SlideShare ist ein Scribd-Unternehmen logo

Splunklive! Stockholm 2015 - IKEA

Splunk
Splunk

This document summarizes IKEA's journey to implementing Splunk as their security information and event management (SIEM) tool and for additional use cases. IKEA replaced their legacy SIEM due to scalability issues and a need to support more data sources and users. They initially brought in eCommerce data which provided valuable insights. This led additional teams to also use Splunk. IKEA implemented role-based access controls in Splunk to separate sensitive data access. They developed a standard approach to deploying Splunk forwarders across their infrastructure. This enabled centralized security monitoring, IT operations support and business analytics across the enterprise.

Technologie
1 von 39
Downloaden Sie, um offline zu lesen
Copyright  ©  2015  Splunk  Inc.   Magnus  Johansson   Splunk  Ninja  @  IKEA   IKEA’s  journey  to  end-­‐to-­‐end  visibility:     From  e-­‐commerce  to  security  
2   Personal  introducLon   !   Magnus  Johansson     !   Splunk  Ninja  @  IKEA   !   Worked  with  security  for  8  years   !   Linux  geek  since  way  back   !   Live  in  the  capital  of  IKEA  country,  Älmhult   2  
3   Agenda   !   Why  did  we  exchange  the  current  SIEM   !   Access  control  in  a  mulLtenancy  environment   !   Splunk  part  of  our  technical  standard   !   How  to  handle  unknown  syslog  feeds   !   Security  posture  and  business  value   !   Key  benefits   3  
4   IKEA  Journey   4   Legacy     SIEM   New  SIEM     Requirements   eCommerce   IT  Ops   Enterprise-­‐wide   Security     More  than   a  SIEM  
Copyright  ©  2015  Splunk  Inc.   Why  did  we  exchange  the   old  SIEM  
6   Why  Did  We  Change  SIEM   Legacy  SIEM   New  Requirements   Splunk   Scalability   Expensive  @  200GB/day     Difficult  to  grow     needed  +10  TB/day   ✔   User  #   Limited  user  support  (sec  team)   1,000s   ✔   Role-­‐based   Access   Single  view/control  of  data   Full  Role-­‐based  access   control   ✔   Data  supported   Problem  imporLng  desired  data     Ability  to  import  all  types  of   data   ✔   PlaCorm/cost   Appliance  gets  old,  unable  to  scale   in  cost  effecLve  manner   Sogware  to  adjust  compuLng   infrastructure  easily   ✔   Security  and   other  use  case   Security  only   Security,  IT,  eCommerce,   Business   ✔   6  
7   Big  Win  on  the  way  to  SIEM  Replacement   7   Legacy     SIEM   New  SIEM     Requirements   eCommerce  +     Business  AnalyLcs   IT  Ops   Enterprise-­‐wide   Security     More  than   a  SIEM   Let’s  bring  eCommerce  data  in  first…    
8   The  response  from  eCommerce  team   !   Went  from  reacLve  troubleshooLng   –  Customer  sent  an  e-­‐mail  and  complained,  the  SSH  and  GREP  session  started,   could  take  days  to  weeks   –  Only  one  data  source  per  Lme   !   To  proacLve  troubleshooLng   –  MulLple  data  sources  and  correlaLons   –  Dashboard  that  shows  environment  status,  including  business  impact   –  CPU,  memory  uLlizaLon,  capacity  planning   –  Could  troubleshoot  in  minutes   8  
9   9  
10   Wow,  this  is  great,  we  need  more!   !   AddiLonal  1TB  license  ager  3  month   !   AddiLonal  teams  as  well  as  eCommerce  wanted  to  add  data   !   ExisLng  environment  was  expanded   !   Business  analyLcs   –  Real  Lme  sales  compared  to  last  week  for  the  major  regions   –  Payment  provider  availability   –  Performance  of  Akamai   –  Business  process  tracing  (orders  that  takes  longer  than  10  seconds  to  process)   10  
11   New  insight  and  replacements  using  Splunk   !   NEW  -­‐  Monitor  applicaLon  and  business  processes   !   NEW  -­‐  Get  insight  in  black  boxes   !   NEW  -­‐  Replaced  other  monitoring  soluLons   !   NEW  -­‐  Splunk  can  handle  our  complex  environment   !   Broken  link  app  to  each  area   11  
12   ImplemenLng  Splunk  as  SIEM   12   Legacy     SIEM   New  SIEM     Requirements   eCommerce  +     Business  AnalyLcs   Enterprise-­‐wide   Security     More  than   a  SIEM   More  data,  more  users   New  SIEM     ImplementaLon  
Copyright  ©  2015  Splunk  Inc.   Access  control  in  a     mulL-­‐tenancy  environment   13  
14   How  to  provide  granular  access  control   !   SeparaLon  of  data   !   Possibility  to  share  data   !   Reports  without  access  to  raw  data   !   Each  area  has  its  own  index   14  
15   Access  to  mixed  indexes   !   ApplicaLon  teams  need  informaLon  various  indexes   15   Oracle  Linux   Business  service   Subset  of  data   Subset  of  data  
