16. 16
Splunk Company Overview
16
Company
• Global HQs:
San Francisco
London
Hong Kong
• 2,000+ employees
globally
• Annual Revenue:
$669M (YoY +48%)
• NASDAQ: SPLK
Products
• Free trial to massive scale
• Splunk products:
Splunk Enterprise
Splunk Cloud
Hunk
Splunk Light
Splunk MINT
Premium Solutions
Customers
• 11,000+ customers
• Across 110 countries
• Small to large
organizations
• More than 85 of the
Fortune 100
• Largest license:
1.2 Petabyte/day
17. Technology Telecommunications Travel and Leisure
Education
Healthcare
Energy and Utilities
Manufacturing
Financial Services and Insurance
Media
Proven at 11,000+ Customers in 110 Countries
85 of the Fortune 100
Retail
Cloud and Online Services
Government
22. SEPT 26-29, 2016
WALT DISNEY WORLD, ORLANDO
SWAN AND DOLPHIN RESORTS
• 5000+ IT & Business Professionals
• 3 days of technical content
• 165+ sessions
• 80+ Customer Speakers
• 35+ Apps in Splunk Apps Showcase
• 75+ Technology Partners
• 1:1 networking: Ask The Experts and Security
Experts, Birds of a Feather and Chalk Talks
• NEW hands-on labs!
• Expanded show floor, Dashboards Control
Room & Clinic, and MORE!
The 7th Annual Splunk Worldwide Users’ Conference
PLUS Splunk University
• Three days: Sept 24-26, 2016
• Get Splunk Certified for FREE!
• Get CPE credits for CISSP, CAP, SSCP
• Save thousands on Splunk education!
24. CLOUD AND HYBRID IT
SOFTWARE-DEFINED DATACENTERS
CONTINUOUS APP DELIVERY
ANALYTICS-DRIVEN SECURITY
INTERNET OF THINGS
25. IoT WORKLOADS
Blurring the Lines Between Digital & Physical
Security
Ops
Center
Business
Ops
Center
IT Ops
Center
CLOUD WORKLOADS ENTERPRISE IT
WORKLOADS
ADVANCED ANALYTICS
FAST TIME TO VALUE
DATA INGEST AT SCALE
29. Why Splunk?
FAST TIME-TO-VALUE
CLOUD, ON-PREMISE & HYBRID DEPLOYMENT
VISIBILITY ACROSS STACK, NOT JUST SILOS
ONE PLATFORM, MULTIPLE USE CASES
ANY DATA, ANY SOURCE, ASK ANY QUESTION
30. Disruptive Approach to Unstructured Data
Structured
RDBMS
SQL Search
Schema at Write Schema at Read
Traditional Splunk
ETL Universal Indexing
30
Volume Velocity Variety
Unstructured
31. Turning Machine Data Into Business Value
Index Untapped Data: Any Source, Type, Volume
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
On-
Premises
Private
Cloud
Public
Cloud
Ask Any Question
Application Delivery
Security, Compliance and
Fraud
IT Operations
Business Analytics
Industrial Data and
the Internet of Things
32. Proven Customer Value Across Use Cases & Industries
Increased
revenues from
higher uptime
Savings
from fraud
prevention
Revenues
from faster
product launch
Optimizing
fuel use with
sensor data
Reduction in
SLA payouts
Value from
preventing
APTs
$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0 + B
$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0+ B
Oil & Gas
Services
Telecom
Provider
TransportationFinancial
Services
High Tech
Manufacturing
Online
Services
32
33. Platform for Machine Data
Application
Delivery
Security,
Compliance
and Fraud
Business
Analytics
Internet
of Things and
Industrial
Data
IT
Operations
34. 34
Platform for Application Delivery
and IT Operations
ROOT CAUSE
AND ISSUE
RESOLUTION
PROACTIVE
MONITORING
AND REAL-TIME
ALERTING
DELIVER BETTER
QUALITY CODE
FASTER
CLOUD APP AND
INFRASTRUCTURE
MONITORING
MOBILE APP
TROUBLESHOOTING
USER & USAGE
ANALYTICS
35. Splunk a leader in IT Operations Analytics
Splunk Named Worldwide IT Operations Analytics
Software Market Share Leader in New Report
36. How Vodafone Deliver End-to-end
Insight Using Splunk ITSI
Glass table visualizations enable rapid
and proactive issue resolution
Custom KPIs empower teams across the
business, operations & security
Actionable service insights
in two days, not months
37. 37
Single Platform for Security Intelligence
SECURITY &
COMPLIANCE
REPORTING
REAL-TIME
MONITORING OF
KNOWN THREATS
DETECT
UNKNOWN
THREATS
INCIDENT
INVESTIGATIONS
& FORENSICS
FRAUD
DETECTION
INSIDER
THREAT
Splunk Complements, Replaces and Goes Beyond Existing SIEMs
38. Protective monitoring of cyber security
attacks on customer accounts
