Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (20)
Similaire à SplunkLive! Paris 2016 - Plenary session
Similaire à SplunkLive! Paris 2016 - Plenary session (20)
Plus de Splunk
Plus de Splunk (20)
Dernier
Dernier (20)
SplunkLive! Paris 2016 - Plenary session
- 1. Name: SplunkLiveParis16 - public Access Code: listen2yourdata #SplunkLiveParis
- 2. 2
- 3. 2
- 5. Merci à nos Sponsors Giga Sponsors Mega Sponsors
- 8. Est-ce votre premier SplunkLive?
- 9. Etes-vous déjà utilisateur de Splunk ?
- 10. Spelunking: Splunking: to explore underground caves to explore machine data
- 12. DIGITAL REVOLUTION UNDER-PINNED BY DATA Music Shopping Phone Car Banking Healthcare GovernmentWeb Hotel
- 13. 13 MACHINE DATA time series, in motion, unstructured
- 14. Votre donnée machine est… BROUILLONNE PARESSEUSE
- 15. 15 Les données connues et utilisées Les données disponibles inconnues ou pas utilisées
- 16. 16 Splunk Company Overview 16 Company • Global HQs: San Francisco London Hong Kong • 2,000+ employees globally • Annual Revenue: $669M (YoY +48%) • NASDAQ: SPLK Products • Free trial to massive scale • Splunk products: Splunk Enterprise Splunk Cloud Hunk Splunk Light Splunk MINT Premium Solutions Customers • 11,000+ customers • Across 110 countries • Small to large organizations • More than 85 of the Fortune 100 • Largest license: 1.2 Petabyte/day
- 17. Technology Telecommunications Travel and Leisure Education Healthcare Energy and Utilities Manufacturing Financial Services and Insurance Media Proven at 11,000+ Customers in 110 Countries 85 of the Fortune 100 Retail Cloud and Online Services Government
- 19. Dev.splunk.com65,000+ questions and answers Over 1000 Apps Local User Groups and SplunkLive! events Thriving Community
- 20. Free Cloud Trial Free Software Download Free Enterprise Security IT Service Intelligence Sandbox Easy to Try and Get Started 1 32
- 22. SEPT 26-29, 2016 WALT DISNEY WORLD, ORLANDO SWAN AND DOLPHIN RESORTS • 5000+ IT & Business Professionals • 3 days of technical content • 165+ sessions • 80+ Customer Speakers • 35+ Apps in Splunk Apps Showcase • 75+ Technology Partners • 1:1 networking: Ask The Experts and Security Experts, Birds of a Feather and Chalk Talks • NEW hands-on labs! • Expanded show floor, Dashboards Control Room & Clinic, and MORE! The 7th Annual Splunk Worldwide Users’ Conference PLUS Splunk University • Three days: Sept 24-26, 2016 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP • Save thousands on Splunk education!
- 23. 23 Haiyan SONG Senior Vice President, Products & Security Market #SplunkLiveParis DRIVING OPERATIONAL INTELLIGENCE
- 24. CLOUD AND HYBRID IT SOFTWARE-DEFINED DATACENTERS CONTINUOUS APP DELIVERY ANALYTICS-DRIVEN SECURITY INTERNET OF THINGS
- 25. IoT WORKLOADS Blurring the Lines Between Digital & Physical Security Ops Center Business Ops Center IT Ops Center CLOUD WORKLOADS ENTERPRISE IT WORKLOADS ADVANCED ANALYTICS FAST TIME TO VALUE DATA INGEST AT SCALE
- 26. Make machine data accessible, usable and valuable to everyone.
