SlideShare a Scribd company logo

SplunkLive! Customer Presentation - SSA

Splunk
Splunk

SplunkLive! DC_April_8_2015

Technology
1 of 15
Copyright © 2015 Splunk Inc. Social Security Administration Bob Nicholson Director of Technical Operations Office of Information Security
2 About the U.S. Social Security Administration Independent agency of the U.S. Government The SSA provides social insurance consisting of retirement, disability, and survivors' benefits Approx. 60,000 employees and 20,000 contractors Headquarters located in Baltimore, Maryland Field organization includes 10 regional offices, 6 processing centers, and approximately 1,230 field offices
3 Splunk at SSA 1.8 TB daily index capacity – Currently index 410 GB/day Seven clustered index peers – 16.5 TB storage per indexer for hot, warm, and cold buckets Four load balanced syslog servers – Pre-parsing of events to reduce load and storage on heavy forwarders and indexers Seven geographically distributed heavy forwarders 2,200 universal forwarders 8 dedicated search heads (standalone) Just a few of our sources • VPN Logs • Malware analysis platform logs • Proxy and Web Application Logs • Cisco ACS logs • Network infrastructure logs • Firewall logs • Intrusion Detection Sensor alerts • Vulnerability Management data • Antivirus logs • Active Directory information • DNS Logs • Mail server logs
4 IT Challenges 290,000 IT Assets with 330,000 IPs Centralized management, distributed ongoing administration Constantly changing without coinciding adaptation…in the spirit of innovation! A lot of smart people going in their own, siloed direction Can’t rely solely on tools, so you need to know where to invest in human resources “Being centralized is a great benefit…until something goes wrong – problems spread very quickly!”
5 Traditional Elements of IT Security Vulnerability scans still provided the value without being 100% inclusive Identifying a problem still creates mitigations because you still create the patch for all The residual problem is that you can only scan what you have access to and the fix will only go out to those same devices
6 Continuous Diagnostics and Mitigation (CDM) Phase 1 consists of Hardware Asset Management, Software Asset Management, Vulnerability Management, and Configuration Management Phase 2: Least Privilege and Infrastructure Integrity (e.g. Access Control Management, Security-Related Behavior Management, Credentials and Authentication Management, Privileges, and begin Boundary Protection) Phase 3: Boundary Protection and Event Management for Managing the Security Lifecycle (e.g. Audit/Monitoring, Policy, Quality Management, and Risk Management)
7 Facilitating Foundational Elements of Security The foundation of automated network-based access controls is an inclusive hardware asset repository The foundation of application/process whitelisting is an inclusive software asset repository The foundation of effective vulnerability mitigation is being able to manage each asset Don’t be afraid to label something unknown … at least you now know what you don’t know!
8 Bringing Ideas to Value High level reporting provides value quickly: It exemplifies current state of what you do know It creates a vehicle to gain more feedback and insight It allows for parallel efforts and therefore gained efficiency Detailed analysis provides actionable items and results: It cuts immediately into the return on investment estimations It facilitates resource estimations of both people and technology It facilitates the process definition for action and communication
9 Our Project Plan Map out the high level goals What data sources will be required? Who is the audience? What does the data need to represent? Divide the work between project management and development Analyzing deployment strategy starts with timing of data sources Are there data sources that can be shared?
10 Remote Users Example Identification of all remote users Categorization of types of users Trending of logon failures Correlate remote software installs Identify logons to multiple devices Trend processes used
11 Evangelizing Splunk within Your Organization Many ways to get the information out and shared You may need to group data for things to make sense to a wider audience Doing this brings the work to you in the form of requirements so you can stop guessing
12 Tackling Asset Management Splunk Style Process what you have • Chart out the priority of your data • Define your layers • Create metadata on each layer • Analyze within and across the layers Show what you have • Display assets with which data sources you possess • Framework for scoring
13 Enterprise Security App Provides the at-a-glance view of security posture Provides SOC with full SIEM functionality Provides data normalization and unified schema
14 The Business Side of Splunk More and more vendors are creating Splunk plugins for faster time to production and for out of the box cost to value Leveraging our existing services vehicles for the ability to surge when new data sources become available The platform itself is easy to work with generating creativity from all levels All of these require better project management
Thank You 1

Recommended

SplunkLive! Customer Presentation - FINRA
SplunkLive! Customer Presentation - FINRASplunkLive! Customer Presentation - FINRA
SplunkLive! Customer Presentation - FINRASplunk
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunk
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
 
Splunk in Staples: IT Operations
Splunk in Staples: IT OperationsSplunk in Staples: IT Operations
Splunk in Staples: IT OperationsTimur Bagirov
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer PresentationSplunk
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer PresentationSplunk
 
SplunkLive! Customer Presentation - Penn State Hershey Medical Center
SplunkLive! Customer Presentation - Penn State Hershey Medical CenterSplunkLive! Customer Presentation - Penn State Hershey Medical Center
SplunkLive! Customer Presentation - Penn State Hershey Medical CenterSplunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 

