SlideShare a Scribd company logo

CISCO Extensively use Splunk for CSIRT...

stelligence
stelligence

Reference : http://www.cisco.com/assets/global/FR/events/2014/TDF_Securite/pdf/9_Presentation_Splunk.pdf

Data & Analytics
1 of 27
Download to read offline
Copyright © 2014 Splunk Inc. Comprehensive Security with Splunk and Cisco Mario MASSARD Splunk Senior SE mario@splunk.com
Company Company (NASDAQ: SPLK) Founded 2004, first software release in 2006 HQ: San Francisco / Regional HQ: London, Hong Kong Over 1,000 employees, based in 12 countries Annual Revenue: $302.6M (YoY +52%) $10+ billion market valuation Business Model / Products Free download to massive scale On-premises, in the cloud and SaaS 7,000+ Customers Customers in over 90 countries 60 of the Fortune 100 Largest license: 100 Terabytes per day 2 Fast Company 2013: Named Splunk #4 Most Innovative Company in the World and #1 Big Data Innovator Leader: Gartner SIEM Magic Quadrant, 2013
Education Healthcare Technology Energy and Utilities Manufacturing Telecommunications Cloud and Online Services Government Retail Financial Services and Insurance Media Travel and Leisure Proven at 7,000+ Customers in 90+ Countries Over Half the Fortune 100 4
5 Make machine data accessible, usable and valuable to everyone.
GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases Splunk: The Engine For Machine Data Report and analyze Custom dashboards Monitor and alert Ad hoc search Splunk storage Real-time Machine Data Sensors, Telematics, Storage, Servers, Security devices, Desktops, CDRs Developer Platform Other Big Data stores 6
Splunk Key Differentiators Traditional SIEMSplunk • Single product, UI, data store • Quick deployment & ease-of-use • Can easily index any data type and retain all of it • Big data architecture enables scale and speed • Flexible search and reporting • Open platform 7
Splunk Delivers Value Across IT and the Business 8
IT Operations Management Industrial Data / Internet of Things Operational Intelligence for IT and Business Users 9 Digital Intelligence Business Analytics Application Management LOB Owners/ Executives System Administrator Operations Teams Security Analysts IT Executives Application Developers Auditors Website/Business Analysts Customer Support Security and Compliance
The Splunk Platform Collection Indexing Search Processing Language Core Functions Inputs, Apps, Other Content SDK Operational Intelligence Platform Content Core Engine User and Developer Interfaces Web Framework REST API
A Wealth of Splunk Apps Over 500 apps available on the Splunk apps site REST API XenApp XenDesktop Server, Storage, Network Server Virtualization Operating Systems Infrastructure Applications Mobile Applications Cloud Services Other Monitoring Ticketing/Help Desk Custom Biz Applications SDKs Web Framework
500+ Apps, 24,000+ questions and 30,000+ Answers 3,000+ unique visitors per week to dev.splunk.com Local User Groups and SplunkLive! events Annual Users’ Conference Oct. 6–Oct. 9 Las Vegas, NV A Growing, Global Community of Users 16
Use Machine Data to Monitor Your Cisco Environment
Increasing Complexity in Today’s Datacenter VRF VRF VRF VRF Overlay VM VM Overlay Overlay VM VM Overlay Overlay VM VM Overlay Overlay VM VM Overlay Overlay vSwitch VLAN Fabric VLAN WAN Overlay Overlay DC Fabric
Datacenter | Landscape • Capacity Planning • Performance Monitoring • Quick Time to Resolution Infrastructure
Datacenter | Landscape • User Experience • Availability • Utilization Infrastructure Applications
• User Audit • Compliance • Security Datacenter | Landscape Infrastructure Applications Security
Datacenter| Landscape 22 Infrastructure Applications Security
Datacenter| Connecting the dots 23 Infrastructure Applications Security
120+ security apps & add-ons Splunk App for Enterprise Security Splunk: Broad Support for Cisco Infrastructure Cisco ASA NetFlow Cisco Advanced Threat Detection Cisco WSA Cisco Security Suite Cisco ESA Cisco ISE Sourcefire Cisco UCS Cisco IOS
Splunk @ Cisco CSIRT
Replacing a SIEM @ Cisco • Challenges: SIEM could not meet security needs – Very difficult to index non-security or custom app log data – Serious scale and speed issues. 10GB/day and searches took > 6 minutes – Difficult to customize with reliance on pre-built rules which generated false positives • Enter Splunk: Flexible SIEM and empowered team – Easy to index any type of machine data from any source – Over 60 users doing investigations, RT correlations, reporting, advanced threat detection – All the data + flexible searches and reporting = empowered team – 900 GB/day and searches take < minute. 7 global data centers with 350TB stored data – Estimate Splunk is 25% the cost of a traditional SIEM 48 We moved to Splunk from traditional SIEM as Splunk is designed and engineered for “big data” use cases. Our previous SIEM was not and simply could not scale to the data volumes we have. ““ Gavin Reid, Leader, Cisco Computer Security Incident Response Team
The CSIRT Team The Computer Security Incident Response Team (CSIRT) reduces the risk of loss as a result of security incidents for Cisco-owned business. CSIRT regularly engages in proactive threat assessment, mitigation planning, incident trending with analysis, security architecture, incident detection and response. •Tier 1 Event Analysis group (Costa Rica) •Tier 2 Event Analysis group (Bangalore) •Tier 3 Incident Response team (Global)
CSIRT Environment 300 locations in 90 countries 400 buildings 1500+ Labs 100,000+ employees on network 50-300 malware-related cases opened in a typical week 650,000+ IP Devices on network 130,000 Windows hosts 50,000 Linux hosts 40,000 Routers 2-3 million highly tuned IDS events per day 4.6 billion Netflow records per day
CSIRT Environment Some event sources send their data to a global network of collection servers
“We have the data… We just can’t leverage it without Splunk.” - Cisco Director of Technology • 18 projects worldwide, ~9TB Splunk indexing capacity • Key use cases include … • Proactive security monitoring and forensics (CSIRT) • Monitoring & management of 1000s of apps • Website Infrastructure monitoring and analysis • Transformation from commodity services to high-value, proactive threat prevention Cisco Uses Splunk Extensively
Traditional SIEMSplunk Next Steps if Interested in Splunk • Download Cisco apps at Splunk.com > Community > Apps • If new user, try Splunk for free!  Download Splunk at www.splunk.com  Go to Splunk.com > Community > Documentation > Splunk Tutorial  In 30 minutes will have imported data, run searches, created reports • More information at Splunk.com > Solutions • Contact me > mario@splunk.com 53
Copyright © 2014 Splunk Inc. Thank You Demo Time!