- 27. DE FACTO FABRIC FOR MACHINE DATA
- 28. 28 Operational Intelligence Adoption Reactive Proactive 2. Monitoring & Alerting 1. Search & Investigate 3. Operational Visibility 4. Real-time Insight
- 29. Why Splunk? FAST TIME-TO-VALUE CLOUD, ON-PREMISE & HYBRID DEPLOYMENT VISIBILITY ACROSS STACK, NOT JUST SILOS ONE PLATFORM, MULTIPLE USE CASES ANY DATA, ANY SOURCE, ASK ANY QUESTION
- 30. Disruptive Approach to Unstructured Data Structured RDBMS SQL Search Schema at Write Schema at Read Traditional Splunk ETL Universal Indexing 30 Volume Velocity Variety Unstructured
- 31. Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things
- 32. Proven Customer Value Across Use Cases & Industries Increased revenues from higher uptime Savings from fraud prevention Revenues from faster product launch Optimizing fuel use with sensor data Reduction in SLA payouts Value from preventing APTs $11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0 + B $11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0+ B Oil & Gas Services Telecom Provider TransportationFinancial Services High Tech Manufacturing Online Services 32
- 33. Platform for Machine Data Application Delivery Security, Compliance and Fraud Business Analytics Internet of Things and Industrial Data IT Operations
- 34. 34 Platform for Application Delivery and IT Operations ROOT CAUSE AND ISSUE RESOLUTION PROACTIVE MONITORING AND REAL-TIME ALERTING DELIVER BETTER QUALITY CODE FASTER CLOUD APP AND INFRASTRUCTURE MONITORING MOBILE APP TROUBLESHOOTING USER & USAGE ANALYTICS
- 35. Splunk a leader in IT Operations Analytics Splunk Named Worldwide IT Operations Analytics Software Market Share Leader in New Report
- 36. How Vodafone Deliver End-to-end Insight Using Splunk ITSI Glass table visualizations enable rapid and proactive issue resolution Custom KPIs empower teams across the business, operations & security Actionable service insights in two days, not months
- 37. 37 Single Platform for Security Intelligence SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS DETECT UNKNOWN THREATS INCIDENT INVESTIGATIONS & FORENSICS FRAUD DETECTION INSIDER THREAT Splunk Complements, Replaces and Goes Beyond Existing SIEMs
- 38. Protective monitoring of cyber security attacks on customer accounts Operational Intelligence across security and DevOps Security analytics and data visualization How BSkyB Uses Splunk To Protect Its Customers
- 39. Platform for Operational Intelligence The Splunk Portfolio 1000+ Apps and Add-Ons Splunk Premium Solutions Mainframe Data Relational Databases MobileForwarders Syslog/TCP IoT Devices Network Wire Data Hadoop
- 40. Fully Integrated Enterprise Platform HA / DR Admin Data Security Apps SDKs/APIScale Collect Data Index Data Enrich Data Search & Explore Analyze & Predict Report & Visualize Alert & Action 40
- 41. Cloud Is a Journey and Splunk Is Your Partner Instant Secure Reliable 100% Uptime SLA Hybrid
- 42. Security Operations IT Operations Business Operations With Splunk, Your Enterprise Data Platform 42
- 43. With Splunk, Your Enterprise Data Platform SAME DATAOf the Asking Different QUESTIONS Different PEOPLE 43
- 45. What We Hear From Our Customers! “My CIO is demanding we look at IT from a business service perspective.” “Splunk is great for break-fix, but I need to show we’re meeting SLAs.” “I need everyone to be able to see the same thing at the same time.” “I just want to throw data at Splunk and have it find problems for me.” “Show me what my data can do for me!”
- 46. Data-driven service insights for root-cause isolation and improved service operations INTRODUCING
- 47. Splunk IT Service Intelligence
- 48. Let’s remind everyone what a Service is Payroll E-Commerce Site CRM DHCP Service Desk DNS Middleware Service LDAP A Service is a logical group of technology components that a user deems need to be monitored together
- 49. Platform for Machine Data Splunk IT Service Intelligence Data-Driven Service Monitoring and Analytics At-a-Glance Problem Analysis Early Warning on Deviations Dynamic Service Models Seamless Workflow Integrations
- 50. 50 How Do You Try It? SPLUNK.COM/ITSI Free Sandbox. On Splunk Cloud.