16   Search  filter  restricLons   !   Blacklist  approach:   –  “NOT  (index=indexname  AND  (blacklis(tem1  OR  blacklis(tem2  OR  …..))”   !   Whitelist  approach:   –  “NOT  (index=indexname  NOT  (whitelis(tem1  OR  whitelis(tem2  OR  …..))”     16  
17   Combine  whitelist  and  blacklist   !   Really  granular  control  to  specific  data   ! srchFilter  =  NOT  (index=linux  NOT  (host=lx4351*  OR  host=lx4352*))   NOT  (index=linux  AND  (sourcetype=linux_secure  OR   sourcetype=pii_data))   17  
Copyright  ©  2015  Splunk  Inc.   Splunk  part  of  our   technical  standard   18  
19   How  to  get  massive  amount  of  data  in   !   How  to  install  Splunk  forwarder  in  400  locaLons   –  1000  AIX  servers   –  3500  Linux  servers   –  5500  Windows  servers   –  100000  Windows  clients     !   Syslog   –  Only  one  load  balancer  with  one  ip  and  port   –  Network  switches,  firewalls,  appliances,  you  name  it     19  
20   Step  by  step  approach   !   Started  with  Linux     !   Part  of  Standard  OperaLng  Environment   !   Bundle  IKEA  specific  configuraLon  in  a  RPM   !   Generic  bootstrap  principle  reused     20  
21   Bootstrap  RPM     !   AutomaLc  domain  specific  configuraLon   –  Closest  deployment  server   –  Closest  index  cluster     !   DistribuLon  of  IKEA  cerLficates   !   Hardening  (bind  to  localhost)   !   Everything  else,  deploy  it  in  an  app!   !   Take  control  of  splunk.secret  file!   21  
Copyright  ©  2015  Splunk  Inc.   Unknown  syslog   feed   22  
23   Syslog  feed  from  various  devices   !   Can’t  control  syslog  devices   !   Unable  to  specify  different  ports  per  type   !   Single  load  balancer   !   New  unknown  feed  to  syslog  index   23  
24   Labor  intensive  manual  work   !   Manual  creaLon  of  inputs.conf   !   Many  different  types  of  source  types   !   Different  customers,  different  desLnaLon  indexes   !   Good  admins  are  lazy   24  
25   Challenge   !   Template  based  configuraLon   !   Create  new  and  update  templates   !   VerificaLon  before  deployment  of  new  code   !   Possibility  to  publish  to  a  GIT  hub   25  
26   SoluLon  TA  generator   !   Workflow  acLon  to  feed  generator   !   Simple  PHP  and  Mysql  driven  webpage   26  
27   SoluLon  TA  generator   !   Select  log  type  and  go!     27  
28   Enterprise  Wide  Security  Using  Splunk   28   Legacy     SIEM   New  SIEM     Requirements   eCommerce  +     Business  AnalyLcs   Enterprise-­‐wide   Security     More  than  a  SIEM…   New  SIEM     ImplementaLon  
Copyright  ©  2015  Splunk  Inc.   Increased  security  posture     in  organisaLon   29  
30   Security  awareness  was  increasing   !   Teams  increased  their  collaboraLon  with  Splunk  as  a  enabler     !   Teams  started  to  look  in  the  “background  noise”   !    New  risk  areas  was  detected   –  “Hey  –  I  think  we  are  hacked!”   –  Awempts  to  bypass  security  mechanisms  (slow-­‐rate  and  brute  force  awacks)   –  Google  search  bot  from  Ukraine?   –  Fraud  awempts   !   Start  small,  do  you  always  need  Splunk  ES?   30  
31   Helpdesk  support  dashboards   !   Access  to  dashboards  without  raw  events       31  
32   Get  clarity  and  overview       32  
Copyright  ©  2015  Splunk  Inc.   Key  benefits   33  
34   Key  benefits   !   Real-­‐Lme  reacLon  instead  of  weeks  later   !   Before  it  was  hard  to  get  access  to  data  –  Now  we  have  a  queue…   !   Splunk  is  a  collaboraLon  enabler  –  teams  works  together  in  a  new  ways   !   Security  put  the  ball  in  play,  business  is  now  our  driver     34  
35   How  to  engage  the  data  owners   !   EducaLon,  educaLon,  educaLon…   –  Help  with  geyng  the  data  in   –  How  to  create  basic  searches   –  How  to  create  dashboards   !   Appoint  local  Splunk  champions  for  each  area   !   Internal  Splunk  Newslewers   !   CompeLLons   !   Splunk  T-­‐Shirts!   35  
36   Security  is  not  the  bad  guys  anymore   Please  take  my  data!!!   36  
Copyright  ©  2015  Splunk  Inc.   Key  takeaways   37  
38   Key  takeaways   !   EducaLon   –  Make  sure  you  educate  yourself  and  the  organizaLon   !   Use  Splunk  PS     !   Think  big  –  act  small   –  Make  sure  your  plan  and  architecture  allows  for  expansion   –  Don’t  try  to  do  all  use-­‐cases/data  sources  at  once   !   The  more  people  using  the  data  the  cheaper  it  becomes!   38  
Splunklive! Stockholm 2015 - IKEA

