Best Practices For Sharing Data Across The Enteprrise

Copyright © 2016 Splunk, Inc.
Drive more value through data
source and use case
optimization
Jon Falabella
Manager, Business Value Consulting
jfalabella@splunk.com
November, 2016
BEST PRACTICES FOR SHARING DATA
ACROSS THE ENTEPRRISE

Today’s Presentation
2 Common Value Drivers
3 Data Source Best Practices
4 Summary / Q&A
1 Business Value Program

Business Value Consulting at Splunk
Help customers document the projected and already
realized business value of making machine data
accessible, usable, and valuable for everyone
Common Deliverables:
› CFO-Ready Business Case
› Value Realization Studies
› Usage Maturity & Staffing Readiness
› Enterprise Adoption Roadmaps
› Customer and Industry Benchmarks
1000+
Engagements
Worldwide
Since 2013

Business Value Consulting at Splunk
Help customers document the projected and already
realized business value of making machine data
accessible, usable, and valuable for everyone
Common Deliverables:
› CFO-Ready Business Case
› Value Realization Studies
› Usage Maturity & Staffing Readiness
› Enterprise Adoption Roadmaps
› Customer and Industry Benchmarks
1000+
Engagements
Worldwide
Since 2013
FREE

The Impact of Documenting Value
“With a time-sequenced view of our machine data, we are able to quickly
pinpoint where to investigate and resolve.”
5
***BECOMES***
“We’ve reduced downtime by more than 50% and we’ve captured
11,5000 hours/year of efficiencies that have been reallocated to higher
value work across the organization, generating $1.95M value/year”

Overview of Common Value Drivers
Based on FY16Q3 activity
Security,
Compliance
IT
Operations
Application
Delivery
as reported by Splunk Customers

Reduce business
impact with Shorter
and Fewer Outages
TOP 4 Value Drivers for IT Ops
Root Cause
Analysis
Up to 30% unknown
root causes, causing
incidents to recur
Incident
Troubleshooting
Lengthy log analysis done
manual
Incident
Triage
All hands on deck,
taking up 30 to 40
minutes
Before
Splunk
Service
Restoration
Fix is
implemented
Fix is implemented
Failure
detection
Customer often
informs IT
#1 Better
detection
customer is
notified by IT
With
Splunk
#2 Faster triage often conducted by 1st
level staff without all hands on deck
#3 Faster investigation (MTTI)
through rapid log search and correlation
conducted in conjunction by different
teams (everyone looks at the same data)
#4 Faster and more comprehensive root
cause analysis reduces incident recurrence

Benchmarking Splunk Customer Success
Documented through 1000+ engagements worldwide
Reduced Mean Time to
Investigate by 80%
Reduced MTTR by 95% and
reduce escalations by 50%
Improved API performance
by 50% reducing need for
infrastructure upgrades and
increasing user satisfaction
15-45% reduction in high priority incidents
70-90% reduction in incident investigation time
67-82% reduction in business impact
5-20% increase in infrastructure capacity utilization
Customer Feedback
IT Operations Analytics (ITOA)

#3 Faster implementation of critical
security controls (ex: CIS Top 20) across ALL
layers of the organization, ultimately resulting in
full enterprise visibility and a reduction in risks
Assess
Risk
Deep
Analysis
Monitor
Controls
Audit &
Comply
TOP 4 Value Drivers for Security & Compliance
#4 Continuous compliance on
ALL components and policies
resulting in faster and simpler audits
#2 Faster deep dive investigation
on security incidents that require further
proactive and reactive analysis
#1 Faster 1st level triage on ALL security
attacks with less resources as opposed to
reviewing only a subset of attacks
Mobile & IOT Vulnerabilities
Scams & Social Media
Targeted Attacks, Data Breaches
E-Crime & Malware, Web Threats
Reduce risk of cyber threats
with FASTER identification and
remediation of security events

Security, Compliance & Fraud
70-90% faster detection and triage of security events
70-90% faster investigation of security incidents
70-90% reduction in compliance reporting time
10-50% reduction in risk of data breach, IP theft, fraud
Customer Feedback
Reduced effort on security staff
tasks saving more than
$500,000 per year
Reduced fraud & abuse by
50% converting fraudulent
users to paying customers
Reduced compliance reporting
time by over 80% for SOX,
SAS-70 and PCI
a SaaS company