- 51. Merci
- 52. Platform for Machine Data Application Delivery IT Operations Security, Compliance and Fraud Business Analytics Internet of Things and Industrial Data Security, Compliance and Fraud
- 54. Splunk Security Intelligence Security and Compliance Reporting Monitor and Detect Known/ Unknown Threats Fraud Detection Insider Threat Incident Investigations and Forensics Security Analytics
- 55. 2015 55 Splunk Enterprise Security *Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The only vendor in 2015 to improve its visionary position 2015: LEADER 2014: Leader 2013: Leader 2012: Challenger 2011: Niche Player Ascending the Gartner SIEM Magic Quadrant*
- 56. New Approach to Security Needed Traditional Methods New Requirements Data reduction Data completeness & coverage Event correlation Multiple, dynamic relationships Detect attacks Detect & respond to attack lifecycle Needle in a haystack Hay in haystack Power user All users Severity based Risk-based 56 Event based … and time, user, phase, more…
- 57. Evolving Roles for Security Operations Traditional New Requirements 57 Situational awareness Analysis & rapid response Operation / Monitoring Center Nerve Center / Command Center
- 58. Analytics-driven Security Risk- Based Context and Intelligence Connecting Data and People 58
- 59. 5 THE OVERALL SOLUTION Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom Applications Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID Real-Time Machine Data DEVELOPER PLATFORMREPORT & ANALYZE CUSTOM DASHBOARDSMONITOR & ALERTAD HOC SEARCH MACHINE LEARNING BEHAVIOR ANALYTICS ANOMALY DETECTION THREAT DETECTION SECURITY ANALYTICS UBA
- 60. Premium Security Solutions Extensible Analytics & Collaboration Enable Rapid Investigations Automated Analysis & Machine Learning SPLUNK ENTERPRISE SECURITY SPLUNK USER BEHAVIOR ANALYTICS
- 61. ADVANCED CYBER ATTACKS SPLUNK UBA detects & INSIDER THREATS with BEHAVIORAL THREAT DETECTION
- 62. MULTI-ENTITY FOCUSED User App Systems (VMs, Hosts) Network Data
- 64. Security Intelligence Use Cases SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS DETECTING UNKNOWN THREATS INCIDENT INVESTIGATIONS & FORENSICS FRAUD DETECTION INSIDER THREAT Complement, replace and go beyond traditional SIEMs 64
- 65. Merci
- 66. 66 Romain TESTU Stéphane LAPIE Sales Engineer #SplunkLiveParis16 BUSINESS ANALYTICS AND IOT
- 67. Machinedataisacriticalsourceofinsight… “By 2017, over 50% of analytics implementations will make use of event data streams generated from instrumented machines, applications and/or individuals.”
- 68. Run the Business in Real-time Data From the Past Real-time Data Statistical Forecast T – a few days T + a few days Security Operations Center - SOC Network Operations Center - NOC Business Operations Center - BOC Predictive (Models) Descriptive (BI Tools, Data Lakes) On the Fly
- 69. CUSTOMER EXPERIENCE ANALYTICS PRODUCT ANALYTICS DIGITAL MARKETING BUSINESS PROCESS ANALYTICS Customer Use Cases for Business Analytics
- 70. 70 How Gatwick Airport Ensures Better Passenger Experience With Splunk Cloud On-time efficiency & dramatic queue reduction with 925 flights per day Real-time, predictive airfield analytics deliver on mobile app & Apple watch Data from airport gates, board pass scans, x-ray, travel, passenger flow
- 73. CUSTOMER EXPERIENCE ANALYTICS PRODUCT ANALYTICS DIGITAL MARKETING BUSINESS PROCESS ANALYTICS Customer Use Cases for Business Analytics + Internet of things
- 74. Data-Driven Refreshment Aggregate machine data from freestyle machines Insights into customer interactions and decisions Reduced Downtime and Increased Consumer Satisfaction Vending machine performance and diagnostics
Notes de l'éditeur