Recommended

Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionSplunk
 
Splunk for DataScience (.conf2014)
Splunk for DataScience (.conf2014)Splunk for DataScience (.conf2014)
Splunk for DataScience (.conf2014)stelligence
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk
 
Estrategia de acompañamiento 2015
Estrategia de acompañamiento 2015Estrategia de acompañamiento 2015
Estrategia de acompañamiento 2015Gobierno en Línea - Ministerio de Tecnologías de la Información y las Comunicaciones
 
IT Operation Analytic for security- MiSSconf(sp1)
IT Operation Analytic for security- MiSSconf(sp1)IT Operation Analytic for security- MiSSconf(sp1)
IT Operation Analytic for security- MiSSconf(sp1)stelligence
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
NTC ISO/IEC 27001
NTC ISO/IEC 27001 NTC ISO/IEC 27001
NTC ISO/IEC 27001 George Gaviria
 

Recommended

Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionSplunk
 
Splunk for DataScience (.conf2014)
Splunk for DataScience (.conf2014)Splunk for DataScience (.conf2014)
Splunk for DataScience (.conf2014)stelligence
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk
 
Estrategia de acompañamiento 2015
Estrategia de acompañamiento 2015Estrategia de acompañamiento 2015
Estrategia de acompañamiento 2015Gobierno en Línea - Ministerio de Tecnologías de la Información y las Comunicaciones
 
IT Operation Analytic for security- MiSSconf(sp1)
IT Operation Analytic for security- MiSSconf(sp1)IT Operation Analytic for security- MiSSconf(sp1)
IT Operation Analytic for security- MiSSconf(sp1)stelligence
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
NTC ISO/IEC 27001
NTC ISO/IEC 27001 NTC ISO/IEC 27001
NTC ISO/IEC 27001 George Gaviria
 