Empfohlen

SplunkLive! Stockholm 2015 - Klarna
SplunkLive! Stockholm 2015 - KlarnaSplunkLive! Stockholm 2015 - Klarna
SplunkLive! Stockholm 2015 - KlarnaSplunk
 
SplunkLive! Stockholm 2015 - Statnett
SplunkLive! Stockholm 2015 - StatnettSplunkLive! Stockholm 2015 - Statnett
SplunkLive! Stockholm 2015 - StatnettSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
Delivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING BankDelivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING BankSplunk
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
SplunkLive! Customer Presentation – Nissan
SplunkLive! Customer Presentation – NissanSplunkLive! Customer Presentation – Nissan
SplunkLive! Customer Presentation – NissanSplunk
 

Empfohlen

SplunkLive! Stockholm 2015 - Klarna
SplunkLive! Stockholm 2015 - KlarnaSplunkLive! Stockholm 2015 - Klarna
SplunkLive! Stockholm 2015 - KlarnaSplunk
 
SplunkLive! Stockholm 2015 - Statnett
SplunkLive! Stockholm 2015 - StatnettSplunkLive! Stockholm 2015 - Statnett
SplunkLive! Stockholm 2015 - StatnettSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
Delivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING BankDelivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING BankSplunk
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
SplunkLive! Customer Presentation – Nissan
SplunkLive! Customer Presentation – NissanSplunkLive! Customer Presentation – Nissan
SplunkLive! Customer Presentation – NissanSplunk
 
Viasat Customer Presentation
Viasat Customer PresentationViasat Customer Presentation
Viasat Customer PresentationSplunk
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Splunk
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionSplunk
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ AdobeSplunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunk
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankSplunk
 
SplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunk
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco Splunk
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunk
 
SplunkLive! London 2016 - Shazam
SplunkLive! London 2016 - ShazamSplunkLive! London 2016 - Shazam
SplunkLive! London 2016 - ShazamSplunk
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunk
 
SplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunk
 
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunk
 
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunk
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-onSplunk
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk
 

Weitere ähnliche Inhalte

Was ist angesagt?