- Simon [PLICPLOC] Avec plus de 1500metre de profondeur, le gouffre de la pierre saint martin dans les pyrennees est l’un des plus grand gouffre d’europe, c'est un complexe de plus de 2000 galeries, qui s’etend sur 140km2, soit 1,5* la ville de paris. [FIN DU PLICPLOC]
- Simon [BRUIT de clef] autant dire que c’est le pire endroit du monde ou perdre ses clefs. Serieusement, Que feriez vous ? Vous pensez que je ferai marche arriere pour les chercher ? Bonne chance! si on calcule rapidement, ca vous prendrait environ WOW, disons… 12 semaines de marche, a raison de 16h de marche par jour, pour parcourir les 2000 galeries revenir sur ces millions de pas.. Ca ne sera pas une recherche plaisante croyez moi. Mettons maintenant ceci en perspective. Si vous pensez que cette grotte est grande et qu’il est impossible d’y retrouver quelque chose, imaginez un splunker indexant 100g de donnée par jours, il genere 400 millions d'evenements quotidiennement. Si on l’imprimai en arial 10, ce qui est tout a fait illisible, ce sera 2000 km de texte. Comment trouveriez vous quoi que ce soit la dedans ? Si vous n’etes pas utilisateur de SPlunk, ou que nous sommes en 2004, la reponse est : vous souffrez N’oubliez pas ce que vous devez faire : logguez vous sur chaque machine individuellement, copiez le fichier de logs. utilisez la ligne de coammande, rechercher avec votre outil de recherche en CLI. Ne pas trouver ce que vous cherchez. Le refaire Ne pas trouver ce que vous cherchez. Le refaire ... en avez vous deja marre? on est qu’a la 2eme et vous n’avez toujours trouvé ce que vous cherchez, vous n’avez pas resolu votre probleme, vous ne pouvez toujours pas rentrer chez vous C’est pour cette raison que nos fondateurs ont creer cette societe. car ils se battaient et echouaient a trouver ce qu’ils cherchaient dans une quantité de donnée toujours plus importantes et variée chez les geants du web que vous connaissez. ils essayeaint de trouver ce que l’on attend pas, et c’etait comme, selon leur propre mot : explorer une grotte toujours plus profonde cherchant quelque chose que vous ne connaissez pas ils cherchaient comme des speleologues dans la donnée, spelunking, en anglais il ont vite modifié l’expression disgracieuse Spelunking par un terme plus sexy. Et ils ont allumé la lumiere.
- Voix off qui accueille Eric
- ERIC Bienvenue à la 6e édition de SplunkLive! Paris, avant de commencer je tenais à remercier nos sponsors, Recorded Future, Cisco, EMC, Sbox F5 et Eview. Chacun d’entre eux est un partenaire technologique avec lequel nous développons des applications. N’hésitez pas a aller les rencontrer lors des pauses de la journée dans l’espace exposition.
- Eric Maintenant que vous avez tous le wifi je vais vous demander d’entrer dans vos navigateurs de smartphone l’url suivant. Ensuite entrez vos noms et villes
- Eric Entrez les informations demandées
- Eric 2 petites questions pour commencer : Combien d’entre vous participe à leur 1e SplunkLive ?
- Eric OK très bien, et maintenant combien d’entre vous sont déjà utilisateurs Splunk?
- Eric Comme vous l’a déjà indiqué Simon en introduction Splunk vient de Spelunking….
- Digital Revolution Splunk in middle of this revolution Foundational technology for digital universe Need graphic here for data
- Eric
- le probleme c’est qu’on en utilise une infime partie. Pour de nombreuses raisons et parmi elles, des raisons internes, liees a nos organisations par departement ou par silo. Combien de fois vous etes vous vu refuser l’acces a des donnees sous couvert de c’est pas a toi c’est a moi. Ca appartient a mon service.
- Eric
- ERIC More than 11,000 customers in 110 countries have purchased the enterprise license of Splunk. This includes a majority of the Fortune 100. Enterprises, service providers and government agencies in 100 countries use Splunk to improve service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility. As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.