Splunk Security & Compliance Best Practices
RefertotheSplunkCIS20whitepaperfor
detailedusecasesandexamplesofhow
customersuseSplunktoachievethe
anticipatedimprovementswith:
CriticalSecurityControls(SANS20)
FasterDetectionofSecurityEvents
FasterResearchandInvestigation
ReducedRiskswithDataBreachandFraud

TOP 4 Value Drivers for Dev Ops
#2 Improved uptime
IT ops teams can be engaged
earlier to collaborate with
developers on measurements to
monitor and prevent production
service disruptions
#1 Faster development time
Developers iterate faster with less
risk through better test failure
analysis and more efficient
resolution of defects
#4 Better decision making
A single version of the truth for all parties – IT ops, dev and
line of business – have the same view from information
correlated across the development and delivery chain
#3 Easier access to data
Business stakeholders can measure the effect of
ideas and releases on customer experience,
revenue, retention and other metrics
Accelerate time to market with FASTER SDLC cycles

Application Delivery
Shortened dev cycles
by 30%
Reduced reporting
time by 88%
Increased release
cycles by 8x with no
additional staff
Customer Feedback
80-90% faster development of reports and dashboards
70-90% reduction in time for QA test failure analysis
70-90% reduction in time for pre-prod defect investigation
10-50% improvement in time to market

Most Common Value Drivers
IT Operations & App Support Security & Compliance Application Development
15-45% reduction in high priority
incidents
70-90% reduction in incident
investigation time
5-20% increase in infrastructure
capacity utilization
70-90% faster detection and triage of
security events
70-90% faster investigation of security
incidents
70-90% reduction in compliance
reporting time
10-50% lower risk of data breach, IP
theft and fraud
80-90% faster development of
reports and dashboards
70-90% reduction in time for QA
test failure analysis
70-90% reduction in time for pre-
prod defect investigation
10-50% improvement in time to
market

Requires Key Data Sources
incidents
investigation time
security events
incidents
reporting time
theft and fraud
market
25+
data sources
40+
data sources
25+
data sources

Network Server & Storage
• SNMP
• DHCP
• Firewall
• Load Balancer
• Network Switches
• Network Routers
(cisco_cdr, cisco:asa,
cisco_syslog,
clavister)
• Netflow
• Proxies
Application
• OS Logs (ntsyslog, snare, dhcpd,
linux_secure, aix_secure, osx_secure,
syslog, PERFMON:CPUTime,
PERFMON:FreeDiskSpace, Win:Event, etc.)
• VMWare server logs
• AWS Logs (CloudTrail, CloudWatch,
Config, S3, etc.)
• MS Azure Logs (WADEventLogs,
WADPerformanceCounter,
WADDiagnostInfrastructure, etc.)
• Backup logs
• Storage logs
Common Data Sources
Middleware & Database
• Java – J2EE (log4J, JMS, MQ, TibcoEMS,
HornetQ, RabbitMQ, Native JMS, Weblogic
JMS, etc.)
• Middleware (Tibco, Software AG etc.)
• Web Server (access_combined,
access_combined_wcookie,
access_common, apache_error, iis, nginx,
etc.)
• Application Server (log4j, log4php,
weblogic_stdout, websphere_activity,
websphere_core, websphere_trlog, etc.)
• Mobile Devices
• Database error logs
• Application Error Logs
• Application
Performance and Usage
Logs
• Application
Authentication Logs
• Business Process Logs
(Payments status, batch
upload status, customer
order status, etc.)
• Mail Server Logs
IT Operations Analytics (ITOA)

Security, Compliance & Fraud
Common Data Sources
Network, Server & Storage
• SNMP
• Wire Data
• DHCP
• Firewall
• FTP Logs
• IDS Logs
• Network Access
Control
• File access control
• Network Switches
• Network Routers
Application & User
• Wireless Network logs
• Netflow
• Proxies
• OS Logs (ntsyslog, snare,
dhcpd, linux_secure,
aix_secure, osx_secure,
syslog, Win:Event, etc.)
• Patch Logs
• VMWare server logs
• AWS Logs (CloudTrail,
CloudWatch, Config, etc.)
• Storage logs
HornetQ, RabbitMQ, Native JMS,
Weblogic JMS, etc.)
access_combined_wcookie,
access_common, apache_error, iis,
nginx, etc.)
• Malware protection logs
• Endpoint activity
• App. Authentication Logs
• Vulnerability Scanning
• Active Directory
• LDAP, VPN
• SDLC Security Test Logs
• Mobile Devices
• Physical Card Reader Logs
Security
• Threat Lists
• OS Blacklist
• IP blacklists
• Restricted
ports and
protocols
• Vulnerability
Lists
• Social Media
Feeds
• Training Logs