Operational Intelligence across
security and DevOps
Security analytics and
data visualization
How BSkyB Uses Splunk To
Protect Its Customers
39. Platform for Operational Intelligence
The Splunk Portfolio
1000+ Apps
and Add-Ons
Splunk Premium
Solutions
Mainframe
Data
Relational
Databases
MobileForwarders Syslog/TCP
IoT
Devices
Network
Wire Data
Hadoop
40. Fully Integrated Enterprise Platform
HA / DR Admin Data Security Apps SDKs/APIScale
Collect
Data
Index
Data
Enrich
Data
Search &
Explore
Analyze
& Predict
Report &
Visualize
Alert &
Action
40
41. Cloud Is a Journey and Splunk Is Your Partner
Instant Secure Reliable
100%
Uptime SLA
Hybrid
45. What We Hear From Our Customers!
“My CIO is demanding we look at IT from a business service perspective.”
“Splunk is great for break-fix, but I need to show we’re meeting SLAs.”
“I need everyone to be able to see the same thing at the same time.”
“I just want to throw data at Splunk and have it find problems for me.”
“Show me what my data can do for me!”
48. Let’s remind everyone what a Service is
Payroll
E-Commerce Site
CRM
DHCP
Service
Desk
DNS
Middleware
Service
LDAP
A Service is a logical group of technology components that a user
deems need to be monitored together
49. Platform for Machine Data
Splunk IT Service Intelligence
Data-Driven Service Monitoring and Analytics
At-a-Glance
Problem Analysis
Early Warning
on Deviations
Dynamic
Service Models
Seamless Workflow
Integrations
50. 50
How Do You Try It?
SPLUNK.COM/ITSI
Free Sandbox. On Splunk Cloud.
52. Platform for Machine Data
Application
Delivery
IT
Operations
Security,
Compliance
and Fraud
Business
Analytics
Internet
of Things and
Industrial
Data
Security,
Compliance
and Fraud
54. Splunk Security Intelligence
Security and
Compliance
Reporting
Monitor and
Detect Known/
Unknown Threats
Fraud
Detection
Insider
Threat
Incident
Investigations
and Forensics
Security
Analytics
55. 2015
55
Splunk Enterprise Security
*Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in
its research publication and not advise technology users to select only those vendors with the highest ratings or other
designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not
be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose.
The only vendor in
2015 to improve its
visionary position
2015: LEADER
2014: Leader
2013: Leader
2012: Challenger
2011: Niche Player
Ascending the Gartner SIEM Magic Quadrant*
56. New Approach to Security Needed
Traditional Methods New Requirements
Data reduction Data completeness & coverage
Event correlation Multiple, dynamic relationships
Detect attacks Detect & respond to attack lifecycle
Needle in a haystack Hay in haystack
Power user All users
Severity based Risk-based
56
Event based … and time, user, phase, more…
57. Evolving Roles for Security Operations
Traditional New Requirements
57
Situational awareness Analysis & rapid response
Operation / Monitoring Center Nerve Center / Command Center
68. Run the Business in Real-time
Data From the Past Real-time Data Statistical Forecast
T – a few days T + a few days
Security Operations Center - SOC
Network Operations Center - NOC
Business Operations Center - BOC
Predictive
(Models)
Descriptive
(BI Tools, Data Lakes) On the Fly
70. 70
How Gatwick Airport Ensures Better
Passenger Experience With Splunk Cloud
On-time efficiency & dramatic queue reduction
with 925 flights per day
Real-time, predictive airfield analytics
deliver on mobile app & Apple watch
Data from airport gates, board pass scans,
x-ray, travel, passenger flow
74. Data-Driven Refreshment
Aggregate machine data from
freestyle machines
Insights into customer
interactions and decisions
Reduced Downtime and
Increased Consumer Satisfaction
Vending machine
performance and diagnostics
Simon
[PLICPLOC]
Avec plus de 1500metre de profondeur, le gouffre de la pierre saint martin dans les pyrennees est l’un des plus grand gouffre d’europe, c'est un complexe de plus de 2000 galeries, qui
s’etend sur 140km2, soit 1,5* la ville de paris.
