Weitere ähnliche Inhalte Ähnlich wie SplunkLive! Denver - Nov 2012 - Interac (20) Kürzlich hochgeladen (20) SplunkLive! Denver - Nov 2012 - Interac2. Interac Association/Acxsys Corporation
Interac Association
– Formed in 1984
– Responsible for the development and operations of the Inter-Member
Network (IMN)
– Services include Interac Cash, Interac Debit and the contactless
enhancement Interac Flash
Acxsys Corporation
– Founded in 1996
– Provides management services to the association
– Specializes in the development & operation of new payment service
opportunities.
– Services include Interac Online, Interac e-Transfer and international
services
Toronto May 3, 2012 2 Copyright © 2011, Splunk Inc.
3. Key Challenges Before Splunk
Fault occurs Confusion ensues Weekend work No clarity, much stress
Many different log formats Slow incident and fault response times
Variety of tools for incident investigation Lack of single point of visibility across
and root cause analysis entire infrastructure
Toronto May 3, 2012 3 Copyright © 2011, Splunk Inc.
4. Originally Why Splunk?
Security was the original driver
Looking for a log management solution
– Reviewed LogLogic, ArcSight, others
– Bought on Price, Speed, Support for Open Source platforms
– Bring logs together in a single system
– Try and Buy model
Better view of network and application activity
Toronto May 3, 2012 4 Copyright © 2011, Splunk Inc.
5. The Splunk Adventure…
Downloaded Splunk Free
Immediately producing reports/metrics previously unavailable
Obtained trial enterprise license
Debuted reports to management, secured funding and resources
Focused on first building an application
for Security
Applications then built for Infrastructure,
Development and Operations
Toronto May 3, 2012 5 Copyright © 2011, Splunk Inc.
6. Whats Feeding Splunk
Centralized logging and distributed Splunk Universal Forwarders feeding
the right combination of data sources.
– Active Directory
– IPS/HIPS
– Host performance data
– Syslog
– Custom application data
– AV Data
– Webserver logs
– Firewall data
– Enterprise storage metrics
– VPN data
– Database audit logs
– SNMP data
– SSO application data
– Backup event data
– External sources (ie. blacklists)
– Proxy logs
– Physical Badge Access Data
Toronto May 3, 2012 6 Copyright © 2011, Splunk Inc.
7. Splunk Use Cases
Application
Monitoring Traffic
Monitoring and
Troubleshooting
and Trends
Reporting for
Enterprise Storage Security Analysis
System
Toronto May 3, 2012 Copyright © 2011, Splunk Inc.
8. Continuous Infrastructure Monitoring
Alerting on various application, system and environmental thresholds
Event correlation to identify a variety of attacks or issues
Data loss prevention
Alerting on “out of the norm”
privilege escalations
VPN summary and utilization times
Change reporting –
applications, users, groups, etc…
Toronto May 3, 2012 8 Copyright © 2011, Splunk Inc.
9. Our Splunk Apps
What we’ve built...
• Enterprise Storage Analytics App for Hitachi USP Series
• In-house Application Monitoring App
• In-house Operational Monitoring App
• In-house Systems Management App
• RSA SecurID Appliance Reporting App (available on Splunkbase!)
• Barracuda Web Filter Reporting App (available on Splunkbase!)
Toronto May 3, 2012 9 Copyright © 2011, Splunk Inc.
10. Building an Enterprise Security App
Worked with the Security dept.
GQM (Goal-Question-Metric) approach to understand
their goals and map to metrics
Worked with IT architecture and development
Menu and form driven – users can quickly find the view
and information they need
Over 80 reports driven through 8 menus and
26 individual views!
Toronto May 3, 2012 10 Copyright © 2011, Splunk Inc.
11. Enterprise Security App
Menu driven
navigation
Easily access the
reports need
Enables better
control and policy
decisions
Toronto May 3, 2012 11 Copyright © 2011, Splunk Inc.
12. HDS Enterprise Storage Analytics App
Provides the ability
to easily drill down
resource utilization
by
host, port, parity
group & cache
partition.
Easily identify
bottlenecks
Allows to access
activity in near
real-time
Toronto May 3, 2012 12 Copyright © 2011, Splunk Inc.
13. RSA SecurID Appliance Reporting App
• Provides entire view
of all actions against
your SecurID
appliance
• Understand user
actions, admin
actions, etc…
• Identify “out of the
norm” events over
short time frames.
• Dashboards:
Summary, User
Activity, Network
Activity & Event
Search Form
Toronto May 3, 2012 13 Copyright © 2011, Splunk Inc.
14. In-house Application Monitoring
• Provides access to production data without • Understand function & method calls –
need for access to production systems execution times, responses, size of
• Ability to understand user actions calls, etc…
throughout their lifetime in the application
Toronto May 3, 2012 14 Copyright © 2011, Splunk Inc.
15. Splunk Benefits
Reports formatted to support BU’s across their use cases
A more proactive view of the applications and infrastructure
Helped restructure our environment and applications
Faster investigations & fault identification
Improved performance of business initiatives such as
marketing campaigns
Simplified business processes meaning resource time is
freed up allowing for focus on new initiatives.
Toronto May 3, 2012 15 Copyright © 2011, Splunk Inc.
16. Tips for Selling Splunk Internally
Know your audience
Understand requirements
& budgets
Simplify “Big Data”
Listen…
Toronto May 3, 2012 16 Copyright © 2011, Splunk Inc.
17. Achievement Unlocked - ROI FTW!
• Provides $100,000 ROI as an analytics engine for our enterprise storage system
• File delivery issues were previously costing $1,125 per incident with an avg. of one
incident per week costing $58,500 per year.
– Splunk reduced the cost per incident to $75 or $3900 per year -- $54,600 savings per year!!
• Extensive soft cost savings:
– Ability to configure real-time alerts for quicker response times preventing potential data & profit loss.
– Improved performance of business initiatives such as marketing campaigns
• Splunk TCO is less than 10% of the $$ savings.
Splunk increases productivity for our Security
department by approximately $500,000 per year!
Toronto May 3, 2012 17 Copyright © 2011, Splunk Inc.
Hinweis der Redaktion Interac Association, formed in 1984, is responsible for the development and operations of the Inter-Member Network (IMN), a national payment network that allows Canadians to access their money through Automated Banking Machines and Point-of-Sale terminals across Canada. Services include Interac Cash, Interac Debit and the contactless enhancement Interac Flash.Acxsys Corporation, founded in 1996, provides management services to the association and specializes in the development and operation of new payment service opportunities. Services include Interac Online, Interac e-Transfer and international services, which provide Canadian cardholders with POS access at nearly 2 million U.S. retailers, and PULSE, Discover, Diners Club International and China UnionPay cardholders access to ABMs in Canada