Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© 2019 SPLUNK INC.
Ken TallmanSales Engineer | Splunk
Milwaukee, WI
FN1452 – Splunk Autobahn – SaaS proof of value program: from 0 to HERO
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein.
In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved.
Forward-LookingStatements
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
Ken TallmanSplunk Sr Sales Engineer – Milwaukee, WI17yrs hands-on IT Ops
Live in Franklin, WI – about 20 minutes from downtown Milwaukee
Interests:• Adrenaline enthusiast • Bicycle Riding (Trail, mountain)• Motorcycle riding (I’ve got a Harley now)• Rode to Yellowstone and back, alone, and
camped most of the way• Dog training (Luna, my white German
shepherd) • Scuba Diving (PADI Open Water Diver) • Tropical vacations
© 2019 SPLUNK INC.
Proof Of Value Event
• Stakeholders• Team members• Scope• Budget • Timeline
• RFP• Use Cases
• Infrastructure• Use Case Execution• Scope Creep• Delays
Define Develop Execute
• Review Results• Compare outcomes
and success criteria
Evaluate
Typical components of a PoV
© 2019 SPLUNK INC.
“We are actively engaged in no less than 7 proof events in any given quarter.”-Anonymous Customer
© 2019 SPLUNK INC.
Fastest time to value
Eliminates infrastructure requirements
Maximizes value from limited resources
The benefits of Splunk as a service
© 2019 SPLUNK INC.
1
2
3
On Board Data
On Board Users
Get Value From Data
Three Simple Steps
DatabasesNetworks Servers Virtual Machines
Smartphones and Devices
CustomApplications
Security WebServer
Sensors
Splunk as a Service
© 2019 SPLUNK INC.
Splunk Cloud Service Offering
CMDB Config Mgmt
Auditors
▶ Initial Architecture
▶ Custom App
▶ System Maintenance
▶ Splunk Upgrades
▶ Architecture Upgrades
▶ Monitoring
▶ Operational Security
▶ Security Accreditations
▶ Audit
▶ CMBD
▶ Configuration Management
▶ Git Repo
▶ Automation
▶ SRE Administrators
▶ Change Coordination
▶ Dynamic Architecture
DatabasesNetworks Servers Virtual Machines
Smartphones and Devices
CustomApplications
Security WebServer
Sensors
Firewalls
SecurityMonitoring
Threat Detection
SecOps
ES
IT Ops
Monitoring
ITSI
Coming Soon
© 2019 SPLUNK INC.
“ We want to protect REI data — that’s where we put our resources and invest time. Procuring Splunk Cloud has been a really good investment, not just for the capabilities it offers but also for the time savings. ”
-David Bell, Manager, Infrastructure and Cloud Services, REI
“ Thanks to Splunk Cloud, I can shift my focus from administrative tasks to helping my team and others across the organization analyze the business, conduct root cause analysis, and target tangible outcomes. ”
-Manager, Cloud Platform TeamImprivata
“ Splunk Cloud’s 100 percent Uptime SLA is critical to us. Our members expect us to be available 100 percent of the time, and I know that I can depend on Splunk Cloud to be there too. ”-Frank D’Arrigo, Director of Technology, AAA Western and Central New York
Splunk Cloud Customer Success
© 2019 SPLUNK INC.
Welcome to Splunk Autobahn!!!Program Overview:
• Prescriptive, SaaS-based Proof of Value program
• Uses your live data - not fake or fabricated data
• Structured around well-defined success criteria
• You choose from Autobahn “Lanes”
© 2019 SPLUNK INC.
▶ Autobahn “Lanes” for specific use case areas• Use cases which cover more
than 90% of our over 15,000 customers needs
▶ Use cases that are built by industry leading experts• And Splunk experts too ☺
▶ Built on Splunk Cloud• This instance can be converted to
production upon purchase!
▶ You select three use cases within your Autobahn lane
▶ YOUR Data is onboarded by our professional services
• Experts who have extensive experience onboarding data sources like yours into Splunk
Splunk AutobahnProgram Detail
© 2019 SPLUNK INC.
Splunk Autobahn
• Splunk Cloud is the platform you purchase– >=20GB daily ingest (>50GB for premium apps)
If below this, don’t worry you’re not out of luck.
• Ability to execute a purchase after 30 day evaluation
Let’s get the necessary paperwork started nowExample – Splunk Cloud TOS
• Your staff completes free Splunk Fundamentals 1 training
Program Requirements
© 2019 SPLUNK INC.
ACT
MONITOR
INVESTIGATE
ANALYZE
Every Splunk Autobahn PoV will showcase core functionality
© 2019 SPLUNK INC.
Splunk Security Autobahn PoV use case examplesSelect What’s Most Important to YOU
• Privileged / Non-Privileged User Monitoring
• Cloud File Sharing Activity
• Brute Force Activity
• Default User Account Activity
• Advanced Threat Detection
• File and/or folder integrity monitoring
• Host Not Reporting
• Communication with a known bad actor
• Access Tracker
• Malware Outbreak
• Traffic over time by Action
• Access Anomalies
• Custom dashboard creation
© 2019 SPLUNK INC.
