AWS utilises a shared security model where both AWS and the customer share responsibility for the security of data, applications and resources. As part of this model, it is critical that customers leverage services such as AWS CloudTrail, Config, and more. Attend this session to learn best practices on how to leverage these and other AWS services to gain end-to-end visibility and robust security on AWS. You will also hear how customers leverage third-party tools such as the Splunk App for AWS as critical elements of their security posture.
Speakers: Dan Miller, Cloud Sales Director, APAC, Splunk & Simon O'Brien, Senior Systems Engineer, Splunk
3. Big
Data
Comes
from
Machines
Volume | Velocity | Variety | Variability
GPS,
RFID,
Hypervisor,
Web
Servers,
Email,
Messaging,
Clickstreams,
Mobile,
Telephony,
IVR,
Databases,
Sensors,
Telematics,
Storage,
Servers,
Security
Devices,
Desktops
3
4. Building
a
Big
Data
Platform
HA
/
DR Admin Data
Security Apps SDKs/APIScale
Collect
Data
Index
Data
Enrich
Data
Search &
Explore
Analyze
&
Predict
Report
&
Visualize
Alert
&
Action
4
5. Fully
Integrated
Enterprise
Platform
HA
/
DR Admin Data
Security Apps SDKs/APIScale
Collect
Data
Index
Data
Enrich
Data
Search &
Explore
Analyze
&
Predict
Report
&
Visualize
Alert
&
Action
5
7. 7
Why
Splunk?
FAST TIME-‐TO-‐VALUE
ONE
PLATFORM,
MULTIPLE
USE
CASES
VISIBILITY
ACROSS
STACK,
NOT
JUST
SILOS
ASK
ANY
QUESTION
OF
DATA
ANY
DATA,
ANY
SOURCE
OR
DEPLOYMENT
MODEL
8. 8
Turning
Machine
Data
Into
Business
Value
Index
Untapped
Data:
Any
Source,
Type,
Volume
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call
Detail
Records
Smartphones
and
Devices
RFID
On-‐
Premises
Private
Cloud
Public
Cloud
Ask
Any
Question
Application
Delivery
Security,
Compliance
and
Fraud
IT
Operations
Business
Analytics
Industrial
Data
and
the
Internet
of
Things
9. IT
Operations
Application
Delivery
Developer
Platform
(REST
API,
SDKs)
Business
Analytics
Industrial
Data
and
Internet
of
Things
9
Delivers
Value
Across
IT
and
the
Business
Business
Analytics
Industrial
Data
and
Internet
of
Things
Security,
Compliance
and
Fraud
10. 10
Platform
for
Application
Delivery
and
IT
Operations
ROOT
CAUSE
AND ISSUE
RESOLUTION
PROACTIVE
MONITORING
AND
REAL-‐TIME
ALERTING
DELIVER
BETTER
QUALITY
CODE
FASTER
CLOUD
APP
AND
INFRASTRUCTURE
MONITORING
MOBILE
APP
TROUBLESHOOTING
USER
&
USAGE
ANALYTICS
11. Better
Code,
Faster
Development
and
Migration
to
Cloud
• Reduced
error
rates
by
2
orders
of
magnitude
in
a
couple
of
weeks
• Rapidly
found
and
fixed
one
line
of
code
responsible
for
30,000+
errors
• Real-‐time
dashboards
on
error
rates
and
production
impact
• In-‐depth
visibility
as
they
strategically
migrate
apps
to
AWS
Cloud
12. 12
Apps
for
Application
Delivery
and
IT
Ops
Splunk
Apps
for
VMware
and
Exchange
300+
IT
Ops
and
App
Delivery
Apps
*nix
Operational
Intelligence
for
Mobile
Apps
13. 13
Application
Delivery
&
IT
Ops
Landscape
API
SDKs UI
Server,
Storage,
Network
Server
Virtualization
Operating
Systems
Custom
Applications
Business
Applications
Cloud
Services
App
Performance
MonitoringTicketing/Other
Web
Intelligence
Mobile
Applications
Stream
14. 14
Splunk
App
for
AWS
EC2
EMR
Kinesis
R53
VPC
ELB
S3
CloudFront
CloudTrail
CloudWatch
Redshift
SNS
API Gateway
Config
RDS
CF
IAM
Lambda
Explore Analyze Dashboard Alert Act
AWS
Data
Sources
End
State:
Comprehensive
AWS
Visibility
15. Splunk
IT
Service
Intelligence
at
1
Replaced
home-‐
grown
tools
Real-‐time
service
insights to
LOBs
Reduced
time
to
resolution
16. Splunk
IT
Service
Intelligence
at
1
“Splunk IT
Service
Intelligence
was
delivering
insights
days
after
installing,
instead
of
the
months
it
can
take
legacy
monitoring
solutions.
Splunk ITSI
helps
us
ensure
that the
claims
service
stays
up
and
running at
all
times.”
-‐ Tyler
Germer,
director
of
information
technology,
AdvancedMD.
17. 17
Single
Platform
for
Security
Intelligence
SECURITY
&
COMPLIANCE
REPORTING
REAL-‐TIME
MONITORING
OF
KNOWN
THREATS
DETECT
UNKNOWN
THREATS
INCIDENT
INVESTIGATIONS
&
FORENSICS
FRAUD
DETECTION
INSIDER
THREAT
Splunk
Complements,
Replaces
and
Goes
Beyond
Existing
SIEMs
18. How
FINRA
Uses
Splunk
Cloud
for
Security
• Transforms
third-‐party
threat
intelligence
information
into
security
alerts
• Leverages
the
Splunk
App
for
AWS
• Efficient
provisioning
dramatically
reduces
costs
“Splunk
Cloud
gives
you
applications
which
let
you
get
huge
amounts
of
value
from
your
data.”