[FIN DU PLICPLOC]
Simon
[BRUIT de clef]
autant dire que c’est le pire endroit du monde ou perdre ses clefs.
Serieusement, Que feriez vous ?
Vous pensez que je ferai marche arriere pour les chercher ? Bonne chance! si on calcule rapidement, ca vous prendrait environ WOW, disons… 12 semaines de marche, a raison de 16h de marche par jour, pour parcourir les 2000 galeries revenir sur ces millions de pas.. Ca ne sera pas une recherche plaisante croyez moi.
Mettons maintenant ceci en perspective.
Si vous pensez que cette grotte est grande et qu’il est impossible d’y retrouver quelque chose, imaginez un splunker indexant 100g de donnée par jours, il genere 400 millions d'evenements quotidiennement.
Si on l’imprimai en arial 10, ce qui est tout a fait illisible, ce sera 2000 km de texte. Comment trouveriez vous quoi que ce soit la dedans ?
Si vous n’etes pas utilisateur de SPlunk, ou que nous sommes en 2004, la reponse est : vous souffrez
N’oubliez pas ce que vous devez faire :
logguez vous sur chaque machine individuellement, copiez le fichier de logs. utilisez la ligne de coammande, rechercher avec votre outil de recherche en CLI.
Ne pas trouver ce que vous cherchez.
Le refaire
Ne pas trouver ce que vous cherchez.
Le refaire
...
en avez vous deja marre? on est qu’a la 2eme
et vous n’avez toujours trouvé ce que vous cherchez, vous n’avez pas resolu votre probleme, vous ne pouvez toujours pas rentrer chez vous
C’est pour cette raison que nos fondateurs ont creer cette societe.
car ils se battaient et echouaient a trouver ce qu’ils cherchaient dans une quantité de donnée toujours plus importantes et variée chez les geants du web que vous connaissez.
ils essayeaint de trouver ce que l’on attend pas, et c’etait comme, selon leur propre mot : explorer une grotte toujours plus profonde cherchant quelque chose que vous ne connaissez pas
ils cherchaient comme des speleologues dans la donnée, spelunking, en anglais il ont vite modifié l’expression disgracieuse Spelunking par un terme plus sexy.
Et ils ont allumé la lumiere.
Voix off qui accueille Eric
ERIC
Bienvenue à la 6e édition de SplunkLive! Paris, avant de commencer je tenais à remercier nos sponsors, Recorded Future, Cisco, EMC, Sbox F5 et Eview.Chacun d’entre eux est un partenaire technologique avec lequel nous développons des applications.N’hésitez pas a aller les rencontrer lors des pauses de la journée dans l’espace exposition.
Eric
Maintenant que vous avez tous le wifi je vais vous demander d’entrer dans vos navigateurs de smartphone l’url suivant.
Ensuite entrez vos noms et villes
Eric
Entrez les informations demandées
Eric
2 petites questions pour commencer :
Combien d’entre vous participe à leur 1e SplunkLive ?
Eric
OK très bien, et maintenant combien d’entre vous sont déjà utilisateurs Splunk?
Eric
Comme vous l’a déjà indiqué Simon en introduction Splunk vient de Spelunking….
Digital Revolution
Splunk in middle of this revolution
Foundational technology for digital universe
Need graphic here for data
Eric
le probleme c’est qu’on en utilise une infime partie.
Pour de nombreuses raisons
et parmi elles, des raisons internes, liees a nos organisations par departement ou par silo.
