• No results found

Comprehensive Security with Splunk and Cisco

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Comprehensive Security with Splunk and Cisco"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

Copyright © 2014 Splunk Inc.

Comprehensive

Security

with Splunk and Cisco

Mario MASSARD Splunk Senior SE [email protected]

(2)

Company

Company (NASDAQ: SPLK)

Founded 2004, first software release in 2006

HQ: San Francisco / Regional HQ: London, Hong Kong Over 1,000 employees, based in 12 countries

Annual Revenue: $302.6M (YoY +52%) $10+ billion market valuation

Business Model / Products

Free download to massive scale On-premises, in the cloud and SaaS

7,000+ Customers

Customers in over 90 countries 60 of the Fortune 100

Largest license: 100 Terabytes per day

2

Fast Company 2013: Named Splunk #4 Most Innovative Company in the World and #1 Big Data Innovator

(3)

Education

Healthcare

Technology

Energy and Utilities

Manufacturing

Telecommunications Cloud and Online Services

Government

Retail

Financial Services and Insurance

Media

Travel and Leisure

Proven at 7,000+ Customers in 90+ Countries

Over Half the Fortune 100

(4)

5

Make machine data accessible, usable

and valuable to everyone.

(5)

GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile,

Telephony, IVR, Databases

Splunk: The Engine For Machine Data

Report and analyze Custom dashboards Monitor and alert Ad hoc search Splunk storage Real-time Machine Data Sensors, Telematics, Storage, Servers, Security devices, Desktops, CDRs Developer Platform

Other Big Data stores

(6)

Splunk Key Differentiators

Traditional SIEM

Splunk

Single product, UI, data store

Quick deployment & ease-of-use

Can easily index any data type and retain all of it

Big data architecture enables scale and speed

Flexible search and reporting

Open platform

(7)

Splunk Delivers Value

Across IT and the Business

(8)

IT Operations Management Industrial Data / Internet of Things

Operational Intelligence for IT and Business Users

9 Digital Intelligence Business Analytics Application Management LOB Owners/ Executives System Administrator Operations Teams Security Analysts IT Executives Application Developers Auditors Website/Business Analysts Customer Support

(9)

The Splunk Platform

Collection Indexing

Search Processing Language

Core Functions

Inputs, Apps, Other Content

SDK

Operational Intelligence Platform

Content

Core Engine

User and Developer Interfaces

Web Framework REST API

(10)

A Wealth of Splunk Apps

Over 500 apps available on the Splunk apps site

REST API XenApp XenDesktop Server, Storage, Network Server

Virtualization Operating Systems

Infrastructure

Applications Applications Mobile Cloud Services

Other Monitoring Ticketing/Help Desk Custom Biz Applications SDKs Web Framework

(11)

500+ Apps, 24,000+ questions and 30,000+ Answers 3,000+ unique

visitors per week to dev.splunk.com

Local User Groups and

SplunkLive! events

Annual Users’ Conference Oct. 6–Oct. 9

Las Vegas, NV

A Growing, Global Community of Users

(12)

Use Machine Data to

Monitor Your Cisco

Environment

(13)

Increasing Complexity in Today’s Datacenter

VRF VRF VRF VRF O ve rl ay VM VM O ve rl ay O ve rl ay VM VM O ve rl ay O ve rl ay VM VM O ve rl ay O ve rl ay VM VM O ve rl ay

Overlay vSwitch VLAN Fabric VLAN WAN

Overlay

Overlay

(14)

Datacenter |

Landscape

Capacity

Planning

Performance

Monitoring

Quick Time to

Resolution

Infrastructure
(15)

Datacenter |

Landscape

User Experience

Availability

Utilization

Infrastructure Applications
(16)

User Audit

Compliance

Security

Datacenter |

Landscape

Infrastructure Applications Security
(17)

Datacenter

| Landscape

22

Infrastructure Applications

(18)

Datacenter

| Connecting the dots

23

Infrastructure Applications

(19)

120+ security apps & add-ons

Splunk App for Enterprise Security

Splunk: Broad Support for Cisco Infrastructure

Cisco ASA

NetFlow

Cisco Advanced Threat Detection

Cisco WSA

Cisco Security

Suite

Cisco ESA

Cisco ISE

Sourcefire

Cisco UCS

(20)
(21)

Replacing a SIEM @ Cisco

Challenges:

