ISS demonstrates their cloud journey with impressively fast time to value

1. 1
Splunk@ISS
SplunkLive! Stockholm 2019

2. About ISS
Founded in 1901, ISS is one of the world’s
leading facility services companies
We are a global provider of workplace
management and facility services.
We service and maintain customers’
facilities, helping to create workplaces that
are pleasant, safe and nurturing for their
employees and visitors.
2

3. Activities in 74 countries
485,908 employees
130+ different languages spoken
Among the world’s 10 largest
private employers
Our Global Platform
3

4. Our Service Offering
• Daily Office Cleaning
• Janitorial Services
• Washroom Services
• Dust Control
• Industrial Cleaning
• Street Cleaning
• Clean Room Services
• Green Cleaning
• Reception Services
• Office Logistics
• Call Centre
• Mail-room Services
• Shipping & Receiving
• Reprographics & Xerox
• Document Handling
• Transportation (logistics)
• Warehouse Services
• Operations & Maintenance
• Landscaping
• Pest Control
• Project Management
• Moves and Changes
• M & E
• Energy Management
• Company Restaurants
• Canteen Services
• Executive Dining
• Coffee / Beverage Service
• Vending
• Fruit Deliveries
• Conference Room
Services
• Access Control
• Concierge Services
• Mobile Patrols
• Alarm Response Services
• Emergency First
• Risk Consulting
• Guard Services
Cleaning Services Support Services Catering Services Security ServicesTechnical Services
Facility Management
4

5. Our Strategy Key Accounts
We want to build the large and global key-
accounts
The current business strategy is to cultivate large,
global accounts and grow these.
We will endeavor to get more like these either by
bidding or growing small local accounts with large
potential.
5

6. Global Information Security
How we support the strategy:
• Create visibility
• Enable compliance
• Secure the IT environment
• Drive Information Security Projects
• Advise and support business units
• IoT
• Architecture
• Controls
• And a lot more 
7

7. Who is Global Information Security
8
Contact: gis@group.issworld.com
All started Nov 2018 to Jan 2019
(Except David)
We replaced a team of one man
We are terribly busy
Additionally ISS has 20+ persons around
the world working with IS
(part-time for many)

8. Splunk Estate
Splunk Cloud (150GB)
Heavy Forwarder(s)
Many Universal forwarders
Many syslog sources
Many Apps and add-ons
Enterprise Security
Possibly ITOps
9

9. Why Splunk?
10
Basic Security
Monitoring
• Splunk is the leading vendor in providing centralized security information and event management (SIEM),
• According to Gartner Group (leading market analyst company) Splunk are the leading vendor 6 years in a row, and got the
highest scores across several areas in their MQ companion report.
• Splunk is used by 90% of the fortune 100 companies in the US and several of our global key accounts (see following
reference slide)
• A benefit with Splunk, is that it is well known in the market, therefor there are many people with Splunk skills already, some of
our existing internal IT resources even have the necessary skills, thereby elimination the need for a large upfront training cost.
• Splunk is the largest neutral and open security platform provider, with over 850 integrations for other IT and IT security vendors.
Thereby not locking ourselves in with just one main security vendor, which can be a risk in the modern cyber security world.
• Splunk can be used on-premises, in AWS/Azure/Google or in their own cloud. Their cloud is even ISO 27001 and SOC 2 compliant,
plus offers 100% uptime SLA, data availability in the relevant regions, where ISS are present.
• Splunk provides us with a platform that can support our security and compliance journey, not only supporting visibility for the
short term, but also advanced detection for out- and insider threats + potential automation for the long term, which in the end
will help us to reduce costs and improve our overall security and compliance + confirm that the Splunk platform is the right choice
for both the short and long term.
• Splunk is a data platform, that that can be utilized across the company for optimizing both IT security, compliance, IT operations,
data analytics and IOT, thereby providing us with a low TCO and high ROI.
Complex Security
Monitoring

10. Why Splunk
Support visibility in the organization
Provide the basis for SoC work
Provide compliance (Customer requirements as well as frameworks)
Central log monitoring and alerting (from a very diverse environment)
ES module for security visibility and correlation
11

11. Splunk Cloud
• Splunk Core and Enterprise Security (SIEM)
• Based in Splunk Cloud, which has a 100% up-time SLA, multiple datacenters within the EU,
SOC 2 and ISO 27000 compliant
• Data is encrypted both in transit and at rest
• Data is then stored for 90 days, retention time can be longer at a cost
• Data can also be exported to long term storage of our choice
• 100% uptime
• Splunk support instal l apps and add-ons
No operations hassels
12

12. Results so far - 5 months in
Found five security hotspots in the company
Reduced the number of brute force attempts on the estate
Able to report on compliance in a number of areas
Started Threat intel detection (Not hunting yet)
Support dashboards for incident response playbooks
Micro SoC established
Gaining support from the business units
Wrote several addons, and working on ticket integration
Actively using Splunk to support IR
13

13. Security Future and recommendations
The Future
Ingest more logs to establish more
coverage of current use cases
Establish SoC (buy as a Service)
Establish Use Cases (Hopefully we can
get some from vendor)
Establish Play books (Hopefully vendor
has some framework we can use)
Automate (SOAR) (Either from vendor or
establish our own to integrate with vendor)
Recommendations
Think about what you want out of it before
ingesting
Limit logs to relevant entries (use routing)
14

14. Splunk IT Operations - future
This is dependent on the operations people having success, but I see the
following quick wins:
• Support customer facing systems
• Reduce Time to Fix/Repair
• Provide visibility into causes
• Improve processes based on causes and Fixes
15

15. 16
Q&A

16. Thank you
18