Splunk Security Autobahn PoV – Success Criteria
Target Devices
Data Sources
Servers, Workstations
Windows Event Logs, Linux Syslog
Technical Success Criteria:
• Multiple Account Deletion by an Administrator • Multiple Account Disabled by an Administrator • Multiple Account Passwords changed by an
Administrator. • Account Added to Administrator Group. • Password Changed by an Administrator • Administrator Password Modified. • View in Access Center, Identity Center, Account • Management and Identity Investigator dashboard.
Privileged / non-privileged user monitoring
• Threat actors will attempt to gain and abuse credentials from privileged users, since privileged users can access sensitive data and high-value assets. Privileged user monitoring with Splunk enables security teams to stay aware of the activity related to accessing those assets. This helps maintain security posture, meet compliance requirements, and indicate malicious attempts to exfiltrate or misuse corporate data. Non- privileged user monitoring can extend these benefits by providing similar visibility across the entire organization (see “Access Tracker”)
Splunk Security Autobahn PoV – Success Criteria
© 2019 SPLUNK INC.
Splunk Security Essentials Autobahn PoV – Success CriteriaWe’ve got you covered on the PoV use case documentation
Relevant Devices Data Sources
Laptops, Servers, Workstations
Authentication (general), Windows 10, Active Directory
Technical Success Criteria:
•Ex-employee accounts with the most successful logins •Auth sources with the greatest number of usernames •Users uploading the most (requires proxy data) •Top users failing authentication •Top sources failing authentication •Failed authentications over time •Users with persistent failed authentication •Top users taking privileged actions (requires AD data) •Privileged actions over time (requires AD data) •Top users copying files (requires Win10 data) •File copies over time (requires Win10 data)
Essential Account Security • Authentication is the basis for all access in an environment,
and authentication logs provide easy visibility into access violations, lateral movement, and more. Analyzing account activity is critical to identify intent and/or attempts to take over administrative control of systems and assets that can access valuable data.
© 2019 SPLUNK INC.
Splunk IT Ops Autobahn PoV use case examplesSelect What’s Most Important to YOU
• Server Monitoring• Web Server Monitoring• App Server Monitoring• Database Monitoring• Container Monitoring• App Performance Monitoring• Application troubleshooting
• IT Service Management• Operational Visibility• Proactive Monitoring• Business Insights• Viewing Live Data• Tagging and tracking use case
implementation
© 2019 SPLUNK INC.Splunk IT Ops Autobahn PoV – Success CriteriaWe’ve got you covered on the PoV use case documentation
Application Troubleshooting Use cases
Identify slow web pages ∙ Summarize response times of web pages∙ Identify the worst performing web pages ∙ Create alerts for critical performance issues
Identify and trend users by location ∙ Provide geolocation of users∙ Visualize on pie charts, tables, and maps∙ Create alerts for high volume locations
Track application errors ∙ Analyze error codes from web applications∙ Identify areas for improved user experience∙ Create alerts for critical errors
Track application usage ∙ View path taken through an application by users∙ View performance of each step in the path∙ Identify areas for improved navigation
Application network usage ∙ View and predict network bandwidth utilization∙ Create alerts for critical issues
Log volume trending ∙ Baseline log volume by types of events∙ Create alerts for noteworthy events and abnormal logging trends
Identify errors across multiple tiers ∙ Find errors across the application stack (webserver, app server, OS, database)
∙ Correlate errors by time to find potential root cause of issues∙ Create alerts for abnormal conditions across multiple components in the
application stack
Application Troubleshooting
• Correlate data across the entire application stack and supporting infrastructure to quickly identify application issues and root causes
IT Operations
© 2019 SPLUNK INC.
From 0 to HERO in 30 Days!
Splunk Autobahn PoV Phases
Day 8 - 12• Finalize data onboarding • Report / Alert / Dashboard
Creation
Day 14• Technical Results
Presentation & PoV Document completed
Day 15-21• PoV Executive Wrap-up• Recommended solution
presented
Day 21 – 30• Prescriptive Value Path
Defined• Purchase completed• Production migration begins
Day 0• Kickoff Meeting• Data onboarding• Fundamentals 1
Day 1 - 7 • Environment
Available• Data Ingesting
© 2019 SPLUNK INC.
Course corrections at high speed are difficult and dangerous“We did not choose the right use cases up front”• Be sure to work with your Splunk account team up front to have
clarity on exactly what will be completed in the PoV. • Ensure you have deep dive demos before the PoV• Complete Fundamentals 1 training prior to the PoV use case
selections if possible. “The more you know… “
“What you’ve shown me is great, but now I want to add more data before we decide”• Autobahn is fast and agile and to keep it that way, we do not
modify the precision
“Splunk is Amazing! We’d like to extend this and do more use cases”• You have control of the environment• Work with your account team
– We have Prescriptive Value Paths
“It is illegal to run out of gas
on the Autobahn”
© 2019 SPLUNK INC.
AWS Workload Migration Program Credits
Engage your Splunk account team to get started!
Why Splunk Cloud & AutobahnYou are newly looking at Splunk
You are considering a move to Splunk cloud and a premium product purchase.
Your existing on-prem infrastructure is growing and you no longer want to maintain that burden. • No longer worry about upgrades
– Splunk 6.x and 7.0 are EoL
• Hardware refresh and expansions– Everyone loves Splunk and wants more of it!
• Staffing