- Eric Splunk ce n’est pas uniquement une entreprise ou une plateforme de collecte de données machine c’est aussi et surtout une communauté Je vous explique
- Eric Il existe plus de 1000 apps, un site qui repertorie plus de 65 000 questions et réponses, mais aussi de nombreux événements locaux tels que SplunkLive, mais aussi une très importante communauté de développeurs.
- Eric Ce qui est génial avec Splunk c’est que c’est extremement facile a essayer, installer et a déployer. Il y a de nombreuses options qui s’offrent à vous : Vous pouvez tester la version cloud gratuite, télécharger le logiciel gratuit. Des instances de démo d’Enterprise Security et IT Service Intelligence sont disponibles dans le Cloud
- Eric
- ERIC We’re headed to the East Coast! 2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics! 165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE! 30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you! Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers. Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja! REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!
- Haiyan Good morning everyone and welcome to SplunkLive! I couldn’t be more excited to be here with all of you today.
- Haiyan These are exciting times. We are living in a world that is: - Mobile and connected – with traditional boundaries expanding into the cloud - With new software-defined data centers – creates significant advantages while also creating new challenges in identifying and solving bottlenecks - And applications that are being delivered continuously, with some organizations releasing new code multiple times per day. - We also see a new analytics-driven approach – because simply monitoring of traditional security events just doesn’t cut it anymore - And an explosion of the Internet of Things – which could change entire industries - As a result of these mega-trends, machine data has become one of the fastest growing and most complex areas of big data. - if harnessed properly, it can drive innovation, - help to deliver, manage, and secure mission-critical services, - and enable companies and government agencies to better understand their customers. We just have to listen to the data.
- Most companies will have some form of IT Operations Centre, a Security Operations Centre and Business Operations capability. These are faced with the challenge of workloads from traditional on-premise workloads, cloud workload and new types of workload from IoT Most organizations are trying to ingest and manage lots of data, at speed They are trying to make it available to the right people in the form of analytics They are also trying to find the value from this data
- That’s where we come in. Spunk’s mission is to make machine data accessible, usable, and valuable to everyone.
- Our goal is to help organizations find the value in that data and become the fabric for machine data
- If organizations don’t analyze data available to them, their competition will and they will separate themselves! Think about it, 20 years ago, you may have thought a website was optional. Organizations use Splunk products to gain fast visibility and insights from their machine data to: 1. Find and fix problems dramatically faster, investigate incidents and attacks 2. Automatically monitor to identify issues, problems and attacks 3. Gain end-to-end visibility to track and deliver on IT KPIs and make better-informed IT decisions 4. Gain real-time insight from operational data to make better-informed business decisions
- Fast Time-To-Value – Splunk can be downloaded and installed in minutes. If that’s not fast enough you can get a cloud instance in seconds. Any Data – Splunk can ingest data from any machine data source. It’s not application, vendor, or hardware specific. Ask any question – It’s impossible to know all the questions you will ask of your data. Often answering one question leads to another. The schema-on-the-fly approach allows you to ask any question of your data. Visibility across stack – Because you can ingest this data from any source you can quickly gain visibility across all of them. One Platform – This is more than log aggregation and search software. Let me show you. Choose Splunk as a SaaS offering, on-premise or hybrid. You get one universal view of your data.
- Traditionally, machine data was generated and part of the data would be stored in a specific, pre-defined way. This creates limits in the questions that can be asked of the data. Splunk takes a disruptive approach by storing the data in it’s raw, original format, and creates a schema at the last possible moment; when the question is asked. Because of this, there are no limits to the questions that can be asked of the data. Speaking of no limits… No limits on where you can collect it from No limits on the formats of data And no limits on scale Some customers are indexing 100’s of TB per day, searching across thousands of types of data all in different formats.
- Splunk products are being used for data volumes ranging from gigabytes to hundreds of terabytes per day. Splunk software and cloud services reliably collects and indexes machine data, from a single source to tens of thousands of sources. All in real time. Once data is in Splunk Enterprise, you can search, analyze, report on and share insights form your data. The Splunk Enterprise platform is optimized for real-time, low-latency and interactivity, making it easy to explore, analyze and visualize your data. This is described as Operational Intelligence. The insights gained from machine data support a number of use cases and can drive value across your organization. [In North America] Splunk Cloud is available in North America and offers Splunk Enterprise as a cloud-based service – essentially empowering you with Operational Intelligence without any operational effort.
