Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (9)
Ähnlich wie Equinix Customer Presentation
Ähnlich wie Equinix Customer Presentation (20)
Mehr von Splunk
Mehr von Splunk (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Equinix Customer Presentation
- 1. Copyright © 2015 Splunk Inc. Splunk Cloud at Equinix Brian Lillie, CIO
- 2. 2 Brian Lillie Chief Information Officer, Equinix @coachlillie
- 3. 3 About Equinix As the world's largest data center company, we provide global leaders the power of interconnection: the ability to connect to many customers and partners in many regions— accelerating business performance and creating new opportunities.
- 4. 4 About Coach Lillie My role at Equinix My team’s mission My favorite Splunk tee-shirt tag line One fun fact about me
- 5. 5 Equinix Global InfoSec Program Drivers
- 6. 6 Equinix Vision for SIEM SIEM is key to any security platform today We were very early in adopting a “SIEM in the Cloud” vision and strategy With a traditional on premise SIEM, we didn’t think we would have value right out of the box Been searching for awhile… “…we pushed the vision of SIEM in the Cloud for years…”
- 7. 7 Why did we want a Cloud SIEM Solution? Flexibility Subscription Model Eliminates the need to feel ‘married’ to a system – easier to unsubscribe if it doesn’t fit Price Less Expensive At least 50% lower TCO compared to deploying an on- premises SIEM Ease/Speed Minimal PS Easy data ingestion and easy deployment that doesn’t require an army to set-up (when most data is generated on-premises)
- 8. 8 What Cloud SIEM Was Right for Equinix? Splunk Cloud with ES gave us a starting point Met a variety of our use cases: ability to handle multiple types of data (and speeds and feeds), apps marketplace, correlation rules engine, and enterprise-level security view We gained VALUE immediately out of the box; now a platform to build upon +
- 9. 9 Why we selected Splunk Cloud Databases Networks Servers Web Services Smartphones and Devices Custom Applications Security Universal SearchApp Ecosystem Single Pane of Glass Certified Guaranteed 100% Uptime SLA And More…
- 10. 10 “…Our goal is to protect customers, employees & data.” How We Use Splunk Cloud Malware Protection User Account Protection Data Leakage Protection
- 11. 11 Splunk Cloud Deployment @Equinix Aggregation Correlation Collection Validation
- 12. 12 Promising Results Before Individual Silos Time-Consuming Reporting Manual Troubleshooting Monitoring 20 Billion Raw Events After 20 Billion Raw Events Reduced toThrough 12,000 Events Reduced to 20 Actionable Alerts
- 14. 14 What’s Next for Equinix Global Security Team standardizing on Splunk Cloud Use insights to build out a Security Operations Center Expand use of Splunk Cloud to the Global Server and Network teams Use Splunk to help integrate acquisitions
- 15. 15 Top Takeaways SIEM in the cloud is the way to go SIEM with an Enterprise-level “Helicopter view” for the CIO is a must Splunk Cloud is a GREAT choice to meet these needs: – Splunk Cloud is a service and requires much less staff to operate (less cost) – Splunk Cloud is less complex to implement and operate – Splunk Cloud with ES is a true security SIEM – SOC 2 Type II certified, 100 percent uptime SLA – Splunk Cloud reduced the time to resolve/respond to security incidents – out of the box
- 16. Q 1 & A
Hinweis der Redaktion
- George wanted SIEM in the Cloud solution. (ES) SIEM is major achievements of any security system Going into ES, we realized that any SIEM solution – there’s going to be a lot of work. We knew going in that there would be a considerable effort building it out. We knew it wasn’t going to be SIEM out of the box.
- WHY DID YOU CHOOSE a CLOUD BASED? Cost was number one. Capex vs. Opex. Wanted something that we could turn up quickly and manage easily. Minimize costs for storage, systems monitoring, managing data bases Cloud vs. on-prem value prop Didn’t want anything I had to deploy manually Subscribe, use it, marry myself and then unmarry myself. Subscription is a lot easier
- VALUE out of the Box? Every organization has different use cases…but every solution would help us frame our use cases. (uptime, sensitivity of data, systems vulnerability) Needed a starting point. That’s what ES gave us out of the box From there, we produced a final list that allowed us to operate a system based on our use cases.