BigData Visualization and Usecase@TDGA-Stelligence-11july2019-share
BigData Visualization and Usecase@TDGA-Stelligence-11july2019-shareBigData Visualization and Usecase@TDGA-Stelligence-11july2019-share
BigData Visualization and Usecase@TDGA-Stelligence-11july2019-sharestelligence
 
Santisook s telligence ai-innovation-digital big bang-thailand2018-share
Santisook s telligence ai-innovation-digital big bang-thailand2018-shareSantisook s telligence ai-innovation-digital big bang-thailand2018-share
Santisook s telligence ai-innovation-digital big bang-thailand2018-sharestelligence
 
Recommend 10 splunk apps-Bangkok Splunk Meetup#1
Recommend 10 splunk apps-Bangkok Splunk Meetup#1Recommend 10 splunk apps-Bangkok Splunk Meetup#1
Recommend 10 splunk apps-Bangkok Splunk Meetup#1stelligence
 
Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecuritystelligence
 
MBA-TU-Thailand:BigData for business startup.
MBA-TU-Thailand:BigData for business startup.MBA-TU-Thailand:BigData for business startup.
MBA-TU-Thailand:BigData for business startup.stelligence
 
SuanIct-Bigdata desktop-final
SuanIct-Bigdata desktop-finalSuanIct-Bigdata desktop-final
SuanIct-Bigdata desktop-finalstelligence
 
Self-service Analytic for Business Users-19july2017-final
Self-service Analytic for Business Users-19july2017-finalSelf-service Analytic for Business Users-19july2017-final
Self-service Analytic for Business Users-19july2017-finalstelligence
 
Bigdata for sme-industrial intelligence information-24july2017-final
Bigdata for sme-industrial intelligence information-24july2017-finalBigdata for sme-industrial intelligence information-24july2017-final
Bigdata for sme-industrial intelligence information-24july2017-finalstelligence
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiSuhani Kapoor
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改atducpo
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 

More Related Content

More from stelligence

BigData Visualization and Usecase@TDGA-Stelligence-11july2019-share
BigData Visualization and Usecase@TDGA-Stelligence-11july2019-shareBigData Visualization and Usecase@TDGA-Stelligence-11july2019-share
BigData Visualization and Usecase@TDGA-Stelligence-11july2019-sharestelligence
 
Santisook s telligence ai-innovation-digital big bang-thailand2018-share
Santisook s telligence ai-innovation-digital big bang-thailand2018-shareSantisook s telligence ai-innovation-digital big bang-thailand2018-share
Santisook s telligence ai-innovation-digital big bang-thailand2018-sharestelligence
 
Recommend 10 splunk apps-Bangkok Splunk Meetup#1
Recommend 10 splunk apps-Bangkok Splunk Meetup#1Recommend 10 splunk apps-Bangkok Splunk Meetup#1
Recommend 10 splunk apps-Bangkok Splunk Meetup#1stelligence
 
Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecuritystelligence
 
MBA-TU-Thailand:BigData for business startup.
MBA-TU-Thailand:BigData for business startup.MBA-TU-Thailand:BigData for business startup.
MBA-TU-Thailand:BigData for business startup.stelligence
 
SuanIct-Bigdata desktop-final
SuanIct-Bigdata desktop-finalSuanIct-Bigdata desktop-final
SuanIct-Bigdata desktop-finalstelligence
 
Self-service Analytic for Business Users-19july2017-final
Self-service Analytic for Business Users-19july2017-finalSelf-service Analytic for Business Users-19july2017-final
Self-service Analytic for Business Users-19july2017-finalstelligence
 
Bigdata for sme-industrial intelligence information-24july2017-final
Bigdata for sme-industrial intelligence information-24july2017-finalBigdata for sme-industrial intelligence information-24july2017-final
Bigdata for sme-industrial intelligence information-24july2017-finalstelligence
 

More from stelligence (8)

BigData Visualization and Usecase@TDGA-Stelligence-11july2019-share
BigData Visualization and Usecase@TDGA-Stelligence-11july2019-shareBigData Visualization and Usecase@TDGA-Stelligence-11july2019-share
BigData Visualization and Usecase@TDGA-Stelligence-11july2019-share
 