- Splunk customers are realizing tremendous value across multiple industries and use cases. From Fortune 100 to small shops, enterprises, service providers and government agencies are improving service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility. As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.
- We continue to invest to make Splunk the leading platform for machine data. We’re continuing to invest in both Splunk Enterprise as software, as well as our SaaS offering, Splunk Cloud. Splunk uniquely supports organizations that are running operations on premises, in the cloud or in a hybrid environment. We’re also investing heavily in solutions that make it easy for you to meet your goals across IT Operations, App delivery, Security, Fraud, Compliance; business analytics and industrial data. These five use cases explain and illustrate how most people use their machine data and Splunk
- With Splunk software and cloud services, you can quickly identify and pinpoint code-level issues at any stage of the development and release process. You can find and fix bugs quickly so you can ship product faster, gain insights into application usage and user behavior and get real time, mission-critical visibility into every step, system and process involved in building, testing and shipping new products to your customers. Splunk’s universal machine data platform empowers you to consolidate all information within a unified console to find the root-cause of issues, proactively manage events and incidents and reduce resolution times. You can quickly create alerts to proactively monitor your distributed infrastructure and complex applications/services. With Splunk MINT, our Mobile Intelligence solution, we’re now extending Operational Intelligence to Mobile Applications. With Splunk MINT, you are enabled to deliver reliable, better performing mobile apps with end-to-end visibility across mobile applications and their supporting application infrastructure. You can combine and correlate mobile app data with data from other channels such as web or desktop to gain cross-channel user and usage analytics with the Splunk platform. We have many apps that monitor cloud applications. The Splunk App for Stream enables the capture of real-time streaming wire data, across distributed infrastructures including private, public and hybrid Clouds. This enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business.
- Splunk was recently voted industry leader in ITOA by leading analyst company IDC
- Industry: Telco Use case: IT Ops, ITSI More can be found at: http://www.splunk.com/view/splunk-at-vodafone/SP-CAAAPA3
- Splunk is a Security Intelligence Platform and we can address a number of security use cases. We’re more flexible than a SIEM and can be used for non-security use cases. Splunk software can complement or replace existing SIEM deployments, while also addressing more complex security use cases, such as supporting fraud detection and finding insider threats.
- Industry: Media Use case: Security, DevOps More can be found at: http://diginomica.com/2014/10/09/bskyb-bolsters-customer-id-login-security-splunk/#.Vh-14xCrRTY
- Data from any source – we’re focusing on increasing the types of data you can bring into Splunk – mainframe, network, cloud, sensor, mobile data etc Available to visualize, analyze report Specialized content to deliver on specific use cases and find value from data faster The Splunk platform consists of multiple products and deployment models to fit your needs. Splunk Enterprise – for on-premise deployment Splunk Cloud – Fully managed service with 100% SLA and all the capabilities of Splunk Enterprise…in the Cloud Splunk Light – allows smaller IT organizations to get started with Splunk – on premise or in the cloud Hunk – for analytics on data in Hadoop Apps and add-ns from Splunk and our community extend and simplify deployments by providing pre-packaged content designed for specific use cases and data types. And premium solutions from Splunk apply real-time intelligence and rich, domain-specific functions to manage your security posture, IT operations and more.
- Splunk provides an open, fully integrated platform. That means you can collect, index, analyze, report and predict on machine-generated data from a single product. It’s enterprise-ready with high availability and disaster recovery features, role-based access control and scales to index hundreds of terabytes per day. It’s an open platform with over 1000 Splunk Apps available and allows for custom development.