Recommended

SplunkLive! Customer Presentation - FINRA
SplunkLive! Customer Presentation - FINRASplunkLive! Customer Presentation - FINRA
SplunkLive! Customer Presentation - FINRASplunk
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunk
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
 
Splunk in Staples: IT Operations
Splunk in Staples: IT OperationsSplunk in Staples: IT Operations
Splunk in Staples: IT OperationsTimur Bagirov
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer PresentationSplunk
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer PresentationSplunk
 
SplunkLive! Customer Presentation - Penn State Hershey Medical Center
SplunkLive! Customer Presentation - Penn State Hershey Medical CenterSplunkLive! Customer Presentation - Penn State Hershey Medical Center
SplunkLive! Customer Presentation - Penn State Hershey Medical CenterSplunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
SplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunk
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Networks
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
Reduce the Cost of Your Software Licenses Across Your Business
Reduce the Cost of Your Software Licenses Across Your BusinessReduce the Cost of Your Software Licenses Across Your Business
Reduce the Cost of Your Software Licenses Across Your BusinessLead Beyond Consultancy
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
SplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunk
 
ExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop Networks
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLAElasticsearch
 
Will County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with DataWill County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with DataElasticsearch
 
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012Splunk
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
FVCP Splunk Presentation
FVCP Splunk PresentationFVCP Splunk Presentation
FVCP Splunk PresentationStraight North
 
SplunkLive! Utrecht - KPN
SplunkLive! Utrecht - KPNSplunkLive! Utrecht - KPN
SplunkLive! Utrecht - KPNSplunk
 
Sl boston finra_05_12_15_final_public
Sl boston finra_05_12_15_final_publicSl boston finra_05_12_15_final_public
Sl boston finra_05_12_15_final_publicSplunk
 
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2Splunk
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 

More Related Content

What's hot

SplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
Reduce the Cost of Your Software Licenses Across Your Business
Reduce the Cost of Your Software Licenses Across Your BusinessReduce the Cost of Your Software Licenses Across Your Business
Reduce the Cost of Your Software Licenses Across Your BusinessLead Beyond Consultancy
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
SplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunk
 
ExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop Networks
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLAElasticsearch
 
Will County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with DataWill County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with DataElasticsearch
 
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012Splunk
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
FVCP Splunk Presentation
FVCP Splunk PresentationFVCP Splunk Presentation
FVCP Splunk PresentationStraight North
 
SplunkLive! Utrecht - KPN
SplunkLive! Utrecht - KPNSplunkLive! Utrecht - KPN
SplunkLive! Utrecht - KPNSplunk
 
Sl boston finra_05_12_15_final_public
Sl boston finra_05_12_15_final_publicSl boston finra_05_12_15_final_public
Sl boston finra_05_12_15_final_publicSplunk
 
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2Splunk
 

What's hot (20)

SplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal Health
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheet
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
Reduce the Cost of Your Software Licenses Across Your Business
Reduce the Cost of Your Software Licenses Across Your BusinessReduce the Cost of Your Software Licenses Across Your Business
Reduce the Cost of Your Software Licenses Across Your Business
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – Availity
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - Exact
 
ExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop for Virtualization Datasheet
ExtraHop for Virtualization Datasheet
 
Centralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLACentralized logging in a changing environment at the UK’s DVLA
Centralized logging in a changing environment at the UK’s DVLA
 
Will County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with DataWill County Sheriff’s Office: Solving Crime with Data
Will County Sheriff’s Office: Solving Crime with Data
 
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - Intuit
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
 
FVCP Splunk Presentation
FVCP Splunk PresentationFVCP Splunk Presentation
FVCP Splunk Presentation
 
SplunkLive! Utrecht - KPN
SplunkLive! Utrecht - KPNSplunkLive! Utrecht - KPN
SplunkLive! Utrecht - KPN
 
Sl boston finra_05_12_15_final_public
Sl boston finra_05_12_15_final_publicSl boston finra_05_12_15_final_public
Sl boston finra_05_12_15_final_public
 
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2
SplunkLive! London 2016 - HSCIC / NHS Digital / Spine 2
 

Viewers also liked

Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Experian Customer Presentation
Experian Customer PresentationExperian Customer Presentation
Experian Customer PresentationSplunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentationjpelletier123
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 

Viewers also liked (6)

Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service Intelligence
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Experian Customer Presentation
Experian Customer PresentationExperian Customer Presentation
Experian Customer Presentation
 
Introducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineIntroducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data Engine
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 

Similar to SplunkLive! Customer Presentation - SSA

Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
SplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunk
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comamaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 

Similar to SplunkLive! Customer Presentation - SSA (20)

Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
SplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMware
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.com
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

