SlideShare une entreprise Scribd logo

SplunkLive! Philadelphia - University of Scranton

Splunk
Splunk
Technologie
1  sur  16
Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
About University of Scranton • Jesuit University, founded in 1888 • Regional, comprehensive university with a total enrollment of more than 6,000 students in 86 undergraduate and graduate programs • Scranton stands among the top tier of universities recognized nationally, with rankings in a multitude of venues (US News Top 10 Regional, Princeton Review Top 300, Forbes.com) Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 2 Listen to your data. Copyright © 2012, Splunk Inc.
What We Do... • Ensure security (C-I-A) of all University information assets • Focus on detection and quarantine of infected endpoints • Data stewardship / Security governance • Distributed security responsibilities (SecOPs) • Network Security Infrastructure “Splunk is our Security Solution.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 3 Listen to your data. Copyright © 2012, Splunk Inc.
Splunk at the UofS • Splunk users for ~4 years • Needed enterprise solution for syslog collection/correlation • Evaluated Open Source solutions • 500 MB evaluation license of Splunk • Focused on collection from key network systems • But now…. Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 4 Listen to your data. Copyright © 2012, Splunk Inc.
If You Got It, Splunk It Centralized log collection • Key Enterprise systems • Firewalls • Networking equipment • Intrusion detection/prevention systems • DNS queries, URL access • DHCP servers • Active Directory, LDAP “We didn't do anything like this before Splunk.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 5 Listen to your data. Copyright © 2012, Splunk Inc.
Security at a Mobile Friendly Campus PROBLEM: Network Address Translation: private vs public IP address. Most external reports give time stamp and public IP address information but we need to know who is behind it. Higher Education Opportunity Act requires a system in place to combat copyright infringement. • Cisco Network Access Control logs, DHCP logs, NAT translation logs in Splunk • Ability to connect the dots quickly • Wrote an IP tracker app (java) – which talks to Splunk over APIs – lookup function Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 6 Listen to your data. Copyright © 2012, Splunk Inc.
External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 7 Listen to your data. Copyright © 2012, Splunk Inc.
External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 8 Listen to your data. Copyright © 2012, Splunk Inc.
Automated Searches • Saved searches – Network access control system – Things being dropped by internal and external firewalls (dashboard) – Automated alert for stolen goods (MAC address) Detect – SPAM – Alert conditions on servers – Activity with routing protocols – Bad actors trying to access VPN / Digital Reserves / SSH / etc. “Splunk helped us immensely with indexing, analyzing and correlating data. ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 9 Listen to your data. Copyright © 2012, Splunk Inc.
Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 10 Listen to your data. Copyright © 2012, Splunk Inc.
Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
Network Operations Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 12 Listen to your data. Copyright © 2012, Splunk Inc.
Computer Security Incident Response Team Investigations • Splunk – MAC address, User Name, Public and Private IP addresses • Set window around known time of infection • Result: insight into how, when and where host was compromised “Being able to put 1 parameter in and chasing it across the network is great! ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 13 Listen to your data. Copyright © 2012, Splunk Inc.
Splunk 4.3 – Winner! • Bloom-filters • IPv6 support • Non-Flash UI • Historic Versions (whoops!) • JSON XML field extractions • Native Python and Java SDKs exciting Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 14 Listen to your data. Copyright © 2012, Splunk Inc.
Future Plans • Synchronization with Active Directory • Identify financial aid fraud with correlation of event logs • Data mining webserver logs • Using Splunk for Institutional Research • Speed of light calculations on geoip data Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 15 Listen to your data. Copyright © 2012, Splunk Inc.
Thank you! Tony "Pancakes" Maszeroski Information Security Manager Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 16 16 Listen to your data. Copyright © 2012, Splunk Inc.

Recommandé

SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCP
Splunk
 
SplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – VirtustreamSplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – Virtustream
Splunk
 
Managing Security with Splunk Enterprise
Managing Security with Splunk EnterpriseManaging Security with Splunk Enterprise
Managing Security with Splunk Enterprise
Splunk
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
Charles Lim
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Alex Pinto
 
Monitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionMonitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusion
Charles Lim
 

Recommandé

SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCP
Splunk
 
SplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – VirtustreamSplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – Virtustream
Splunk
 
Managing Security with Splunk Enterprise
Managing Security with Splunk EnterpriseManaging Security with Splunk Enterprise
Managing Security with Splunk Enterprise
Splunk
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
Charles Lim
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Alex Pinto
 
Monitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionMonitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusion
Charles Lim
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
Splunk
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Charles Lim
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
Charles Lim
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior Analytics
Splunk
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
Charles Lim
 
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceInfosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Splunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
RoshiniVijayakumar1
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
Yolanta Beresna
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
Lisa Young
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk
 
Customer Presentation - KCP&L
Customer Presentation - KCP&LCustomer Presentation - KCP&L
Customer Presentation - KCP&L
Splunk
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EU
Splunk
 
SplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John MasseriaSplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John Masseria
Splunk
 
SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - Interac
Splunk
 

Contenu connexe

Tendances

SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
Charles Lim
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 

Tendances (20)

Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior Analytics
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceInfosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat Intelligence
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
 
Customer Presentation - KCP&L
Customer Presentation - KCP&LCustomer Presentation - KCP&L
Customer Presentation - KCP&L
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EU
 

Similaire à SplunkLive! Philadelphia - University of Scranton

SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - Interac
Splunk
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
Splunk
 
Paris live eddiesatterly_022013
Paris live eddiesatterly_022013Paris live eddiesatterly_022013
Paris live eddiesatterly_022013
jenny_splunk
 
SplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto SoftwareSplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto Software
Splunk
 
SplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - FieldglassSplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - Fieldglass
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumSplunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner Symposium
Eddie Satterly
 
SplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrackSplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrack
Splunk
 
Protecting Software: Agencies Respond
Protecting Software: Agencies RespondProtecting Software: Agencies Respond
Protecting Software: Agencies Respond
asauers
 

Similaire à SplunkLive! Philadelphia - University of Scranton (20)

SplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John MasseriaSplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John Masseria
 
SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - Interac
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
 
Paris live eddiesatterly_022013
Paris live eddiesatterly_022013Paris live eddiesatterly_022013
Paris live eddiesatterly_022013
 
SplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto SoftwareSplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto Software
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Session
 
SplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - FieldglassSplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - Fieldglass
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
 
Splunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumSplunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner Symposium
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
ION San Diego - Advancing the Network Introductory Slides
ION San Diego - Advancing the Network Introductory SlidesION San Diego - Advancing the Network Introductory Slides
ION San Diego - Advancing the Network Introductory Slides
 
Splunk for Online Services Event featuring Box.net
Splunk for Online Services Event featuring Box.netSplunk for Online Services Event featuring Box.net
Splunk for Online Services Event featuring Box.net
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
SplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrackSplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrack
 
Ug soar 22sep21
Ug soar 22sep21Ug soar 22sep21
Ug soar 22sep21
 
Protecting Software: Agencies Respond
Protecting Software: Agencies RespondProtecting Software: Agencies Respond
Protecting Software: Agencies Respond
 
SplunkLIve! Charlotte, Lumos Networks
SplunkLIve! Charlotte, Lumos NetworksSplunkLIve! Charlotte, Lumos Networks
SplunkLIve! Charlotte, Lumos Networks
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 