Combien de fois vous etes vous vu refuser l’acces a des donnees sous couvert de c’est pas a toi c’est a moi.
Ca appartient a mon service.
Eric
ERIC
More than 11,000 customers in 110 countries have purchased the enterprise license of Splunk. This includes a majority of the Fortune 100. Enterprises, service providers and government agencies in 100 countries use Splunk to improve service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility.
As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.
Eric
Splunk ce n’est pas uniquement une entreprise ou une plateforme de collecte de données machine c’est aussi et surtout une communauté
Je vous explique
Eric
Il existe plus de 1000 apps, un site qui repertorie plus de 65 000 questions et réponses, mais aussi de nombreux événements locaux tels que SplunkLive, mais aussi une très importante communauté de développeurs.
Eric
Ce qui est génial avec Splunk c’est que c’est extremement facile a essayer, installer et a déployer.
Il y a de nombreuses options qui s’offrent à vous :
Vous pouvez tester la version cloud gratuite, télécharger le logiciel gratuit.Des instances de démo d’Enterprise Security et IT Service Intelligence sont disponibles dans le Cloud
Eric
ERIC
We’re headed to the East Coast!
2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics!
165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE!
30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you!
Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers.
Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja!
REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!
Haiyan
Good morning everyone and welcome to SplunkLive!
I couldn’t be more excited to be here with all of you today.
Haiyan
These are exciting times. We are living in a world that is:
- Mobile and connected – with traditional boundaries expanding into the cloud
- With new software-defined data centers – creates significant advantages while also creating new challenges in identifying and solving bottlenecks
- And applications that are being delivered continuously, with some organizations releasing new code multiple times per day.
- We also see a new analytics-driven approach – because simply monitoring of traditional security events just doesn’t cut it anymore
- And an explosion of the Internet of Things – which could change entire industries
- As a result of these mega-trends, machine data has become one of the fastest growing and most complex areas of big data.
- if harnessed properly, it can drive innovation,
- help to deliver, manage, and secure mission-critical services,
- and enable companies and government agencies to better understand their customers.
We just have to listen to the data.
Most companies will have some form of IT Operations Centre, a Security Operations Centre and Business Operations capability.
These are faced with the challenge of workloads from traditional on-premise workloads, cloud workload and new types of workload from IoT
Most organizations are trying to ingest and manage lots of data, at speed
They are trying to make it available to the right people in the form of analytics
They are also trying to find the value from this data
That’s where we come in. Spunk’s mission is to make machine data accessible, usable, and valuable to everyone.
Our goal is to help organizations find the value in that data and become the fabric for machine data
If organizations don’t analyze data available to them, their competition will and they will separate themselves! Think about it, 20 years ago, you may have thought a website was optional.
Organizations use Splunk products to gain fast visibility and insights from their machine data to:
1. Find and fix problems dramatically faster, investigate incidents and attacks
2. Automatically monitor to identify issues, problems and attacks
3. Gain end-to-end visibility to track and deliver on IT KPIs and make better-informed IT decisions
4. Gain real-time insight from operational data to make better-informed business decisions
Fast Time-To-Value – Splunk can be downloaded and installed in minutes. If that’s not fast enough you can get a cloud instance in seconds.
Any Data – Splunk can ingest data from any machine data source. It’s not application, vendor, or hardware specific.
Ask any question – It’s impossible to know all the questions you will ask of your data. Often answering one question leads to another. The schema-on-the-fly approach allows you to ask any question of your data.
Visibility across stack – Because you can ingest this data from any source you can quickly gain visibility across all of them.
One Platform – This is more than log aggregation and search software. Let me show you.
Choose Splunk as a SaaS offering, on-premise or hybrid. You get one universal view of your data.
Traditionally, machine data was generated and part of the data would be stored in a specific, pre-defined way. This creates limits in the questions that can be asked of the data.
Splunk takes a disruptive approach by storing the data in it’s raw, original format, and creates a schema at the last possible moment; when the question is asked. Because of this, there are no limits to the questions that can be asked of the data. Speaking of no limits…
No limits on where you can collect it from
No limits on the formats of data
And no limits on scale
Some customers are indexing 100’s of TB per day, searching across thousands of types of data all in different formats.