- COMPARED to other CLOUD SOLUTIONS As a SIEM in the cloud, what drew me into ES. We have APPs marketplace. Most of the other customers don’t have the APPs or lenses into the data. Most are free. Other vendors, don’t have those. If we had engaged with other vendors, we would have to build those out. Apps are great, but they help you frame the data. Now we can compare it and add in our own use cases. As you get through the process of getting operational, were there other areas of differentiation? Ability to search…across all data sets. Ability to do this across all data sets is really powerful. Searching is 101.
- USE CASES TODAY Malware protection – across all platforms (laptops, mobile, …) Protecting user accounts – if a user logs in SF and Hong Kong simultaneously – detecting account compromise Data leakage protection (SFDC app) – preventing malicious employee behavior High priority: Care about data. Care about business being able to function. Target the things that typically have negative impact. Malware. We have a security infrastructure that shows us malware on desk tops and servers ES alerts us to systems with malware – phoning home or ES allows us to protect users. If a user is logging on in silicon valley and log in 10 seconds later in hong kong…compromised system? How do we monitor the security of our users
- Had significant global structure – Firewall, VPN, active directory, but no SIEM… Operating with a security infrastructure…splunk allowed us to aggregate this. One dashboard. Splunk ES. Allows my guys to not have to go out to each different security system to monitor Before, we didn’t have a way to correlate between the security systems. Big value add is correlation. Aggregation and correlation. Get everything into a single place and then correlate… Data feeds/sets – Qualys security, Cisco firewalls, load balancers, salesforce.com, tripwire, open VPN, Unyx and Windows (Splunk App), Juniper Firewalls, Palo Alto Salesforce – data leakage protection – very sensitive and critical to the business. Manage malicious employees who may be forklifting data. Certain algorythms and data that looks suspicious Salesforce App – gives you good data but doesn’t really provide enough intelligence to determine Separate from security use cases, Salesforce app is pretty slick. How we accomplish this (New Slide) Log aggregation Log correlation Data sources: (Qualys, Palo Alto Networks, Cisco, F5, Salesforce.com, Tripwire, Open VPN, Unix, Windows, Application logs, Juniper)
- We had almost 20 billion raw events to monitor. Within Splunk Cloud we built 50 correlation rules. Now we look at critical and high only priority events only. This reduced the 20 billion to 12,000. That’s the story.”
- Talk about your personal CIO Dashboard and the operational intelligence it provides you.
- ARE OTHER TEAMS USING SPLUNK at Equinix? Security – Now – How many folks. 6 people. Infrastructure for monitoring app performance DevOps…looking to Splunk to bake prcesses into development. Triggered alerts. Service down, KPIs, LOOKING AT HURRICANE LABS TO HELP OPERATE BETTER IN THIS ENVIRONMENT. Help manage Splunk. Write correlation events as we define them in terms of use cases. Use a service skilled in that work rather than doing it themselves. Security ops center
- NOTIONAL DEPLOYMENT COST savings? Vs. arcsight, maybe saved half. Splunk Cloud is half of what the cost of something like arcsight. Value: One of the biggest factors is how the environment is managed. With arcsight, you have to hire an army of professional services to get it set up, manage data bases, and then tune it. On going work. Cannot tune it and leave it. Data sources into Splunk…then turning correlation and mapping to use cases. We are a little easier because we can work to define the use cases and then do the code. More complexity on the arcsight side – less on the Splunk ES COMPLIANCE/CERTIFICATIONS IMPORTANT Really use this for security use cases SPLUNK CLOUD – SOC 2 Type II certified Very important Very sensitive Certifications that attest to the protection of the data 100 PERCENT UPTIME Didn’t track that with others? SLA still going Never seen anywhere else offer that