Razi Asaduddin presented on how ExxonMobil uses Splunk for various purposes including cyber security, network and application performance monitoring, and capacity planning. Some key points included how Splunk has allowed ExxonMobil to gain visibility and insights across data that was previously siloed, and how their use of Splunk has evolved from one-dimensional searches to multi-dimensional pivoting and visualization. Razi also shared best practices like starting with simple questions and gradually building complexity, as well as methods for policing Splunk usage within the organization.
2. 2
About ExxonMobil Corp
2
• Pretty Big - Fortune 1-ish
• ~50 Countries
• 80,000 Employees
• $32.5bn in earnings in 2013
• 2M Barrels per day
• 11.8bn cubic feet of natural gas
3. 3
About Me – Razi Asaduddin
Cyber Security Technical Advisor
– Monitoring, Process Design, Incident Handling, Threat
Assessment, Malware Reverse Engineering, Digital Forensics
Splunk Shared Service Team Lead
– Designed, Architected, Implemented, Coded, and
Administered Global Splunk Instance
– Responsible for Splunk service and strategy
– In-house consulting for prospective use cases
– Evangelizing, PoCs, modeling, and tool rationalization
Two-year Splunker and 2013 Revolution Award
nominee
• Contact: Razi.asaduddin@gmail.com
8. 8
How We Use Splunk
Cyber Security
Network
Performance
Application
Performance
Capacity PlanningCall Quality
Misconfiguration
Linux
Administration
9. 9
How We Use Splunk – Cyber Security
• Investigation and Incident Response
• Complex Correlation
• Proactive Alerting
• Auto-remediation
10. 10
How We Use Splunk – Performance
• Reduce Data to:
– OS + Application + Server + DB + Network + Endpoint Performance
• 10,000 foot view & 1-foot view
• Pivot
13. 13
Best Practices
Ask simple questions and build up
Double-check raw data
What data do we not have?
Splunk it!
Build a Splunk network
Alert on it or automate it
Policing