Plus de Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

Plus de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

SplunkLive! Philadelphia - University of Scranton

  • 1. Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
  • 2. About University of Scranton • Jesuit University, founded in 1888 • Regional, comprehensive university with a total enrollment of more than 6,000 students in 86 undergraduate and graduate programs • Scranton stands among the top tier of universities recognized nationally, with rankings in a multitude of venues (US News Top 10 Regional, Princeton Review Top 300, Forbes.com) Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 2 Listen to your data. Copyright © 2012, Splunk Inc.
  • 3. What We Do... • Ensure security (C-I-A) of all University information assets • Focus on detection and quarantine of infected endpoints • Data stewardship / Security governance • Distributed security responsibilities (SecOPs) • Network Security Infrastructure “Splunk is our Security Solution.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 3 Listen to your data. Copyright © 2012, Splunk Inc.
  • 4. Splunk at the UofS • Splunk users for ~4 years • Needed enterprise solution for syslog collection/correlation • Evaluated Open Source solutions • 500 MB evaluation license of Splunk • Focused on collection from key network systems • But now…. Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 4 Listen to your data. Copyright © 2012, Splunk Inc.
  • 5. If You Got It, Splunk It Centralized log collection • Key Enterprise systems • Firewalls • Networking equipment • Intrusion detection/prevention systems • DNS queries, URL access • DHCP servers • Active Directory, LDAP “We didn't do anything like this before Splunk.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 5 Listen to your data. Copyright © 2012, Splunk Inc.
  • 6. Security at a Mobile Friendly Campus PROBLEM: Network Address Translation: private vs public IP address. Most external reports give time stamp and public IP address information but we need to know who is behind it. Higher Education Opportunity Act requires a system in place to combat copyright infringement. • Cisco Network Access Control logs, DHCP logs, NAT translation logs in Splunk • Ability to connect the dots quickly • Wrote an IP tracker app (java) – which talks to Splunk over APIs – lookup function Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 6 Listen to your data. Copyright © 2012, Splunk Inc.
  • 7. External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 7 Listen to your data. Copyright © 2012, Splunk Inc.
  • 8. External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 8 Listen to your data. Copyright © 2012, Splunk Inc.
  • 9. Automated Searches • Saved searches – Network access control system – Things being dropped by internal and external firewalls (dashboard) – Automated alert for stolen goods (MAC address) Detect – SPAM – Alert conditions on servers – Activity with routing protocols – Bad actors trying to access VPN / Digital Reserves / SSH / etc. “Splunk helped us immensely with indexing, analyzing and correlating data. ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 9 Listen to your data. Copyright © 2012, Splunk Inc.
  • 10. Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 10 Listen to your data. Copyright © 2012, Splunk Inc.
  • 11. Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
  • 12. Network Operations Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 12 Listen to your data. Copyright © 2012, Splunk Inc.
  • 13. Computer Security Incident Response Team Investigations • Splunk – MAC address, User Name, Public and Private IP addresses • Set window around known time of infection • Result: insight into how, when and where host was compromised “Being able to put 1 parameter in and chasing it across the network is great! ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 13 Listen to your data. Copyright © 2012, Splunk Inc.
  • 14. Splunk 4.3 – Winner! • Bloom-filters • IPv6 support • Non-Flash UI • Historic Versions (whoops!) • JSON XML field extractions • Native Python and Java SDKs exciting Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 14 Listen to your data. Copyright © 2012, Splunk Inc.
  • 15. Future Plans • Synchronization with Active Directory • Identify financial aid fraud with correlation of event logs • Data mining webserver logs • Using Splunk for Institutional Research • Speed of light calculations on geoip data Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 15 Listen to your data. Copyright © 2012, Splunk Inc.
  • 16. Thank you! Tony "Pancakes" Maszeroski Information Security Manager Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 16 16 Listen to your data. Copyright © 2012, Splunk Inc.

Notes de l'éditeur

  1. Automated searches for certain conditions – what are those searches – Internal/External Firewalls
  2. ROI/PCO are huge right now - what need does it full fill - are there other products lower price same functionality. We did due diligence. Picked the right fit. (response time, transaction tracing) Challenges: No one was looking at security toolsWe knew we needed centralized logging..Because of the inefficiencies that were going around. Looking at logs in different systems for troubleshooting and forensics. Limited with Switches and routing – that could hold internal logs. We played around with i don't even know how many open source syslog applications. Splunk was brought to my attentionFree for 500 MB – let's throw it in and see how it works...about 4 yrs ago. Initially we were just using it for centralized log collectionBut it got more embedded into our operations“I am amazed at how easy it is to index and analyze data in Splunk.
  3. ROI/PCO are huge right now - what need does it full fill - are there other products lower price same functionality. We did due diligence. Picked the right fit. (response time, transaction tracing) Challenges: No one was looking at security toolsWe knew we needed centralized logging..Because of the inefficiencies that were going around. Looking at logs in different systems for troubleshooting and forensics. Limited with Switches and routing – that could hold internal logs. We played around with i don't even know how many open source syslog applications. Splunk was brought to my attentionFree for 500 MB – let's throw it in and see how it works...about 4 yrs ago. Initially we were just using it for centralized log collectionBut it got more embedded into our operations“I am amazed at how easy it is to index and analyze data in Splunk.
  4. Network knew what type of user you were – student, faculty staffWe needed to take 10. address space to cut it upNetwork Access Translation: private vs public address
  5. Alert goes out to campus policeIf it's wireless we put it up on a University map down to floor and roomNarrow down to a cable location
  6. Installing 4.3 was super easy2 yr effort to support ipv6 natively on campus.Analyzing Netflow data – which buckets that have which IP addresses
  7. Online MBA program, some other online programs less familiar.Dept education - dear colleague letter - concerned about financial aid fraud in higher edu. Some controls are comparing geo location from where they register, where they do their test, where they lived etc. etc.