2. Company
Company (NASDAQ: SPLK)
Founded 2004, first software release in 2006
HQ: San Francisco / Regional HQ: London, Hong Kong
Over 1,000 employees, based in 12 countries
Annual Revenue: $302.6M (YoY +52%)
$10+ billion market valuation
Business Model / Products
Free download to massive scale
On-premises, in the cloud and SaaS
7,000+ Customers
Customers in over 90 countries
60 of the Fortune 100
Largest license: 100 Terabytes per day
2
Fast Company 2013: Named Splunk #4 Most Innovative
Company in the World and #1 Big Data Innovator
Leader: Gartner SIEM Magic Quadrant, 2013
5. GPS, RFID, Hypervisor, Web
Servers, Email, Messaging,
Clickstreams, Mobile,
Telephony, IVR, Databases
Splunk: The Engine For Machine Data
Report
and
analyze
Custom
dashboards
Monitor
and alert
Ad hoc
search
Splunk storage
Real-time
Machine Data
Sensors, Telematics,
Storage, Servers,
Security devices,
Desktops, CDRs
Developer
Platform
Other Big Data stores
6
6. Splunk Key Differentiators
Traditional SIEMSplunk
• Single product, UI, data store
• Quick deployment & ease-of-use
• Can easily index any data type and retain all of it
• Big data architecture enables scale and speed
• Flexible search and reporting
• Open platform
7
8. IT Operations Management Industrial Data / Internet of Things
Operational Intelligence for IT and Business Users
9
Digital Intelligence
Business Analytics
Application Management
LOB Owners/
Executives
System
Administrator
Operations
Teams
Security
Analysts
IT
Executives
Application
Developers
Auditors
Website/Business
Analysts
Customer
Support
Security and Compliance
9. The Splunk Platform
Collection
Indexing
Search Processing Language
Core Functions
Inputs, Apps, Other Content
SDK
Operational Intelligence Platform
Content
Core Engine
User and Developer Interfaces
Web Framework
REST API
10. A Wealth of Splunk Apps
Over 500 apps available on the Splunk apps site
REST API
XenApp
XenDesktop
Server,
Storage,
Network
Server
Virtualization
Operating
Systems
Infrastructure
Applications
Mobile
Applications
Cloud Services
Other Monitoring
Ticketing/Help
Desk
Custom Biz
Applications
SDKs
Web Framework
11. 500+ Apps,
24,000+ questions
and 30,000+ Answers
3,000+ unique
visitors per week
to dev.splunk.com
Local User Groups
and
SplunkLive! events
Annual Users’ Conference
Oct. 6–Oct. 9
Las Vegas, NV
A Growing, Global Community of Users
16
13. Increasing Complexity in Today’s Datacenter
VRF
VRF
VRF
VRF
Overlay
VM
VM
Overlay
Overlay
VM
VM
Overlay
Overlay
VM
VM
Overlay
Overlay
VM
VM
Overlay
Overlay vSwitch VLAN Fabric VLAN WAN
Overlay
Overlay
DC Fabric
14. Datacenter | Landscape
• Capacity
Planning
• Performance
Monitoring
• Quick Time to
Resolution
Infrastructure
21. Replacing a SIEM @ Cisco
• Challenges: SIEM could not meet security needs
– Very difficult to index non-security or custom app log data
– Serious scale and speed issues. 10GB/day and searches took > 6 minutes
– Difficult to customize with reliance on pre-built rules which generated false positives
• Enter Splunk: Flexible SIEM and empowered team
– Easy to index any type of machine data from any source
– Over 60 users doing investigations, RT correlations, reporting, advanced threat detection
– All the data + flexible searches and reporting = empowered team
– 900 GB/day and searches take < minute. 7 global data centers with 350TB stored data
– Estimate Splunk is 25% the cost of a traditional SIEM
48
We moved to Splunk from traditional SIEM as Splunk is designed and
engineered for “big data” use cases. Our previous SIEM was not and simply
could not scale to the data volumes we have.
““
Gavin Reid, Leader, Cisco Computer Security Incident Response Team
22. The CSIRT Team
The Computer Security Incident Response Team (CSIRT) reduces the risk of loss as a
result of security incidents for Cisco-owned business. CSIRT regularly engages in
proactive threat assessment, mitigation planning, incident trending with analysis,
security architecture, incident detection and response.
•Tier 1 Event Analysis group (Costa Rica)
•Tier 2 Event Analysis group (Bangalore)
•Tier 3 Incident Response team (Global)
23. CSIRT Environment
300 locations in 90 countries
400 buildings
1500+ Labs
100,000+ employees on network
50-300 malware-related cases opened in a typical week
650,000+ IP Devices on network
130,000 Windows hosts
50,000 Linux hosts
40,000 Routers
2-3 million highly tuned IDS events per day
4.6 billion Netflow records per day
25. “We have the data… We just can’t leverage it
without Splunk.”
- Cisco Director of Technology
• 18 projects worldwide, ~9TB Splunk indexing capacity
• Key use cases include …
• Proactive security monitoring and forensics (CSIRT)
• Monitoring & management of 1000s of apps
• Website Infrastructure monitoring and analysis
• Transformation from commodity services
to high-value, proactive threat prevention
Cisco Uses Splunk Extensively
26. Traditional SIEMSplunk
Next Steps if Interested in Splunk
• Download Cisco apps at Splunk.com > Community > Apps
• If new user, try Splunk for free!
Download Splunk at www.splunk.com
Go to Splunk.com > Community > Documentation > Splunk Tutorial
In 30 minutes will have imported data, run searches, created reports
• More information at
Splunk.com > Solutions
• Contact me > mario@splunk.com
53