Viasat Customer Presentation
Viasat Customer PresentationViasat Customer Presentation
Viasat Customer PresentationSplunk
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Splunk
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionSplunk
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ AdobeSplunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunk
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankSplunk
 
SplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunk
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco Splunk
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunk
 
SplunkLive! London 2016 - Shazam
SplunkLive! London 2016 - ShazamSplunkLive! London 2016 - Shazam
SplunkLive! London 2016 - ShazamSplunk
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunk
 
SplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunk
 
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunk
 
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunk
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-onSplunk
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 

Was ist angesagt? (20)

Viasat Customer Presentation
Viasat Customer PresentationViasat Customer Presentation
Viasat Customer Presentation
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ Adobe
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING Bank
 
SplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – Harris
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - Exact
 
SplunkLive! London 2016 - Shazam
SplunkLive! London 2016 - ShazamSplunkLive! London 2016 - Shazam
SplunkLive! London 2016 - Shazam
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary Session
 
SplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom Direct
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für Security
 
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
 
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk Enterprise
 

Ähnlich wie Splunklive! Stockholm 2015 - IKEA

SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop Splunk
 
Gartner Catalyst 2015 Customer Presentation - MindTouch
Gartner Catalyst 2015 Customer Presentation - MindTouchGartner Catalyst 2015 Customer Presentation - MindTouch
Gartner Catalyst 2015 Customer Presentation - MindTouchSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunk
 
SplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's PizzaSplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's PizzaSplunk
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITOld Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITPrecisely
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeSplunk
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsSplunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsTimur Bagirov
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunk
 

Ähnlich wie Splunklive! Stockholm 2015 - IKEA (20)

SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS)
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop
 
Gartner Catalyst 2015 Customer Presentation - MindTouch
Gartner Catalyst 2015 Customer Presentation - MindTouchGartner Catalyst 2015 Customer Presentation - MindTouch
Gartner Catalyst 2015 Customer Presentation - MindTouch
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security Ninjitsu
 
SplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's PizzaSplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's Pizza
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk Enterprise
 
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe ITOld Dogs, New Tricks: Big Data from and for Mainframe IT
Old Dogs, New Tricks: Big Data from and for Mainframe IT
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNow
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsSplunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT Operations
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
 

Mehr von Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

Mehr von Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Kürzlich hochgeladen

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Kürzlich hochgeladen (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Splunklive! Stockholm 2015 - IKEA