Splunk products are being used for data volumes ranging from gigabytes to hundreds of terabytes per day. Splunk software and cloud services reliably collects and indexes machine data, from a single source to tens of thousands of sources. All in real time. Once data is in Splunk Enterprise, you can search, analyze, report on and share insights form your data. The Splunk Enterprise platform is optimized for real-time, low-latency and interactivity, making it easy to explore, analyze and visualize your data. This is described as Operational Intelligence.
The insights gained from machine data support a number of use cases and can drive value across your organization.
[In North America]
Splunk Cloud is available in North America and offers Splunk Enterprise as a cloud-based service – essentially empowering you with Operational Intelligence without any operational effort.
Splunk customers are realizing tremendous value across multiple industries and use cases. From Fortune 100 to small shops, enterprises, service providers and government agencies are improving service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility.
As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.
We continue to invest to make Splunk the leading platform for machine data.
We’re continuing to invest in both Splunk Enterprise as software, as well as our SaaS offering, Splunk Cloud.
Splunk uniquely supports organizations that are running operations on premises, in the cloud or in a hybrid environment.
We’re also investing heavily in solutions that make it easy for you to meet your goals across IT Operations, App delivery, Security, Fraud, Compliance; business analytics and industrial data.
These five use cases explain and illustrate how most people use their machine data and Splunk
With Splunk software and cloud services, you can quickly identify and pinpoint code-level issues at any stage of the development and release process. You can find and fix bugs quickly so you can ship product faster, gain insights into application usage and user behavior and get real time, mission-critical visibility into every step, system and process involved in building, testing and shipping new products to your customers.
Splunk’s universal machine data platform empowers you to consolidate all information within a unified console to find the root-cause of issues, proactively manage events and incidents and reduce resolution times. You can quickly create alerts to proactively monitor your distributed infrastructure and complex applications/services.
With Splunk MINT, our Mobile Intelligence solution, we’re now extending Operational Intelligence to Mobile Applications. With Splunk MINT, you are enabled to deliver reliable, better performing mobile apps with end-to-end visibility across mobile applications and their supporting application infrastructure. You can combine and correlate mobile app data with data from other channels such as web or desktop to gain cross-channel user and usage analytics with the Splunk platform.
We have many apps that monitor cloud applications. The Splunk App for Stream enables the capture of real-time streaming wire data, across distributed infrastructures including private, public and hybrid Clouds. This enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business.
Splunk was recently voted industry leader in ITOA by leading analyst company IDC
Industry: Telco
Use case: IT Ops, ITSI
More can be found at: http://www.splunk.com/view/splunk-at-vodafone/SP-CAAAPA3
Splunk is a Security Intelligence Platform and we can address a number of security use cases. We’re more flexible than a SIEM and can be used for non-security use cases. Splunk software can complement or replace existing SIEM deployments, while also addressing more complex security use cases, such as supporting fraud detection and finding insider threats.
Industry: Media
Use case: Security, DevOps
More can be found at: http://diginomica.com/2014/10/09/bskyb-bolsters-customer-id-login-security-splunk/#.Vh-14xCrRTY
Data from any source – we’re focusing on increasing the types of data you can bring into Splunk – mainframe, network, cloud, sensor, mobile data etc
Available to visualize, analyze report
Specialized content to deliver on specific use cases and find value from data faster
The Splunk platform consists of multiple products and deployment models to fit your needs.
Splunk Enterprise – for on-premise deployment
Splunk Cloud – Fully managed service with 100% SLA and all the capabilities of Splunk Enterprise…in the Cloud
Splunk Light – allows smaller IT organizations to get started with Splunk – on premise or in the cloud
Hunk – for analytics on data in Hadoop
Apps and add-ns from Splunk and our community extend and simplify deployments by providing pre-packaged content designed for specific use cases and data types.
And premium solutions from Splunk apply real-time intelligence and rich, domain-specific functions to manage your security posture, IT operations and more.
Splunk provides an open, fully integrated platform. That means you can collect, index, analyze, report and predict on machine-generated data from a single product. It’s enterprise-ready with high availability and disaster recovery features, role-based access control and scales to index hundreds of terabytes per day. It’s an open platform with over 1000 Splunk Apps available and allows for custom development.
