12
Copyright © 2016 Splunk Inc. Splunk your Cloud for a better Security Dominique Dessy, CISSP Senior Sales Engineer

Splunk for AWS (Bagels and Bytes)

Embed Size (px)

Citation preview

Page 1: Splunk for AWS (Bagels and Bytes)

Copyright©2016SplunkInc.

SplunkyourCloudforabetterSecurity

DominiqueDessy,CISSPSeniorSalesEngineer

Page 2: Splunk for AWS (Bagels and Bytes)
Page 3: Splunk for AWS (Bagels and Bytes)

3

Page 4: Splunk for AWS (Bagels and Bytes)

FINRAFINRA—theFinancialIndustryRegulatoryAuthority—isanindependent,non-governmentalregulatorforallsecuritiesfirmsdoingbusinesswiththepublicintheUnitedStates.FINRAprotectsinvestorsbyregulatingbrokersandbrokeragefirmsandbymonitoringtradingonU.S.stockmarkets.FINRAwatchesover6billionsharestradedonthestockmarketeachdayFINRAhandlesmore‘bigdata’onadailybasisthantheLibraryofCongressorVisa—tobuildaholisticpictureofthetradingmarketFINRA– Deter,Detect,Discipline

4

Page 5: Splunk for AWS (Bagels and Bytes)

FINRA(before)

5

FINRAonPremDataCenterLocationA

FINRAonPremDataCenterLocationB

LOTSOFHARDWARE

DRREQUIREDCONFIGCHANGES

TRADIONALSIEMsONLYKNOWMESSAGESTHATTHEYKNOWABOUT

SIEMsTHINKONLYSECURITYWILLNEEDLOGS

CANNEDALERTS;MOREMARKETINGTHANREALITY

LACKOFUSERCOMMUNITYKNOWLEDGEBASE

Page 6: Splunk for AWS (Bagels and Bytes)

FINRA(Cloud)

6

OnPrem A&B

FINRAVPCs

Page 7: Splunk for AWS (Bagels and Bytes)

7

TurningMachineDataIntoBusinessValueIndexUntappedData:AnySource,Type,Volume

OnlineServices Web

Services

ServersSecurity GPS

Location

StorageDesktops

Networks

PackagedApplications

CustomApplicationsMessaging

TelecomsOnlineShoppingCart

WebClickstreams

Databases

EnergyMeters

CallDetailRecords

SmartphonesandDevices

RFID

On-Premises

PrivateCloud

PublicCloud

AskAnyQuestion

ApplicationDelivery

Security,ComplianceandFraud

ITOperations

BusinessAnalytics

IndustrialDataandtheInternetofThings

Security,ComplianceandFraud

Page 8: Splunk for AWS (Bagels and Bytes)

8

SplunkAppforAWSEC2

EMR

Kinesis

R53

VPC

ELB

S3

CloudFront

CloudTrail

CloudWatch

RedshiftSNS

API Gateway

Config

RDS

CF

IAM

Lambda

Explore Analyze Dashboard Alert Act

AWSDataSources

ComprehensiveAWSVisibility

Page 9: Splunk for AWS (Bagels and Bytes)

9

CompleteHybridVisibilityIndexUntappedData:AnySource,Type,Volume

OnlineServices Web

Services

ServersSecurity GPS

Location

StorageDesktops

Networks

Messaging

TelecomsOnlineShoppingCart

WebClickstreams

Databases

EnergyMeters

RFID

On-Premises

PrivateCloud

PublicCloud

End-to-EndVisibility

ApplicationDelivery

Security,Compliance,andFraud

ITOperations

BusinessAnalytics

IndustrialDataandtheInternetofThings

CloudTrail

Config

Lambda

EC2

Page 10: Splunk for AWS (Bagels and Bytes)

Let’ssee…

10

Page 11: Splunk for AWS (Bagels and Bytes)

ComprehensiveSecurityVisibilityLeveragingAWSCloudTrail

CorrelatingDataAcrossHybridEnvironmentSpanningAWSandOn-Premises

Real-timeAWSCostManagementReducingSpendonSelectAWSWorkloadsbyOver50%

FINRAUsesSplunkCloudforTransparencyandEnd-To-EndVisibilityinAWS

Page 12: Splunk for AWS (Bagels and Bytes)

Thankyou


Gourmet Bagel & Cream Cheese Platter - Bagels & Brew ~ Bagels

Gourmet Bagel & Cream Cheese Platter - Bagels & Brew ~ Bagels

Documents
Jalapeno Bagels

Jalapeno Bagels

Documents
Splunk user group - automating Splunk with Ansible

Splunk user group - automating Splunk with Ansible

Technology
Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Documents
stoQ’ing your Splunk - SANS · PDF filestoQ’ingyour Splunk Ryan Kovar, Splunk Marcus LaFerrera, PUNCH SANS DFIR 2016

stoQ’ing your Splunk - SANS · PDF filestoQ’ingyour Splunk Ryan Kovar, Splunk Marcus LaFerrera, PUNCH SANS DFIR 2016

Documents
5 Boroughs Bagels

5 Boroughs Bagels

Documents
Industrial Data Internet of Things splunk (REST API, SDKs) splunk . TESCO splunk 500 Y—Jt1-3— 41328 . SHANON 1/5 splunk . htt . (500MB/B) s lunk splunk . Created Date:

Industrial Data Internet of Things splunk (REST API, SDKs) splunk . TESCO splunk 500 Y—Jt1-3— 41328 . SHANON 1/5 splunk . htt . (500MB/B) s lunk splunk . Created Date:

Documents
Splunk conf2014 - Onboarding Data Into Splunk

Splunk conf2014 - Onboarding Data Into Splunk

Technology
SM Lender’s Bagels - Pinnacle Foodsfoodservice.pinnaclefoods.com/.../06/PIN589_LendersBagelsBro_v3.pdf · Lender’s® Bagels Lender’s® Bagels have been a favorite since 1927,

SM Lender’s Bagels - Pinnacle Foodsfoodservice.pinnaclefoods.com/.../06/PIN589_LendersBagelsBro_v3.pdf · Lender’s® Bagels Lender’s® Bagels have been a favorite since 1927,

Documents
Jalapeno Bagels 2

Jalapeno Bagels 2

Education
Splunk Cloud Product Briefwinncom.com.ua/wp-content/uploads/2018/07/splunk-Log_Flow.pdf · Extend Benefits With Splunk Apps Splunk Cloud includes support for premium solutions such

Splunk Cloud Product Briefwinncom.com.ua/wp-content/uploads/2018/07/splunk-Log_Flow.pdf · Extend Benefits With Splunk Apps Splunk Cloud includes support for premium solutions such

Documents
big daddy bagels

big daddy bagels

Documents
Agency Chargeback Models to Enable Enterprise Splunk ......Workshops: Get Splunk Hands -on Experience Attend a Splunk Workshop Upcoming Schedule December 1: Introduction to Splunk

Agency Chargeback Models to Enable Enterprise Splunk ......Workshops: Get Splunk Hands -on Experience Attend a Splunk Workshop Upcoming Schedule December 1: Introduction to Splunk

Documents
Jalapeno Bagels Jalapeno Bagels By Natasha wing By Natasha wing

Jalapeno Bagels Jalapeno Bagels By Natasha wing By Natasha wing

Documents
Sandwiches Bagels & Spreads

Sandwiches Bagels & Spreads

Documents
Splunk Review - University of Birmingham · Ref: Splunk Review, Dec 2014 Mohammad Rameez Shafsad itinnovation@contacts.bham.ac.uk Indexing 2.2.1 Searching using splunk Splunk uses

Splunk Review - University of Birmingham · Ref: Splunk Review, Dec 2014 Mohammad Rameez Shafsad [email protected] Indexing 2.2.1 Searching using splunk Splunk uses

Documents
Great bagels

Great bagels

Education
SplunkingYour Mobile Apps - .conf19 | Splunk · Introducing Splunk for Mobile Intelligence (Splunk MINT) Deploying Splunk MINT – Intro to SDKs – Getting Started Using Splunk MINT

SplunkingYour Mobile Apps - .conf19 | Splunk · Introducing Splunk for Mobile Intelligence (Splunk MINT) Deploying Splunk MINT – Intro to SDKs – Getting Started Using Splunk MINT

Documents
mickey c's bagels

mickey c's bagels

Documents
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Technology
Midtown Bagels Menu

Midtown Bagels Menu

Documents
Bagels and Brownies - Dossier

Bagels and Brownies - Dossier

Entertainment & Humor
Types of Bagels

Types of Bagels

Food
Splunk in Rakuten: Splunk as a Service for all

Splunk in Rakuten: Splunk as a Service for all

Retail
FireEye Splunk InterFireEye + Splunk: Intermediate Guidemediate Guide

FireEye Splunk InterFireEye + Splunk: Intermediate Guidemediate Guide

Documents
ReversingLabs Explainable Threat Intelligence Enriches ... Data Sheets/RL-Splunk...sent to Splunk. • In Splunk, the TitaniumScale report is correlated with other available Splunk

ReversingLabs Explainable Threat Intelligence Enriches ... Data Sheets/RL-Splunk...sent to Splunk. • In Splunk, the TitaniumScale report is correlated with other available Splunk

Documents
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit

Splunk .conf2011: Splunk for Fraud and Forensics at Intuit

Technology
Rivium Splunk Windows · o Splunk Enterprise Security * o uberAgent* o Splunk App for Web Analytics Common Splunk Apps & Add-ons 15 SplunkingWIndows o Splunk Add-on for Microsoft

Rivium Splunk Windows · o Splunk Enterprise Security * o uberAgent* o Splunk App for Web Analytics Common Splunk Apps & Add-ons 15 SplunkingWIndows o Splunk Add-on for Microsoft

Documents
Sociable Objects Workshop · 1147 bytes 129910 bytes 3802 bytes 47321 bytes 11261 bytes 17638 bytes 155588 bytes 6969 bytes 26935 bytes Upload File: Upload Manage Files Choose File

Sociable Objects Workshop · 1147 bytes 129910 bytes 3802 bytes 47321 bytes 11261 bytes 17638 bytes 155588 bytes 6969 bytes 26935 bytes Upload File: Upload Manage Files Choose File

Documents
Chapter 1 Introduction - NCKU · • Storage Capacities – KB (kilobyte) = 210 Bytes = 1,024 Bytes 103 Bytes – MB (megabyte) = 220 Bytes = 1,024 KB = 1,048,576 Bytes 106 Bytes

Chapter 1 Introduction - NCKU · • Storage Capacities – KB (kilobyte) = 210 Bytes = 1,024 Bytes 103 Bytes – MB (megabyte) = 220 Bytes = 1,024 KB = 1,048,576 Bytes 106 Bytes

Documents