Splunk Check Point технологические партнеры
•Download as PPTX, PDF•
0 likes•468 views
Splunk Check Point
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Splunk Check Point технологические партнеры
Similar to Splunk Check Point технологические партнеры (20)
More from Timur Bagirov
More from Timur Bagirov (17)
Splunk Check Point технологические партнеры
- 1. Copyright © 2015 Splunk Inc. Splunk + Check Point технологическое партнерство Багиров Тимур Менеджер по продукту, RRC
- 2. Расследовать инциденты, forensics, обмен информацией Анализировать события, строить отчеты, дополнительное оповещение Коррелировать с другими источниками, снижать риски угрозы направленных атак Кому это нужно? 2
- 9. Monitor & Alert Search & Investigate Custom Dashboards & Reports Analytics & Visualization Meets Key Needs of SOC Personnel 10)Добавляем данные от других источников 9 Real-time Machine Data Cloud Apps Servers Email Web Network Flows DHCP/ DNS Custom Apps Badges Intrusion Detection Firewall Data Loss Prevention Anti-Malware Vulnerability Scans Authentication Storage Industrial Control Mobile Security Intelligence платформа Threat Feeds Asset Info Employee Info Data Stores Network Segments External Lookups / Enrichment
- 10. API SDKs UI Network Traffic Analysis Identity & Access Control Perimeter Defense EmailPayload Analysis Endpoint Behavior Analysis Endpoint Change Tracking DLP Security Analytics Threat Intelligence Cloud Security Данные от систем безопасности 10
- 11. 11 Данные от IT систем API SDKs UI Server, Storage, Network Server Virtualization Operating Systems Custom Applications Business Applications Cloud Services App Performance MonitoringTicketing/Other Web Intelligence Mobile Applications Stream
- 12. 12 Кастомный источник? Не беда!
- 13. Education Healthcare Technology Energy and Utilities Manufacturing Telecommunications Cloud and Online Services Government Retail Financial Services and Insurance Media Travel and Leisure 13 Proven at 11 000+ Customers in 130 Countries Ого! Почему он так популярен???
- 14. Нужна ли BIG DATA для безопасности? Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops 14
- 15. Dev.splunk.com40,000+ questions and answers 500+ apps Local User Groups and SplunkLive! events 15 Вы не останетесь один на один с проблемой!
- 16. До 500МБ/сутки Один пользователь Не требуется автоматического оповещения 16 FREE или не FREE!? 1 32
- 17. Thank you
Editor's Notes
- Собираем, ищем и анализируем, получаем знание в реальном времени. At it’s core, the Splunk platform enables you to: Collect data from anywhere – with universal forwarding and indexing technology. Search and analyze across all your data – with powerful search and schema-on-the-fly technology. Rapidly deliver real-time insights from machine data to IT and business people – through a powerful UI and dashboards. This is what we call Operational Intelligence.
- Миссия Спланка ведет вашу компанию к успеху At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
- Миссия Спланка ведет вашу компанию к успеху At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
- Миссия Спланка ведет вашу компанию к успеху At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
- Миссия Спланка ведет вашу компанию к успеху At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
- Миссия Спланка ведет вашу компанию к успеху At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
- Миссия Спланка ведет вашу компанию к успеху At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
- Need a Security Intelligence platform which is a SIEM plus more. We will come back to that later. In summary this platform can automatically sift through hundreds or thousands of daily security-related events to alert on and assign severity levels to only the handful of incidents that really matter. For these incidents, the platform then enables SOC analysts to quickly research and remediate incidents. This platform can ingest any type of machine data, from any source in real time. These are listed here on the left and are flowing into the platform for indexing. The platform should also be able to leverage lookups and external data to enrich existing data. This is showed on the bottom and includes employee information from AD, asset information from a CMDB, blacklists of bad external IPs from 3rd-party threat intelligence feeds, application lookups, and more. Correlation searches can include this external content. So for example the platform can alert you if a low-level employee accesses a file share with critical data, but not if the file share has harmless data. Or the platform can alert you if a user name is used specifically for an employee who no longer works for your organization. These are especially high-risk events. A SOC can then perform the use cases on the top right on the data. These use cases cover all the personnel tiers in the SOC so they can all leverage the platform. They can search through the data, monitor the data and be alerted in real-time if search parameters are met. This includes cross-data source correlation rules which help find the proverbial needle in the haystack so the SOC only needs to focus on the tiny number of priority incidents that matter hidden among a sea of events. The raw data can be aggregated in seconds for custom reports and dashboards. Also the platform should be one that developers can build on. It uses a well documented Rest API and several SDKs so developers and external applications can directly access and act on the data within it.