  • 1. Copyright  ©  2015  Splunk  Inc.   Magnus  Johansson   Splunk  Ninja  @  IKEA   IKEA’s  journey  to  end-­‐to-­‐end  visibility:     From  e-­‐commerce  to  security  
  • 2. 2   Personal  introducLon   !   Magnus  Johansson     !   Splunk  Ninja  @  IKEA   !   Worked  with  security  for  8  years   !   Linux  geek  since  way  back   !   Live  in  the  capital  of  IKEA  country,  Älmhult   2  
  • 3. 3   Agenda   !   Why  did  we  exchange  the  current  SIEM   !   Access  control  in  a  mulLtenancy  environment   !   Splunk  part  of  our  technical  standard   !   How  to  handle  unknown  syslog  feeds   !   Security  posture  and  business  value   !   Key  benefits   3  
  • 4. 4   IKEA  Journey   4   Legacy     SIEM   New  SIEM     Requirements   eCommerce   IT  Ops   Enterprise-­‐wide   Security     More  than   a  SIEM  
  • 5. Copyright  ©  2015  Splunk  Inc.   Why  did  we  exchange  the   old  SIEM  
  • 6. 6   Why  Did  We  Change  SIEM   Legacy  SIEM   New  Requirements   Splunk   Scalability   Expensive  @  200GB/day     Difficult  to  grow     needed  +10  TB/day   ✔   User  #   Limited  user  support  (sec  team)   1,000s   ✔   Role-­‐based   Access   Single  view/control  of  data   Full  Role-­‐based  access   control   ✔   Data  supported   Problem  imporLng  desired  data     Ability  to  import  all  types  of   data   ✔   PlaCorm/cost   Appliance  gets  old,  unable  to  scale   in  cost  effecLve  manner   Sogware  to  adjust  compuLng   infrastructure  easily   ✔   Security  and   other  use  case   Security  only   Security,  IT,  eCommerce,   Business   ✔   6  
  • 7. 7   Big  Win  on  the  way  to  SIEM  Replacement   7   Legacy     SIEM   New  SIEM     Requirements   eCommerce  +     Business  AnalyLcs   IT  Ops   Enterprise-­‐wide   Security     More  than   a  SIEM   Let’s  bring  eCommerce  data  in  first…    
  • 8. 8   The  response  from  eCommerce  team   !   Went  from  reacLve  troubleshooLng   –  Customer  sent  an  e-­‐mail  and  complained,  the  SSH  and  GREP  session  started,   could  take  days  to  weeks   –  Only  one  data  source  per  Lme   !   To  proacLve  troubleshooLng   –  MulLple  data  sources  and  correlaLons   –  Dashboard  that  shows  environment  status,  including  business  impact   –  CPU,  memory  uLlizaLon,  capacity  planning   –  Could  troubleshoot  in  minutes   8  
  • 9. 9   9  
  • 10. 10   Wow,  this  is  great,  we  need  more!   !   AddiLonal  1TB  license  ager  3  month   !   AddiLonal  teams  as  well  as  eCommerce  wanted  to  add  data   !   ExisLng  environment  was  expanded   !   Business  analyLcs   –  Real  Lme  sales  compared  to  last  week  for  the  major  regions   –  Payment  provider  availability   –  Performance  of  Akamai   –  Business  process  tracing  (orders  that  takes  longer  than  10  seconds  to  process)   10  
  • 11. 11   New  insight  and  replacements  using  Splunk   !   NEW  -­‐  Monitor  applicaLon  and  business  processes   !   NEW  -­‐  Get  insight  in  black  boxes   !   NEW  -­‐  Replaced  other  monitoring  soluLons   !   NEW  -­‐  Splunk  can  handle  our  complex  environment   !   Broken  link  app  to  each  area   11  
  • 12. 12   ImplemenLng  Splunk  as  SIEM   12   Legacy     SIEM   New  SIEM     Requirements   eCommerce  +     Business  AnalyLcs   Enterprise-­‐wide   Security     More  than   a  SIEM   More  data,  more  users   New  SIEM     ImplementaLon  
  • 13. Copyright  ©  2015  Splunk  Inc.   Access  control  in  a     mulL-­‐tenancy  environment   13  
  • 14. 14   How  to  provide  granular  access  control   !   SeparaLon  of  data   !   Possibility  to  share  data   !   Reports  without  access  to  raw  data   !   Each  area  has  its  own  index   14  
  • 15. 15   Access  to  mixed  indexes   !   ApplicaLon  teams  need  informaLon  various  indexes   15   Oracle  Linux   Business  service   Subset  of  data   Subset  of  data  
  • 16. 16   Search  filter  restricLons   !   Blacklist  approach:   –  “NOT  (index=indexname  AND  (blacklis(tem1  OR  blacklis(tem2  OR  …..))”   !   Whitelist  approach:   –  “NOT  (index=indexname  NOT  (whitelis(tem1  OR  whitelis(tem2  OR  …..))”     16  