- And, we give you access to that data, anywhere you want it. Your Choice: Splunk Cloud, On Prem or Hybrid We know one of your primary initiatives is Cloud First. Ours is too, so that we can offer you a flexible delivery model that gives you a choice. On premise, in the cloud or both. And you truly can have both because Splunk offers hybrid search, so you still have one view across all of your data whether it resides on prem or in the cloud.
- Matt By giving different people the ability to ask different questions of the Same data, when they need to, we’re helping customers across all of our core use cases move from reactive to proactive.
- Matt By giving different people the ability to ask different questions of the Same data, when they need to, we’re helping customers across all of our core use cases move from reactive to proactive.
- Fin Adrien Eric remonte sur scène Merci Adrien Shake Eric présente Cyril de Generali Je sais que chez vous ca n’arrive jamais des applications lentes, Des gens qui se plaignent a la machine a café, Cyril va vous expliquer comment gerer
- Voix off présente Haiyan Haiyan on Stage We're focusing on security.
- Haiyan I want to draw your attention to 3 key areas that you said, are top of mind for you! You said… You want Splunk to do more to: Enable Rapid Investigation and Incident Response You’ve asked us to develop new analytics for emerging challenges like user behavior analysis And you want us to help you address Insider Threats
- Haiyan Enterprise Security - Our rapid ascent reflects the customer traction we have and value we deliver to customers – with thousands of security customers and 40% year-over-year growth, we are the fastest growing SIEM vendor in the market. 2011 was our first time in the MQ; In 2 short years we raced up to the top quadrant in the MQ.
- Splunk can ingest any type of machine data, from any source in real time. These are listed here on the left and are flowing into Splunk for indexing. Once indexed, users can perform the use cases on the top right on the data. They can search through the data, monitor the data and be alerted in real-time if scheduled search parameters are met. The raw data can be aggregated in seconds for custom reports and dashboards. Also Splunk is a platform that developers can build on. It uses a well documented Rest API and several SDKs so developers and external; applications can directly access and act on the data within Splunk. Also, besides indexing raw data into its flat file data store, Splunk can also retrieve and index data that resides in other data stores such as a SQL database or Hadoop. Splunk can easily ingest external data to enrich existing data Splunk has indexed to increase accuracy and reduce false positives. This external could come from a wide range of sources outlined on this slide. It includes employee information from AD, asset information from a CMDB, blacklists of bad external IPs from 3rd-party threat intelligence feeds, IP ranges of critical internal networks (like a PCI-related credit cardholder environment). Correlation searches can include this external content. So for example Splunk can alert you if a low-level employee accesses a file share with critical data, but not if the file share has harmless data. Or Splunk can alert you if a user name is used specifically for an employee who no longer works for your organization. These are especially high-risk events.
- Haiyan Imagine sitting in your own Security operation center Using the Investigator Timeline and Journal Seamlessly utilizing User Behavior Analytics And as a result - disrupting breaches!
- Find RATs. ….
- Eric remonte sur scène pour remercie Pierre Kirchner et introduire Romain et Stephane
- Romain Good morning everyone and welcome to SplunkLive! I couldn’t be more excited to be here with all of you today.
