SplunkLive! Denver - Nov 2012 - Interac
•
0 gefällt mir•791 views
This document discusses Interac Association/Acxsys Corporation and how Josh Diakun uses Splunk. It provides the following information: - Interac Association was formed in 1984 and operates the Inter-Member Network, providing services like Interac Cash and Debit. Acxsys Corporation was founded in 1996 and provides management services to Interac Association. - Before Splunk, Josh faced challenges like slow incident response, a lack of single visibility across infrastructure, and stress due to unclear root causes. Splunk helped address these by consolidating logs and providing faster investigations. - Josh built several apps with Splunk like ones for enterprise storage, security analysis, and application monitoring to help various business units with control
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie SplunkLive! Denver - Nov 2012 - Interac
Ähnlich wie SplunkLive! Denver - Nov 2012 - Interac (20)
Mehr von Splunk
Mehr von Splunk (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
SplunkLive! Denver - Nov 2012 - Interac
- 1. Interac/Acxsys Corporation Josh Diakun Specialist, Info Security Operations twitter: @iam_joshd #splunklive
- 2. Interac Association/Acxsys Corporation Interac Association – Formed in 1984 – Responsible for the development and operations of the Inter-Member Network (IMN) – Services include Interac Cash, Interac Debit and the contactless enhancement Interac Flash Acxsys Corporation – Founded in 1996 – Provides management services to the association – Specializes in the development & operation of new payment service opportunities. – Services include Interac Online, Interac e-Transfer and international services Toronto May 3, 2012 2 Copyright © 2011, Splunk Inc.
- 3. Key Challenges Before Splunk Fault occurs Confusion ensues Weekend work No clarity, much stress Many different log formats Slow incident and fault response times Variety of tools for incident investigation Lack of single point of visibility across and root cause analysis entire infrastructure Toronto May 3, 2012 3 Copyright © 2011, Splunk Inc.
- 4. Originally Why Splunk? Security was the original driver Looking for a log management solution – Reviewed LogLogic, ArcSight, others – Bought on Price, Speed, Support for Open Source platforms – Bring logs together in a single system – Try and Buy model Better view of network and application activity Toronto May 3, 2012 4 Copyright © 2011, Splunk Inc.
- 5. The Splunk Adventure… Downloaded Splunk Free Immediately producing reports/metrics previously unavailable Obtained trial enterprise license Debuted reports to management, secured funding and resources Focused on first building an application for Security Applications then built for Infrastructure, Development and Operations Toronto May 3, 2012 5 Copyright © 2011, Splunk Inc.
- 6. Whats Feeding Splunk Centralized logging and distributed Splunk Universal Forwarders feeding the right combination of data sources. – Active Directory – IPS/HIPS – Host performance data – Syslog – Custom application data – AV Data – Webserver logs – Firewall data – Enterprise storage metrics – VPN data – Database audit logs – SNMP data – SSO application data – Backup event data – External sources (ie. blacklists) – Proxy logs – Physical Badge Access Data Toronto May 3, 2012 6 Copyright © 2011, Splunk Inc.
- 7. Splunk Use Cases Application Monitoring Traffic Monitoring and Troubleshooting and Trends Reporting for Enterprise Storage Security Analysis System Toronto May 3, 2012 Copyright © 2011, Splunk Inc.
- 8. Continuous Infrastructure Monitoring Alerting on various application, system and environmental thresholds Event correlation to identify a variety of attacks or issues Data loss prevention Alerting on “out of the norm” privilege escalations VPN summary and utilization times Change reporting – applications, users, groups, etc… Toronto May 3, 2012 8 Copyright © 2011, Splunk Inc.
- 9. Our Splunk Apps What we’ve built... • Enterprise Storage Analytics App for Hitachi USP Series • In-house Application Monitoring App • In-house Operational Monitoring App • In-house Systems Management App • RSA SecurID Appliance Reporting App (available on Splunkbase!) • Barracuda Web Filter Reporting App (available on Splunkbase!) Toronto May 3, 2012 9 Copyright © 2011, Splunk Inc.
- 10. Building an Enterprise Security App Worked with the Security dept. GQM (Goal-Question-Metric) approach to understand their goals and map to metrics Worked with IT architecture and development Menu and form driven – users can quickly find the view and information they need Over 80 reports driven through 8 menus and 26 individual views! Toronto May 3, 2012 10 Copyright © 2011, Splunk Inc.
- 11. Enterprise Security App Menu driven navigation Easily access the reports need Enables better control and policy decisions Toronto May 3, 2012 11 Copyright © 2011, Splunk Inc.
- 12. HDS Enterprise Storage Analytics App Provides the ability to easily drill down resource utilization by host, port, parity group & cache partition. Easily identify bottlenecks Allows to access activity in near real-time Toronto May 3, 2012 12 Copyright © 2011, Splunk Inc.
- 13. RSA SecurID Appliance Reporting App • Provides entire view of all actions against your SecurID appliance • Understand user actions, admin actions, etc… • Identify “out of the norm” events over short time frames. • Dashboards: Summary, User Activity, Network Activity & Event Search Form Toronto May 3, 2012 13 Copyright © 2011, Splunk Inc.
- 14. In-house Application Monitoring • Provides access to production data without • Understand function & method calls – need for access to production systems execution times, responses, size of • Ability to understand user actions calls, etc… throughout their lifetime in the application Toronto May 3, 2012 14 Copyright © 2011, Splunk Inc.
- 15. Splunk Benefits Reports formatted to support BU’s across their use cases A more proactive view of the applications and infrastructure Helped restructure our environment and applications Faster investigations & fault identification Improved performance of business initiatives such as marketing campaigns Simplified business processes meaning resource time is freed up allowing for focus on new initiatives. Toronto May 3, 2012 15 Copyright © 2011, Splunk Inc.
- 16. Tips for Selling Splunk Internally Know your audience Understand requirements & budgets Simplify “Big Data” Listen… Toronto May 3, 2012 16 Copyright © 2011, Splunk Inc.
- 17. Achievement Unlocked - ROI FTW! • Provides $100,000 ROI as an analytics engine for our enterprise storage system • File delivery issues were previously costing $1,125 per incident with an avg. of one incident per week costing $58,500 per year. – Splunk reduced the cost per incident to $75 or $3900 per year -- $54,600 savings per year!! • Extensive soft cost savings: – Ability to configure real-time alerts for quicker response times preventing potential data & profit loss. – Improved performance of business initiatives such as marketing campaigns • Splunk TCO is less than 10% of the $$ savings. Splunk increases productivity for our Security department by approximately $500,000 per year! Toronto May 3, 2012 17 Copyright © 2011, Splunk Inc.
Hinweis der Redaktion
- Interac Association, formed in 1984, is responsible for the development and operations of the Inter-Member Network (IMN), a national payment network that allows Canadians to access their money through Automated Banking Machines and Point-of-Sale terminals across Canada. Services include Interac Cash, Interac Debit and the contactless enhancement Interac Flash.Acxsys Corporation, founded in 1996, provides management services to the association and specializes in the development and operation of new payment service opportunities. Services include Interac Online, Interac e-Transfer and international services, which provide Canadian cardholders with POS access at nearly 2 million U.S. retailers, and PULSE, Discover, Diners Club International and China UnionPay cardholders access to ABMs in Canada