 100 countries with support centers and hardware depots distributed worldwide.
Experienced Technology and Management Team: The technology team drives our innovation and our continued efforts at disrupting the network security market – they are our most valued team members. The management team brings a rich history of steering a rapidly growing dynamic company like ours.
Improved security with layered defenses
SIEM does not do any perimeter-level threat blocking
Network security is first line of defense; PAN is the leader.
Also save $ by replacing many network security point products with one broader solution
Complements Splunk for better APT detection
Diverse PAN data can be indexed for improved security & compliance
More effective SIEM use cases
Improved security with Big Data SIEM; Splunk is the leader
Combine PAN data with other data sources for SIEM use cases
Not all threats enter via the network
IOCs uncovered by PAN can be turned into Splunk searches
Complements Palo Alto Networks for better APT detection
Splunk offers longer-term, more granular reporting on PAN data then what Panorama offers
Measure operational health of PAN deployment, network monitoring (incl load balancers, switches, routers, etc), overall IT Ops