This document summarizes a presentation about Danfoss' use of Splunk for vulnerability management. It provides an overview of Danfoss, the background and experience of the presenter, how Danfoss got started with Splunk in 2008 to meet log collection and retention requirements, and how their use of Splunk has evolved over time to include dashboards, security, automated alerting, and a Sophos antivirus case study. It outlines next steps of expanding Splunk's use to more teams and exploring advanced analytics.

1. Copyright © 2015 Splunk Inc.
Splunk for Vulnerability Management
Harold Larimer
IT Security Specialist
Danfoss

2. 2
Agenda
Danfoss at a Glance
My Background
How We Got Started with Splunk
Evolution of Using Splunk Tools
Next Steps

3. 3
Danfoss at a Glance
Danfoss engineers technologies that enable the world of
tomorrow to do more with less. We meet the growing need
for infrastructure, food supply, energy efficiency and
climate-friendly solutions.
•Approximate headcount: 26,000
•Products sold in over 100 countries worldwide
•Top five markets: USA, Germany, China, Russia and Italy
•Over 180 locations globally
•Headquartered in Nordborg, Denmark
Learn more at danfoss.com

4. 4
 Previous Experience in
Networking, Infrastructure,
Business Intelligence
 Joined Sauer-Danfoss in 2013 as
Content Management Specialist
 Joined Cyber Defense Team
December 2013
 Splunker Since March 2014
 Member of Splunk Technical
Council
Background

5. 5
How We Got Started
Splunk brought in to meet standard requirements in 2008
– Centralized log collection with 18 month retention requirement
– Forensic data
– Network team troubleshooting
Built environment to enterprise scale in March 2014
– Brought in Splunk Professional Services
– Built up servers internally
– Expanded use cases of Splunk
– Scaled the environment again in Fall of 2014

6. 6
Evolution of Using Splunk Tools
Merged with Parent Company
Dashboards
Operational Intelligence
Security Related
Automated Alerting

7. 7
Case Study – Sophos Antivirus
Discussion about reporting needs with Sophos
Sophos provides a tool that outputs all activity into a log file
Logs were being indexed to Splunk within hours
New capabilities
– Program to alert service/help desks
– Alert dashboard for management
– Performance dashboard for executive staff
– Outbreak detection and alerting
Addition of DBConnect
– Provides additional information when alerting
– Can be used to validate dashboards and may be used to replace some current
dashboards

8. 8
Sophos Dashboard
Screenshot here

9. 9
Turning Machine Data Into Operational Intelligence
Reactive
Search
and
Investigate
Proactive
Monitoring
and Alerting
Operational
Visibility
Proactive
Real-time
Behavioral
Analysis

10. 10
Next Steps
More and more and more data…
Expand use cases to our Ops team and our business team
Advanced Analytics
– Professional Services
– Splunk Enterprise Security
– Training

11. Thank You