Santisook s telligence ai-innovation-digital big bang-thailand2018-share
Santisook s telligence ai-innovation-digital big bang-thailand2018-shareSantisook s telligence ai-innovation-digital big bang-thailand2018-share
Santisook s telligence ai-innovation-digital big bang-thailand2018-share
 
Recommend 10 splunk apps-Bangkok Splunk Meetup#1
Recommend 10 splunk apps-Bangkok Splunk Meetup#1Recommend 10 splunk apps-Bangkok Splunk Meetup#1
Recommend 10 splunk apps-Bangkok Splunk Meetup#1
 
Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurity
 
MBA-TU-Thailand:BigData for business startup.
MBA-TU-Thailand:BigData for business startup.MBA-TU-Thailand:BigData for business startup.
MBA-TU-Thailand:BigData for business startup.
 
SuanIct-Bigdata desktop-final
SuanIct-Bigdata desktop-finalSuanIct-Bigdata desktop-final
SuanIct-Bigdata desktop-final
 
Self-service Analytic for Business Users-19july2017-final
Self-service Analytic for Business Users-19july2017-finalSelf-service Analytic for Business Users-19july2017-final
Self-service Analytic for Business Users-19july2017-final
 
Bigdata for sme-industrial intelligence information-24july2017-final
Bigdata for sme-industrial intelligence information-24july2017-finalBigdata for sme-industrial intelligence information-24july2017-final
Bigdata for sme-industrial intelligence information-24july2017-final
 

Recently uploaded

Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiSuhani Kapoor
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改atducpo
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystSamantha Rae Coolbeth
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 

Recently uploaded (20)

Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data Analyst
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 

CISCO Extensively use Splunk for CSIRT...