And, we give you access to that data, anywhere you want it. Your Choice: Splunk Cloud, On Prem or Hybrid
We know one of your primary initiatives is Cloud First. Ours is too, so that we can offer you a flexible delivery model that gives you a choice. On premise, in the cloud or both. And you truly can have both because Splunk offers hybrid search, so you still have one view across all of your data whether it resides on prem or in the cloud.
Matt
By giving different people the ability to ask different questions of the Same data, when they need to, we’re helping customers across all of our core use cases move from reactive to proactive.
Matt
By giving different people the ability to ask different questions of the Same data, when they need to, we’re helping customers across all of our core use cases move from reactive to proactive.
Fin Adrien Eric remonte sur scène
Merci Adrien
Shake
Eric présente Cyril de Generali
Je sais que chez vous ca n’arrive jamais des applications lentes,
Des gens qui se plaignent a la machine a café,
Cyril va vous expliquer comment gerer
Voix off présente Haiyan
Haiyan on Stage
We're focusing on security.
Haiyan
I want to draw your attention to 3 key areas that you said, are top of mind for you! You said…
You want Splunk to do more to: Enable Rapid Investigation and Incident Response
You’ve asked us to develop new analytics for emerging challenges like user behavior analysis
And you want us to help you address Insider Threats
Haiyan
Enterprise Security - Our rapid ascent reflects the customer traction we have and value we deliver to customers – with thousands of security customers and 40% year-over-year growth, we are the fastest growing SIEM vendor in the market. 2011 was our first time in the MQ; In 2 short years we raced up to the top quadrant in the MQ.
Splunk can ingest any type of machine data, from any source in real time. These are listed here on the left and are flowing into Splunk for indexing. Once indexed, users can perform the use cases on the top right on the data. They can search through the data, monitor the data and be alerted in real-time if scheduled search parameters are met. The raw data can be aggregated in seconds for custom reports and dashboards. Also Splunk is a platform that developers can build on. It uses a well documented Rest API and several SDKs so developers and external; applications can directly access and act on the data within Splunk. Also, besides indexing raw data into its flat file data store, Splunk can also retrieve and index data that resides in other data stores such as a SQL database or Hadoop.
Splunk can easily ingest external data to enrich existing data Splunk has indexed to increase accuracy and reduce false positives. This external could come from a wide range of sources outlined on this slide. It includes employee information from AD, asset information from a CMDB, blacklists of bad external IPs from 3rd-party threat intelligence feeds, IP ranges of critical internal networks (like a PCI-related credit cardholder environment). Correlation searches can include this external content. So for example Splunk can alert you if a low-level employee accesses a file share with critical data, but not if the file share has harmless data. Or Splunk can alert you if a user name is used specifically for an employee who no longer works for your organization. These are especially high-risk events.
Haiyan
Imagine sitting in your own Security operation center
Using the Investigator Timeline and Journal
Seamlessly utilizing User Behavior Analytics
And as a result - disrupting breaches!
Find RATs. ….
Eric remonte sur scène pour remercie Pierre Kirchner et introduire Romain et Stephane
Romain
Good morning everyone and welcome to SplunkLive!
I couldn’t be more excited to be here with all of you today.
Notre mission …
Données machines = Notre terrain de jeu favori
Vous tous,
que vous soyez .. Devez être prêts pour cette transformation car la concurrence n’attendra pas
Aujourd’hui, en 2016, beaucoup de décideurs n’ont pas les ressources nécessaires …
Aujourd’hui, les canaux de vente se diversifient ….
Le marché évolue, nos clients nous font confiance pour les accompagner dans cette transformation.
C’est ce que fait Domino’s Pizza
SOC / NOC
BOC = nouveau concept
Toute l’efficacité du BOC réside dans le lien qu’on est capable de faire avec le NOC …
Bref, on casse les silos.
Histoire de comprendre un peu mieux notre positionnement …
C’est notre terrain de jeu habituel … Par ailleurs, nous nous concentrons sur les données machines …
Bien entendu, nous pouvons conserver les données …
Enfin, nous embarquons des modèles prédictifs….