- To provide a complete, end-to-end view into the environment and to defend against sophisticated threats, including malware and APTs, security solutions must provide broad and deep coverage with the security and infrastructure elements. Organizations need a platform that provides out-of-box support and allows any technology/security/infrastructure device to be supported—this helps unify what has traditionally been silo efforts. Splunk Enterprise is a platform for machine data and provides visibility across these silos. The Splunk platform also provides role–based access control, which allows different people across the organization, including the security team, to access the data they need as part of their jobs, yet allows them to collaborate and see things across the environment. This is critical when orgs need to determine if an issue is a security, IT operations or an application issue.
- A range of plugins, templates and full-fledged apps are available to help you collect, analyze and harness data from every layer of your technology stack. Even if you’re using a product that’s not listed here, Splunk still doesn’t limit you – you can still index data from that technology. One of the key benefits of using Splunk software and cloud services is the ability to correlate machine data across silos, providing visibility across the entire Application Delivery and IT Ops landscape.
- A range of plugins, templates and full-fledged apps are available to help you collect, analyze and harness data from every layer of your technology stack. Even if you’re using a product that’s not listed here, Splunk still doesn’t limit you – you can still index data from that technology. One of the key benefits of using Splunk software and cloud services is the ability to correlate machine data across silos, providing visibility across the entire Application Delivery and IT Ops landscape.
- More than 8,400 customers in 100 countries have purchased the enterprise license of Splunk. This includes a majority of the Fortune 100. Enterprises, service providers and government agencies in 100 countries use Splunk to improve service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility. As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.
- Проблема заказчиков – биг дата Рост объема – скорости – разновидности – сути What is this machine data, and why is it a big deal? Well, it’s one of the fastest growing, most complex and most valuable segments of data. All the webservers, applications, network devices, mobile devices, sensors – all of the technology infrastructure running your enterprise – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner. Why is this “machine data” valuable? Because it contains a trace - a categorical record - of user behavior, cyber-security risks, application behavior, service levels, fraudulent activity and customer experience. Characteristics of machine data – the four V’s - the last two are the most interesting / challenging.
- Splunk has an active community: There is also an emerging ecosystem of new companies building apps on top of the Splunk Enterprise platform. These companies are taking advantage of open APIs and new platform capabilities to create an entirely new generation of applications. How many of you have used Splunk Answers? Our technical support is consistently rated as industry leading and Splunk Answers has answers to thousands of questions. It’s the go to place for your questions – and answers. You can participate in meet-ups and User Groups or you can contribute to our forums. You can also local SplunkLive events to hear how your peers are using machine data.
- Splunk software and cloud services are simple to deploy, scale from a single server deployment to global large-scale operations and delivers fast payback. Whether you’re using Hadoop, deploying in the cloud, or searching for an on-premises solution, getting started with Splunk software was designed from the ground up to be as frictionless possible. We have multiple options for getting started, designed to suit your needs: Try out Hunk, Splunk Cloud and Splunk Enterprise with our free online sandboxes. Want try it out on premises? Free downloads of Hunk and Splunk Enterprise are available. The product you download is the same product that scales to ingest petabytes of data per day. 3. Already running with Amazon Cloud deployments? AMIs for Splunk Enterprise and Hunk make it easy to get up and running.