Security requires visibility: Transform data into AWS security insights

As I speak with customers about their plans to leverage cloud, there is one question I hear more often than not – “How can I migrate to cloud without losing end-to-end visibility across my infrastructure?”

There’s good reason for this question. After all:

  • You can’t secure what you can’t see
  • You can’t operate what you can’t see
  • You can’t manage what you can’t see
  • You can’t optimize cost for what you can’t see

Recently, I had the pleasure of speaking on a webinar together with AWS and our joint customer, EnerNOC, on how organizations can gain full visibility of their cloud or hybrid environment.

  • AWS spoke about their shared responsibility model, and the various services (CloudTrail, Config, VPC Flow Logs,
» Continue reading

DevOps, Analytics and Mental Health: Notes from DevOpsDays Vancouver

IMG_45431Going back to Canada is always a pleasant experience for me. And when you visit Vancouver in April, it is easy to be mesmerized by this city’s majestic beauty. It includes the snow-covered mountain peaks, cherry trees in full bloom and crisp, clean air. And it is in sponsoring DevOpsDays Vancouver that brought us to this beautiful place.

Mining Machine Data for App Delivery

In my Ignite talk, I shared how using analytics for real-time insights into app delivery could help organizations have a measurable business impact. Mining machine data can help DevOps practitioners improve the velocity and quality of their applications across the entire build pipeline.

Gender in Organizations

In her captivating …

» Continue reading

Splunk Light – Laguna College of Art and Design’s Log Masterpiece

LCAD_Logo_2008When I say “log masterpiece” I am not talking about totem poles although you might be surprised at how they factor into this story. Actually what I’m talking about is what you can do when you use the right tools to manage all of your logs, especially when you have a very small IT team. But humor me for a minute and let me to go back to totem poles to give a little relevant history. According to Wikipedia, “The word totem derives from the Algonquian (most likely Ojibwe) word odoodem , ‘his kinship group’.” In many respects an IT group, especially a small one, is a form of kinship (AKA, family or, more aptly, clan). The IT infrastructure support …

» Continue reading

Accenture and Splunk Form Alliance to Deliver Transformative Business Solutions

Accenture-logoStrategic companies know that they can improve business outcomes by mining the vast amounts of application and operational data from back-end systems, call centers, web traffic and more. Today we announced a new partnership between leading global systems integrator Accenture and Splunk that integrates Splunk products and cloud services into Accenture’s application services, security and digital offerings. The alliance between Accenture and Splunk will enable customers to mine and analyze machine data and identify trends and opportunities that were previously difficult to detect.

Accenture is integrating Splunk’s platform for Operational Intelligence, including Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security, Splunk User Behavior Analytics and Splunk IT Service Intelligence, into its world-class application and security service offerings.

Accenture Technology Services has …

» Continue reading

Splunk is a force for good

Alaska-StateSeal.svgThe increasing sophistication and velocity of cyber threats has made cyber defense a top priority. Nowhere is this pressure more acute than with local and state governments. However, until recently, budget constraints and a lack of cybersecurity resources have traditionally proven a problem. Here is how the state of Alaska is using innovative ways to deal with the challenge:

The State of Alaska is facing a $3.8B shortfall due to declining oil prices, a fundamental driver of the State’s revenue. Not only are increasing cyber threats a problem, Chris Letterman, the State CISO, and his team also have to ensure that the executive agencies meet several mandates. Certain that he would not be able to hire additional personnel, he focused …

» Continue reading

Women in Technology: Meet Synchrony’s Jennifer Middleton

Jennifer Middleton Splunk Operations Manager Synchrony Financial

Jennifer Middleton
Splunk Operations Manager
Synchrony Financial

On the heels of Women’s History Month, it’s a great time to honor women’s contributions and launch our Women in Technology (#SplunkWiT) Q&A blog post series. I’m excited for our inaugural post, which features my conversation with Jennifer Middleton, Splunk Operations Manager at Synchrony Financial and a valued Splunk customer.

Middleton attended a Splunk Women In Technology panel at .conf2015, which included women leaders and Splunk customers from Comcast and Zappos. When we heard Middleton’s question to the panelists regarding women supporting other women, we knew we wanted to stay in touch.

Tell us about your background and how you got into technology.
I sat down at a computer for …

» Continue reading

Creating a Splunk Javascript View

Once of the best things about Splunk is the ability to customize it. Splunk allows you to make your own Javascript views without imposing many limitations on you. This means you make apps that includes things such as:

  • Custom editors or management interfaces (e.g. lookup editing, slide-show creation)
  • Custom visualizations (though modular visualizations are likely what you will want to use from now on)
  • etc.

That said, getting started on creating a Splunk Javascript view can appear a little daunting at first. It really isn’t that hard though. Keep reading and I’ll explain how to do it.

Parts of a Splunk Javascript View

Before we get started, lets outline the basic parts of a custom Javascript view:

Component Path Example Description
Javascript
» Continue reading

.conf2015 Highlight Series: City of LA and Splunk Cloud as a SIEM for Award-Winning Cybersecurity Collaboration

Registration and call for papers is now open for Splunk .conf2016. We can’t wait to host you all at the Walt Disney World Swan and Dolphin Resorts in Orlando, Florida; September 26-29, 2016.
 
 
LACitySealColorDuring last year’s Splunk .conf2015 we were lucky to have Timothy Lee, the CISO of the City of Los Angeles, share his case study for why his department chose Splunk Cloud as a SIEM for one of their cybersecurity initiatives and how it is used. Though we’re summarizing his key points in this post, you can get the complete picture by checking out a recording of Tim’s presentation, and access to his slides, at the bottom of this post.

Screen Shot 2015-11-20 at 10.04.33 AM

The Scenario

Tim began …

» Continue reading

Smart AnSwerS #60

Hey there community and welcome to the 60th installment of Smart AnSwerS.

Hot off the press! The next SplunkTrust Virtual .conf Session has been scheduled for next Thursday, April 28th, 2016 @ 9:00AM PST. Duane Waddle and George Starcher will be giving their popular talk “Avoid the SSLippery Slope of Default SSL”, which has been used and referenced far and wide among the Splunk community in the past couple years. See what the hype is all about by visiting the Meetup page to RSVP and find the WebEx link to join us next week!

Check out this week’s featured Splunk Answers posts:

How to put an expiration date on a set of saved searches or alerts

» Continue reading

When entropy meets Shannon

This is the third post on URL analysis, please have a look at the two other posts for more context about what can be done with Splunk to analyze URLs:

You will find in this article information on how one can detect DNS tunnels. While you can find lots of very useful apps on Splunkbase to help you analyze DNS data, it is always good for curious individuals to discover some techniques being used underneath.

A lot of captive portals are bypassed everyday by anyone able to run a DNS request, if someone can run on their machine the following command:

$ host splunk.com
splunk.com has address 54.69.58.243
...

Without being authenticated …

» Continue reading