SDLC
Application Development
Common Data Sources
HornetQ, RabbitMQ, Native JMS, Weblogic
JMS, etc.)
access_combined_wcookie, access_common,
apache_error, iis, nginx, etc.)
• Mobile Devices
• Performance Test Logs
• Functional Test Logs
• Security Test Logs
• Debug Logs
• Release Error Logs
• Code Management Logs
• Puppet,
• Atlassian Jira,
• Github,
• Chef
• Docker
Application
• Apache Web Logs
• Application Performance Logs
• Application Authentication Logs
• Business Process Logs (Payments
status, batch upload status, customer
order status, etc.)
• Mobile data (MINT)
• SDK Events (Python, .Net,…)

Other Questions
• How much data do we have?
• How are we using this data?
• Are we underutilizing Splunk?
• Where can we get more value?
• Are we indexing the right data sources?
• What else can we do with our existing data?
• How can we maximize the value from our existing data?
• How can we plan the next adoption phase based on our data?

incidents
investigation time
security events
incidents
reporting time
theft and fraud
market
Need to Understand your Data Sources
25+
data sources
40+
data sources
25+
data sources

How to better Understand your Data Sources
Use
Cases
Are my current users
benefiting from all the
possible use cases?
What else could they
be doing?
Data
What data exists in
my environment?
How much of it is
indexed?
Groups
How does my data
overlap across
different groups?
How much of it is
already indexed?
Can other groups
leverage the data
already indexed?
How could they benefit
from this data?
more use cases = more
value from your data

DSA – Data Source Assessment Tool
Using a simple process that involves each team
• Pre-configured lists of
common data sources to
help document your
environment and estimate
their size
• Pre-mapped dependencies
across different groups to
help you understand overlap
factors

Identify your Top Value Drivers
 Become more proactive
 Resolve incidents faster
 Improve root cause analysis
 Improve HW capacity utilization
 Automate routine tasks
 Reduce escalations
 Improve detection of security events
 Investigate security incidents faster
 Streamline compliance activities
 Reduce risk of data breach
 Reduce risk of IP theft
 Reduce risk of Fraud
 Develop faster reports and dashboards
 Analyze test failures faster
 Investigate pre-production bugs faster
 Accelerate time to market
 Reduce time and effort of release
 Improve quality of business processes
 Improve efficiency of business processes
 Improve measurement of business processes
 Improve audit of business processes
 Improve customer experience
Business
Analytics
IT Ops and
App Support
Application
Development
To help you better align with key data sources
Security &
Compliance
1

Document your Enviornment by Layer
Understanding your Configured Items
2
Server
Network
Storage
Database
Applications
End-User
Systems
Security
Systems
Fraud
Systems
QA / Test
Systems
Development
Systems
Top 5 Business
Services
ex: Order
Mgmt, Product
Delivery,
Customer
Service, etc.

Data Gathering by Layer
~30 minutes per group to complete SAMPLE

Analyze your Deployment
Use case analysis
– Fully in use
– Partially in use
– Should be in use
Data source analysis
– What’s needed
– What’s missing
Overlap analysis
– Across centers
– Better planning
– Increase adoption

Identify the Right Use Cases
Automated Adoption Chart provides a Perspective on Current/Future Use Cases

Identify Value Gaps
Rank your Value compared to Splunk Customer Success Benchmarks

Recap
An adoption plan designed to maximize the value from the data you currently index
3. IDENTIFY new use cases that
align with key goals and can
be enabled with data
currently indexed
4. CONFIRM the right data
sources to drive new use cases
required to better align with
key goals
1. Document your environment
to level set your data source
landscape
2. Leverage pre-built data
mapping to understand how
your data can be reused
across your enterprise

What Now?
• Can you assist me with a data source assessment?
• Can I get a copy of the DSA tools?
• Can I get a copy of this Presentation?
Common Questions…
YES – Get in touch with your Sales Team

Questions?
Thankyou!

Best Practices For Sharing Data Across The Enteprrise

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (15)

Similaire à Best Practices For Sharing Data Across The Enteprrise

Similaire à Best Practices For Sharing Data Across The Enteprrise (20)

Plus de Splunk

Plus de Splunk (20)

Dernier

Dernier (20)

Best Practices For Sharing Data Across The Enteprrise

Notes de l'éditeur