SIEM could not meet security needs

– Very difficult to index non-security or custom app log data

– Serious scale and speed issues. 10GB/day and searches took > 6 minutes

– Difficult to customize with reliance on pre-built rules which generated false positives

Enter Splunk:

Flexible SIEM and empowered team

– Easy to index any type of machine data from any source

– Over 60 users doing investigations, RT correlations, reporting, advanced threat detection

– All the data + flexible searches and reporting = empowered team

– 900 GB/day and searches take < minute. 7 global data centers with 350TB stored data

– Estimate Splunk is 25% the cost of a traditional SIEM

48

We moved to Splunk from traditional SIEM as Splunk is designed and

engineered for “big data” use cases. Our previous SIEM was not and simply could not scale to the data volumes we have.

(22)

The CSIRT Team

The Computer Security Incident Response Team (CSIRT) reduces the risk of loss as a result of security incidents for Cisco-owned business. CSIRT regularly engages in

proactive threat assessment, mitigation planning, incident trending with analysis,

security architecture, incident detection and response.

•Tier 1 Event Analysis group (Costa Rica)

•Tier 2 Event Analysis group (Bangalore)

(23)

CSIRT

Environment

300 locations in 90 countries

400 buildings

1500+ Labs

100,000+ employees on network

50-300 malware-related cases opened in a typical week

650,000+ IP Devices on network

130,000 Windows hosts

50,000 Linux hosts

40,000 Routers

2-3 million highly tuned IDS events per day
(24)

CSIRT

Environment

Some event sources send their data to a global network

(25)

We have the data… We just can’t leverage it without Splunk.”

- Cisco Director of Technology

18 projects worldwide, ~9TB Splunk indexing capacity

Key use cases include …

• Proactive security monitoring and forensics (CSIRT)

• Monitoring & management of 1000s of apps

• Website Infrastructure monitoring and analysis

• Transformation from commodity services to high-value, proactive threat prevention

(26)

Traditional SIEM

Splunk

Next Steps if Interested in Splunk

Download Cisco apps at Splunk.com > Community > Apps

If new user, try Splunk for free!

Download Splunk at www.splunk.com

Go to Splunk.com > Community > Documentation > Splunk Tutorial

In 30 minutes will have imported data, run searches, created reports

More information at

Splunk.com > Solutions

Contact me > [email protected]

(27)

Copyright © 2014 Splunk Inc.

Thank You

Demo Time!

References

Download now ( PDF - 27 Page - 3.61 MB )

Related documents

Final Results of a Phase I/II Multicenter Trial of WST11 Vascular Targeted Photodynamic Therapy for Hemi-Ablation of the Prostate in Men with Unilateral Low Risk Prostate Cancer Performed in the United States

Determination of optimal drug dose and light dose index to achieve minimally invasive focal ablation of localized prostate cancer using WST11-Vascular Targeted Photodynamic

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Splunk can automate the auditing of data integrity, availability and confidentiality across the enterprise to ensure compliance with security policies. Splunk can automate

Critical Capabilities for Security Information and Event Management 7 May 2013 ID:G Analyst(s): Mark Nicolett, Kelly M. Kavanagh VIEW SUMMARY

The Splunk App for Enterprise Security provides functionality to enable deployment as an SIEM, including predefined reports to support security monitoring and

Proper sorting/targeting of membrane proteins and. The Cytoplasmic Tail of Rhodopsin Acts as a Novel Apical Sorting Signal in Polarized MDCK Cells

In contrast to CD7, we found that the fusion protein CD7– Rho39, produced by fusion of the entire rhodopsin’s cyto- plasmic tail 39 amino acids to the COOH terminus of CD7 (Fig. 4

The quality of employment and decent work: definitions, methodologies, and ongoing debates

This paper compares the parallel development of quality of employment measures in the European Union with the ILO’s Decent Work agenda and concludes that the

Machine Data Alchemy: Turning Digital Exhaust into Campus Gold

Splunk, Splunk&gt;, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and regi stered trademarks of Splunk Inc.. in the United

To Battle or Not to Battle the EEOC s Recent Tactics Time to Take a Stand!

employers to make substantial offers of settlement when they are provided…no information with which to evaluate their liability”.. Favorable Case-Law for Employers. EEOC v. May

Invoicing For Digital Commissions

Obligations with digital agency software offers unlimited invoicing and narrow down late payments directly on invoices compliant with dedicated staff through the use