  • 1. Copyright © 2014 Splunk Inc. Comprehensive Security with Splunk and Cisco Mario MASSARD Splunk Senior SE mario@splunk.com
  • 2. Company Company (NASDAQ: SPLK) Founded 2004, first software release in 2006 HQ: San Francisco / Regional HQ: London, Hong Kong Over 1,000 employees, based in 12 countries Annual Revenue: $302.6M (YoY +52%) $10+ billion market valuation Business Model / Products Free download to massive scale On-premises, in the cloud and SaaS 7,000+ Customers Customers in over 90 countries 60 of the Fortune 100 Largest license: 100 Terabytes per day 2 Fast Company 2013: Named Splunk #4 Most Innovative Company in the World and #1 Big Data Innovator Leader: Gartner SIEM Magic Quadrant, 2013
  • 3. Education Healthcare Technology Energy and Utilities Manufacturing Telecommunications Cloud and Online Services Government Retail Financial Services and Insurance Media Travel and Leisure Proven at 7,000+ Customers in 90+ Countries Over Half the Fortune 100 4
  • 4. 5 Make machine data accessible, usable and valuable to everyone.
  • 5. GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases Splunk: The Engine For Machine Data Report and analyze Custom dashboards Monitor and alert Ad hoc search Splunk storage Real-time Machine Data Sensors, Telematics, Storage, Servers, Security devices, Desktops, CDRs Developer Platform Other Big Data stores 6
  • 6. Splunk Key Differentiators Traditional SIEMSplunk • Single product, UI, data store • Quick deployment & ease-of-use • Can easily index any data type and retain all of it • Big data architecture enables scale and speed • Flexible search and reporting • Open platform 7
  • 7. Splunk Delivers Value Across IT and the Business 8
  • 8. IT Operations Management Industrial Data / Internet of Things Operational Intelligence for IT and Business Users 9 Digital Intelligence Business Analytics Application Management LOB Owners/ Executives System Administrator Operations Teams Security Analysts IT Executives Application Developers Auditors Website/Business Analysts Customer Support Security and Compliance
  • 9. The Splunk Platform Collection Indexing Search Processing Language Core Functions Inputs, Apps, Other Content SDK Operational Intelligence Platform Content Core Engine User and Developer Interfaces Web Framework REST API
  • 10. A Wealth of Splunk Apps Over 500 apps available on the Splunk apps site REST API XenApp XenDesktop Server, Storage, Network Server Virtualization Operating Systems Infrastructure Applications Mobile Applications Cloud Services Other Monitoring Ticketing/Help Desk Custom Biz Applications SDKs Web Framework
  • 11. 500+ Apps, 24,000+ questions and 30,000+ Answers 3,000+ unique visitors per week to dev.splunk.com Local User Groups and SplunkLive! events Annual Users’ Conference Oct. 6–Oct. 9 Las Vegas, NV A Growing, Global Community of Users 16
  • 12. Use Machine Data to Monitor Your Cisco Environment
  • 13. Increasing Complexity in Today’s Datacenter VRF VRF VRF VRF Overlay VM VM Overlay Overlay VM VM Overlay Overlay VM VM Overlay Overlay VM VM Overlay Overlay vSwitch VLAN Fabric VLAN WAN Overlay Overlay DC Fabric
  • 14. Datacenter | Landscape • Capacity Planning • Performance Monitoring • Quick Time to Resolution Infrastructure
  • 15. Datacenter | Landscape • User Experience • Availability • Utilization Infrastructure Applications
  • 16. • User Audit • Compliance • Security Datacenter | Landscape Infrastructure Applications Security
  • 18. Datacenter| Connecting the dots 23 Infrastructure Applications Security
  • 19. 120+ security apps & add-ons Splunk App for Enterprise Security Splunk: Broad Support for Cisco Infrastructure Cisco ASA NetFlow Cisco Advanced Threat Detection Cisco WSA Cisco Security Suite Cisco ESA Cisco ISE Sourcefire Cisco UCS Cisco IOS
  • 20. Splunk @ Cisco CSIRT
  • 21. Replacing a SIEM @ Cisco • Challenges: SIEM could not meet security needs – Very difficult to index non-security or custom app log data – Serious scale and speed issues. 10GB/day and searches took > 6 minutes – Difficult to customize with reliance on pre-built rules which generated false positives • Enter Splunk: Flexible SIEM and empowered team – Easy to index any type of machine data from any source – Over 60 users doing investigations, RT correlations, reporting, advanced threat detection – All the data + flexible searches and reporting = empowered team – 900 GB/day and searches take < minute. 7 global data centers with 350TB stored data – Estimate Splunk is 25% the cost of a traditional SIEM 48 We moved to Splunk from traditional SIEM as Splunk is designed and engineered for “big data” use cases. Our previous SIEM was not and simply could not scale to the data volumes we have. ““ Gavin Reid, Leader, Cisco Computer Security Incident Response Team
  • 22. The CSIRT Team The Computer Security Incident Response Team (CSIRT) reduces the risk of loss as a result of security incidents for Cisco-owned business. CSIRT regularly engages in proactive threat assessment, mitigation planning, incident trending with analysis, security architecture, incident detection and response. •Tier 1 Event Analysis group (Costa Rica) •Tier 2 Event Analysis group (Bangalore) •Tier 3 Incident Response team (Global)
  • 23. CSIRT Environment 300 locations in 90 countries 400 buildings 1500+ Labs 100,000+ employees on network 50-300 malware-related cases opened in a typical week 650,000+ IP Devices on network 130,000 Windows hosts 50,000 Linux hosts 40,000 Routers 2-3 million highly tuned IDS events per day 4.6 billion Netflow records per day
  • 24. CSIRT Environment Some event sources send their data to a global network of collection servers
  • 25. “We have the data… We just can’t leverage it without Splunk.” - Cisco Director of Technology • 18 projects worldwide, ~9TB Splunk indexing capacity • Key use cases include … • Proactive security monitoring and forensics (CSIRT) • Monitoring & management of 1000s of apps • Website Infrastructure monitoring and analysis • Transformation from commodity services to high-value, proactive threat prevention Cisco Uses Splunk Extensively
  • 26. Traditional SIEMSplunk Next Steps if Interested in Splunk • Download Cisco apps at Splunk.com > Community > Apps • If new user, try Splunk for free!  Download Splunk at www.splunk.com  Go to Splunk.com > Community > Documentation > Splunk Tutorial  In 30 minutes will have imported data, run searches, created reports • More information at Splunk.com > Solutions • Contact me > mario@splunk.com 53
  • 27. Copyright © 2014 Splunk Inc. Thank You Demo Time!