— Sr.
Director
of
Information
Security
20. 20
Extending
Splunk
for
Business
Analytics
Splunk
Software
Complements
Existing
BI
Solutions
CUSTOMER
EXPERIENCE
PRODUCT
ANALYTICS
BUSINESS
PROCESS
ANALYTICS
DIGITAL
MARKETING
21. Why
Domino’s
uses
Splunk
for
Application
Management
and
Business
Analytics
• Understand
device
and
app
usage
trends
for
orders
• Real-‐time
reNex insights
from
store
data
• Visibility
into
online
and
mobile
coupon
redemption
• Refine
Campaigns
for
higher
conversion
22. 22
Apps
&
Capabilities
for
Business
Analytics
Apps,
Features
&
Partners
• DB
Connect
• Stream
• ODBC
Driver
• Data
Models
• Pivot
23. IT
Operations
Security,
Compliance
and
Fraud
Application
Delivery
Developer
Platform
(REST
API,
SDKs)
Business
Analytics
Industrial
Data
and
Internet
of
Things
23
Delivers
Value
Across
IT
and
the
Business
24. 24
Splunk
for
Industrial
Data
&
the
Internet
of
Things
REMOTE
TROUBLESHOOTING
&
PREVENTIVE
MAINTENANCE
SECURITY
&
COMPLIANCE
DEVICE
USAGE
&
CUSTOMER
ANALYTICS
OPERATIONAL
EFFICIENCY
25. Saving
Customers
$Billions
on
Fuel,
Operations
• Improved
customer
operations
by
mining
large
volumes
of
unstructured
data
• Moved
from
monthly
batch
analysis
to
flexible
real-‐time
reporting
• Delivered
value-‐added
services
• Minimized
in-‐train
forces
• Optimized
operational
efficiency
“Thanks
to
Splunk,
our
systems
allow
our
customers
to
provide
engineers
with
real-‐time
feedback
and
use
operational
insight
to
achieve
optimal
runs
every
time.”
— Director
of
Engineering,
Train
Dynamic
Systems
(a
division
of
NYAB)
26. Apps
&
Capabilities
for
Industrial
Data
&
Internet
of
Things
• DBConnect
• REST
API
and
SNMP
Modular
Inputs
• Universal
Forwarder
for
Raspberry
Pi
Apps,
Features
&
Partners
REST
26
40. Why We
Chose
Splunk Industry Standard
What’s the MVP / MVE for our team?
At what cost?
Partner vs Buy
Buy from someone you know; not just a
single transaction.
Build vs Buy
Onboarding and Interoperability are
key.
53. Splunk
Offerings
in
AWS
• Splunk
App
for
AWS:
Integrates
w/CloudTrail,
Config
and
Billing,
VPC
Flow
Logs
Integrations• Self-‐managed
cloud
deployments
• Self-‐deploy
in
AWS
• Integrated
with
EMR
• Search
data
in
S3
• Hourly
pricing
Self-‐managed
• Cloud
service
designed
for
small
IT
environments
• $90
a
month
• Splunk
Enterprise
as
a
service
• Full
app,
SDK,
API,
platform
support
Cloud-‐service
54. AWS
Architecture
Diagram
Amazon
Instances
Amazon
Logging
Layer
Amazon
Messaging
Amazon
Storage
/
Queues
Splunk
Collects
the
data
from
the
AWS
SQS
and
the
S3
bucket
using
the
AWS
SDK
for
python
(Boto3).
S3 Bucket
AWS ConfigAWS CloudTrail
AWS CloudWatch
AWS SQS
AWS SNSSNS Topic
AWS Instance
with CloudWatch
VPC Flow
Logs
55. Requirements
For
Splunk
App
For
AWS
• Splunk
• Splunk
6.1
or
later
• Splunk
Add-‐on
for
Amazon
Web
Services
• Splunk
Add-‐on
for
Amazon
Web
Services
+1.1.0
required
for
AWS
Config
• AWS
• AWS
CloudTrail:
Enable
CloudTrail
with
SQS
and
SNS.
• AWS
Config:
Enable
Config
with
SQS
and
SNS.
• Billing:
Refer
to
the
AWS
documentation
to
turn
on
AWS
detailed
billing.
• VPC
Flow
Logs:
Enable
VPC
Flow
log
collection.
56. Install
the
Splunk
Add-‐on
for
AWS
1.
Configure
your
AWS
accounts
and
services,
or
confirm
your
existing
configurations.
2.
Configure
your
AWS
account
permissions
to
match
those
required
by
the
add-‐on.
3.
Install
the
add-‐on.
4.
Set
up
the
add-‐on
on
your
forwarders
or
single
instance.
5.
Configure
your
inputs
to
get
your
AWS
data
into
Splunk Enterprise.
6.
This
is
all
very
well
documented
at
docs.splunk.com
58. Splunk
Architecture
• Distributed
Splunk
Deployment
Single
Splunk
Deployment
Splunk'server
Indexer
Heavy+Weight+
Forwarder
Splunk+search
IndexerIndexer
Splunk
Add-‐
on
for
AWS
installed
on
Heavy
Weight
Forwarder
Splunk
App
for
AWS
installed
on
all-‐in-‐one
Splunk
server