  • 17. 17   Combine  whitelist  and  blacklist   !   Really  granular  control  to  specific  data   ! srchFilter  =  NOT  (index=linux  NOT  (host=lx4351*  OR  host=lx4352*))   NOT  (index=linux  AND  (sourcetype=linux_secure  OR   sourcetype=pii_data))   17  
  • 18. Copyright  ©  2015  Splunk  Inc.   Splunk  part  of  our   technical  standard   18  
  • 19. 19   How  to  get  massive  amount  of  data  in   !   How  to  install  Splunk  forwarder  in  400  locaLons   –  1000  AIX  servers   –  3500  Linux  servers   –  5500  Windows  servers   –  100000  Windows  clients     !   Syslog   –  Only  one  load  balancer  with  one  ip  and  port   –  Network  switches,  firewalls,  appliances,  you  name  it     19  
  • 20. 20   Step  by  step  approach   !   Started  with  Linux     !   Part  of  Standard  OperaLng  Environment   !   Bundle  IKEA  specific  configuraLon  in  a  RPM   !   Generic  bootstrap  principle  reused     20  
  • 21. 21   Bootstrap  RPM     !   AutomaLc  domain  specific  configuraLon   –  Closest  deployment  server   –  Closest  index  cluster     !   DistribuLon  of  IKEA  cerLficates   !   Hardening  (bind  to  localhost)   !   Everything  else,  deploy  it  in  an  app!   !   Take  control  of  splunk.secret  file!   21  
  • 22. Copyright  ©  2015  Splunk  Inc.   Unknown  syslog   feed   22  
  • 23. 23   Syslog  feed  from  various  devices   !   Can’t  control  syslog  devices   !   Unable  to  specify  different  ports  per  type   !   Single  load  balancer   !   New  unknown  feed  to  syslog  index   23  
  • 24. 24   Labor  intensive  manual  work   !   Manual  creaLon  of  inputs.conf   !   Many  different  types  of  source  types   !   Different  customers,  different  desLnaLon  indexes   !   Good  admins  are  lazy   24  
  • 25. 25   Challenge   !   Template  based  configuraLon   !   Create  new  and  update  templates   !   VerificaLon  before  deployment  of  new  code   !   Possibility  to  publish  to  a  GIT  hub   25  
  • 26. 26   SoluLon  TA  generator   !   Workflow  acLon  to  feed  generator   !   Simple  PHP  and  Mysql  driven  webpage   26  
  • 27. 27   SoluLon  TA  generator   !   Select  log  type  and  go!     27  
  • 28. 28   Enterprise  Wide  Security  Using  Splunk   28   Legacy     SIEM   New  SIEM     Requirements   eCommerce  +     Business  AnalyLcs   Enterprise-­‐wide   Security     More  than  a  SIEM…   New  SIEM     ImplementaLon  
  • 29. Copyright  ©  2015  Splunk  Inc.   Increased  security  posture     in  organisaLon   29  
  • 30. 30   Security  awareness  was  increasing   !   Teams  increased  their  collaboraLon  with  Splunk  as  a  enabler     !   Teams  started  to  look  in  the  “background  noise”   !    New  risk  areas  was  detected   –  “Hey  –  I  think  we  are  hacked!”   –  Awempts  to  bypass  security  mechanisms  (slow-­‐rate  and  brute  force  awacks)   –  Google  search  bot  from  Ukraine?   –  Fraud  awempts   !   Start  small,  do  you  always  need  Splunk  ES?   30  
  • 31. 31   Helpdesk  support  dashboards   !   Access  to  dashboards  without  raw  events       31  
  • 32. 32   Get  clarity  and  overview       32  
  • 33. Copyright  ©  2015  Splunk  Inc.   Key  benefits   33  
  • 34. 34   Key  benefits   !   Real-­‐Lme  reacLon  instead  of  weeks  later   !   Before  it  was  hard  to  get  access  to  data  –  Now  we  have  a  queue…   !   Splunk  is  a  collaboraLon  enabler  –  teams  works  together  in  a  new  ways   !   Security  put  the  ball  in  play,  business  is  now  our  driver     34  
  • 35. 35   How  to  engage  the  data  owners   !   EducaLon,  educaLon,  educaLon…   –  Help  with  geyng  the  data  in   –  How  to  create  basic  searches   –  How  to  create  dashboards   !   Appoint  local  Splunk  champions  for  each  area   !   Internal  Splunk  Newslewers   !   CompeLLons   !   Splunk  T-­‐Shirts!   35  
  • 36. 36   Security  is  not  the  bad  guys  anymore   Please  take  my  data!!!   36  
  • 37. Copyright  ©  2015  Splunk  Inc.   Key  takeaways   37  
  • 38. 38   Key  takeaways   !   EducaLon   –  Make  sure  you  educate  yourself  and  the  organizaLon   !   Use  Splunk  PS     !   Think  big  –  act  small   –  Make  sure  your  plan  and  architecture  allows  for  expansion   –  Don’t  try  to  do  all  use-­‐cases/data  sources  at  once   !   The  more  people  using  the  data  the  cheaper  it  becomes!   38