- Notre mission … Données machines = Notre terrain de jeu favori Vous tous, que vous soyez .. Devez être prêts pour cette transformation car la concurrence n’attendra pas Aujourd’hui, en 2016, beaucoup de décideurs n’ont pas les ressources nécessaires … Aujourd’hui, les canaux de vente se diversifient …. Le marché évolue, nos clients nous font confiance pour les accompagner dans cette transformation. C’est ce que fait Domino’s Pizza
- SOC / NOC BOC = nouveau concept Toute l’efficacité du BOC réside dans le lien qu’on est capable de faire avec le NOC … Bref, on casse les silos. Histoire de comprendre un peu mieux notre positionnement … C’est notre terrain de jeu habituel … Par ailleurs, nous nous concentrons sur les données machines … Bien entendu, nous pouvons conserver les données … Enfin, nous embarquons des modèles prédictifs…. NOC: est un service chargé du contrôle des transactions, de la surveillance des incidents, de la charge d'un réseau local ou interconnecté
- Business Process Analytics – Vue bout en bout des process metiers. On se base principalement sur des données provenant de Middleware et applicatives afin de surveiller et optimiser les process métiers. Customer Experience Analytics – Mesure et analyse des comportements des clients afin d’augmenter l’engagement de ceux-ci Product Analytics – Analyse de l’adoption des differentes fonctionnalités, leur utilisé et efficacité Digital Marketing – Supervision temps réel sur la perf d’une campagne marketing, la conversion des paniers sur une plateforme e-commerce, etc. DOMINOS PIZZA
- Super exemple de ce qu’on vient de décrire ! Avant d’aller plus loin dans le use case, laissez moi vous en dire un peu plus sur Gatwick … Autant vous dire que l’optimisation est un maitre mot pour eux. Heathrow Splunk pour mieux gérer les périodes d’affluence, l’utilisation des ressources et pour anticiper un gros afflux de passagers. Capable d’anticiper 4 heures en avance les ressources nécessaires pour absorber un afflux important de passager et les diriger … Quelles données ? Ces données collectées auprès des différentes bornes et services que vous traversez permettent à l’aeroport d’identifier les points de congestion … Gatwick ne compte pas s’arreter là … Depuis le déploiement de Splunk, ils ont changé leur facon de penser … CIO Anecdote Voila donc un bel exemple d’utilisation de données machines au profit du Business/Métier
- Exemple de tableau de bord dans lequel on retrouve des KPIs présentant l’efficacité des compagnies aériennes sur la piste : depart à l’heure, manoeuvre occupant la piste, etc. Ils utilisent Splunk pour que l’aéroport soit le plus efficace possible
- This is a dashboard in Splunk that shows a map of the two terminals at Gatwick that shows check in queue lengths, how many people are there at security etc This shows them bottlenecks around the airport and where staff need to go.
- Stéphane: Je vais aborder avec vous un autre cas d’utilisation assez original. Celui-ci implique de l’Internet de Objets sur un territoire assez… important. Le projet, porté par un partenaire a commencé dans l’IT Ops pour rapidement s’étendre au métier. Ok, alors, il était une fois…
- Stéphane: …Coca-Cola, une companie que vous connaissez sans doute pour ses boissons ;) Ici il s’agit d’analyser tout ce qui sort d’un tout nouveau distributeur “intelligent” qui a été conçu pour permettre à tout un chacun de créer ses propres boissons! Ces distributeurs portent le nom de « Freestyle Machine » ou « Build your Own Coke » et je suis désolé mais vous allez devoir attendre un peu avant de les voir arriver en France. Romain: Mais vous penserez à nous ce jour là! ;) Stéphane: Les données collectées permettent de diagnostiquer les appareils en place chez les Clients ”Business” de Coca-Cola: Des grandes enseignes de restaurants rapides par exemple. Le premier cas d’utilisation est l’analyse et l’intervention rapide sur incidents donc. Ensuite le métier entre en jeu pour déterminer comment les machines sont utilisées et analyser la composition des créations. On peut savoir les goûts les plus en vogue à travers le territoire et s’adapter à la demande de cette manière! --- Buying patterns can also help companies ensure availability. Coca Cola’s ‘build your own coke’ and smart vending machines produce data that is subsequently contextualised. So, by analysing the 1.9 billion servings of Coke a day (!) it has learned that more drinks are bought on university campuses just before The Walking Dead is on TV, for instance. Coca Cola can use this insight to better meet demand. ---
- Stéphane: En parlant de territoire… Je ne serai vous dire combien il y a de machines actuellement mais elles sont… partout aux Etats Unis. Chaque appareil envoie ses données vers le Cloud. Romain: Coca Cola a entièrement migré vers le Cloud maintenant d’ailleurs et je vous invite à aller voir leurs présentation lors de l’événement AWS Re-Invent de 2014. La vidéo est disponible en ligne. Et celle de notre PDG également ;) Stéphane: Bon je sais que vous aimez bien les captures d’écran alors j’en ai retrouvé quelques unes.