SplunkLive! Customer Presentation - SSA

  • 1. Copyright © 2015 Splunk Inc. Social Security Administration Bob Nicholson Director of Technical Operations Office of Information Security
  • 2. 2 About the U.S. Social Security Administration Independent agency of the U.S. Government The SSA provides social insurance consisting of retirement, disability, and survivors' benefits Approx. 60,000 employees and 20,000 contractors Headquarters located in Baltimore, Maryland Field organization includes 10 regional offices, 6 processing centers, and approximately 1,230 field offices
  • 3. 3 Splunk at SSA 1.8 TB daily index capacity – Currently index 410 GB/day Seven clustered index peers – 16.5 TB storage per indexer for hot, warm, and cold buckets Four load balanced syslog servers – Pre-parsing of events to reduce load and storage on heavy forwarders and indexers Seven geographically distributed heavy forwarders 2,200 universal forwarders 8 dedicated search heads (standalone) Just a few of our sources • VPN Logs • Malware analysis platform logs • Proxy and Web Application Logs • Cisco ACS logs • Network infrastructure logs • Firewall logs • Intrusion Detection Sensor alerts • Vulnerability Management data • Antivirus logs • Active Directory information • DNS Logs • Mail server logs
  • 4. 4 IT Challenges 290,000 IT Assets with 330,000 IPs Centralized management, distributed ongoing administration Constantly changing without coinciding adaptation…in the spirit of innovation! A lot of smart people going in their own, siloed direction Can’t rely solely on tools, so you need to know where to invest in human resources “Being centralized is a great benefit…until something goes wrong – problems spread very quickly!”
  • 5. 5 Traditional Elements of IT Security Vulnerability scans still provided the value without being 100% inclusive Identifying a problem still creates mitigations because you still create the patch for all The residual problem is that you can only scan what you have access to and the fix will only go out to those same devices
  • 6. 6 Continuous Diagnostics and Mitigation (CDM) Phase 1 consists of Hardware Asset Management, Software Asset Management, Vulnerability Management, and Configuration Management Phase 2: Least Privilege and Infrastructure Integrity (e.g. Access Control Management, Security-Related Behavior Management, Credentials and Authentication Management, Privileges, and begin Boundary Protection) Phase 3: Boundary Protection and Event Management for Managing the Security Lifecycle (e.g. Audit/Monitoring, Policy, Quality Management, and Risk Management)
  • 7. 7 Facilitating Foundational Elements of Security The foundation of automated network-based access controls is an inclusive hardware asset repository The foundation of application/process whitelisting is an inclusive software asset repository The foundation of effective vulnerability mitigation is being able to manage each asset Don’t be afraid to label something unknown … at least you now know what you don’t know!
  • 8. 8 Bringing Ideas to Value High level reporting provides value quickly: It exemplifies current state of what you do know It creates a vehicle to gain more feedback and insight It allows for parallel efforts and therefore gained efficiency Detailed analysis provides actionable items and results: It cuts immediately into the return on investment estimations It facilitates resource estimations of both people and technology It facilitates the process definition for action and communication
  • 9. 9 Our Project Plan Map out the high level goals What data sources will be required? Who is the audience? What does the data need to represent? Divide the work between project management and development Analyzing deployment strategy starts with timing of data sources Are there data sources that can be shared?
  • 10. 10 Remote Users Example Identification of all remote users Categorization of types of users Trending of logon failures Correlate remote software installs Identify logons to multiple devices Trend processes used
  • 11. 11 Evangelizing Splunk within Your Organization Many ways to get the information out and shared You may need to group data for things to make sense to a wider audience Doing this brings the work to you in the form of requirements so you can stop guessing
  • 12. 12 Tackling Asset Management Splunk Style Process what you have • Chart out the priority of your data • Define your layers • Create metadata on each layer • Analyze within and across the layers Show what you have • Display assets with which data sources you possess • Framework for scoring
  • 13. 13 Enterprise Security App Provides the at-a-glance view of security posture Provides SOC with full SIEM functionality Provides data normalization and unified schema
  • 14. 14 The Business Side of Splunk More and more vendors are creating Splunk plugins for faster time to production and for out of the box cost to value Leveraging our existing services vehicles for the ability to surge when new data sources become available The platform itself is easy to work with generating creativity from all levels All of these require better project management

Editor's Notes

  1. Blah blah blah
  2. The only technical slide 200GB, 300GB, 1.8TB
  3. Homogeneous = problems spread quickly
  4. Layered scanning and patching Penetration testing helps prioritize – the independent effort also provides valuable data
  5. My interpretation is that DHS just made IT Security into a project
  6. My interpretation of that project…. Label unknowns (later example)
  7. So where do you start? This is where I start the “business side of Splunk”
  8. How we breakdown the 2 halves
  9. An example
  10. Getting the word out is part of it (ROI)
  11. Unknowns Vulnerability rising – scanner is now picking it up, drastic increase means it will likely continue upward (standardization) Compare repositories Display what sources were used (compliance) Risk scoring…
  12. Value quickly on certain data sources AV by action, AV by signature – they should look similar (perfect world exact) – difference becomes interesting High counts (what does it leverage - maybe missing patch)
  13. Enterprise Security App one example Service contracts may balance training costs – vendors with Splunk certified members Let people play a bit Project managers Steve Johnson – two halves of a good idea