NOC: est un service chargé du contrôle des transactions, de la surveillance des incidents, de la charge d'un réseau local ou interconnecté
Business Process Analytics – Vue bout en bout des process metiers. On se base principalement sur des données provenant de Middleware et applicatives afin de surveiller et optimiser les process métiers.
Customer Experience Analytics – Mesure et analyse des comportements des clients afin d’augmenter l’engagement de ceux-ci
Product Analytics – Analyse de l’adoption des differentes fonctionnalités, leur utilisé et efficacité
Digital Marketing – Supervision temps réel sur la perf d’une campagne marketing, la conversion des paniers sur une plateforme e-commerce, etc. DOMINOS PIZZA
Super exemple de ce qu’on vient de décrire !
Avant d’aller plus loin dans le use case, laissez moi vous en dire un peu plus sur Gatwick …
Autant vous dire que l’optimisation est un maitre mot pour eux.
Heathrow
Splunk pour mieux gérer les périodes d’affluence, l’utilisation des ressources et pour anticiper un gros afflux de passagers.
Capable d’anticiper 4 heures en avance les ressources nécessaires pour absorber un afflux important de passager et les diriger …
Quelles données ?
Ces données collectées auprès des différentes bornes et services que vous traversez permettent à l’aeroport d’identifier les points de congestion …
Gatwick ne compte pas s’arreter là …
Depuis le déploiement de Splunk, ils ont changé leur facon de penser …
CIO Anecdote
Voila donc un bel exemple d’utilisation de données machines au profit du Business/Métier
Exemple de tableau de bord dans lequel on retrouve des KPIs présentant l’efficacité des compagnies aériennes sur la piste : depart à l’heure, manoeuvre occupant la piste, etc.
Ils utilisent Splunk pour que l’aéroport soit le plus efficace possible
This is a dashboard in Splunk that shows a map of the two terminals at Gatwick that shows check in queue lengths, how many people are there at security etc This shows them bottlenecks around the airport and where staff need to go.
Stéphane:
Je vais aborder avec vous un autre cas d’utilisation assez original.
Celui-ci implique de l’Internet de Objets sur un territoire assez… important.
Le projet, porté par un partenaire a commencé dans l’IT Ops pour rapidement s’étendre au métier.
Ok, alors, il était une fois…
Stéphane:
…Coca-Cola, une companie que vous connaissez sans doute pour ses boissons ;)
Ici il s’agit d’analyser tout ce qui sort d’un tout nouveau distributeur “intelligent” qui a été conçu pour permettre à tout un chacun de créer ses propres boissons!
Ces distributeurs portent le nom de « Freestyle Machine » ou « Build your Own Coke » et je suis désolé mais vous allez devoir attendre un peu avant de les voir arriver en France.
Romain:
Mais vous penserez à nous ce jour là! ;)
Stéphane:
Les données collectées permettent de diagnostiquer les appareils en place chez les Clients ”Business” de Coca-Cola: Des grandes enseignes de restaurants rapides par exemple.
Le premier cas d’utilisation est l’analyse et l’intervention rapide sur incidents donc.
Ensuite le métier entre en jeu pour déterminer comment les machines sont utilisées et analyser la composition des créations.
On peut savoir les goûts les plus en vogue à travers le territoire et s’adapter à la demande de cette manière!
---
Buying patterns can also help companies ensure availability. Coca Cola’s ‘build your own coke’ and smart vending machines produce data that is subsequently contextualised. So, by analysing the 1.9 billion servings of Coke a day (!) it has learned that more drinks are bought on university campuses just before The Walking Dead is on TV, for instance. Coca Cola can use this insight to better meet demand.
---
Stéphane:
En parlant de territoire…
Je ne serai vous dire combien il y a de machines actuellement mais elles sont… partout aux Etats Unis.
Chaque appareil envoie ses données vers le Cloud.
Romain:
Coca Cola a entièrement migré vers le Cloud maintenant d’ailleurs et je vous invite à aller voir leurs présentation lors de l’événement AWS Re-Invent de 2014. La vidéo est disponible en ligne.
Et celle de notre PDG également ;)
Stéphane:
Bon je sais que vous aimez bien les captures d’écran alors j’en ai retrouvé quelques unes.