Zoom Scales Security Capabilities with Splunk and AWS

SEC 329- S Zoom scales security capabilities with Splunk and AWS

Richard Farley Jordan Harris Chief Information Security Officer Regional Sales Manager Zoom Splunk

The Data-to-Everything Platform What Zoom needed How Splunk helped Securing the AWS environment Scaling for the future Key takeaways Custom applications TURN DATA INTO DOING APM

Web Call detail services records

Messaging Networks Reduced downtime

RFID Firewall

Web Continuous threat remediation Databases clickstreams

Social GPS media location Smarter production insight

Servers Smartphones and devices

Energy Online Application uptime meters shopping cart

Storage Containers

Online Tracing services

Security

Telecoms Splunk delivers a holistic approach to turning data into business outcomes

Business IT Security DevOps Developers analytics

Analyze with differentiated AI and ML

Splunk Data-to-Everything Platform On premises Cloud Investigate the expanding data universe

Deployment options • Do you know what’s happening? • Can you turn data into action? • How do you build for the future? AMPLIFY YOUR DATA’S IMPACT IT Business Security

SERVER ENERGY & HVAC APP

APPLICATION SECURITY SERVER BUILDING SENSORS NETWORK FIREWALL

• SIEM • Monitoring • Forensics • Capacity planning • PCI/GDPR • RCA/PIR • Etc. • Etc. Wi-Fi Splunk Enterprise and Splunk Cloud Deliver management at scale for a fully observable enterprise

Expansive Faster, easier, Manageability Fast time to data access more intuitive at scale value with analytics cloud

Search, Analytics Workspace, Monitoring, Features Immediately Metrics and Events Connected Experience, SmartStore, Available on Splunk Cloud Natural Language Platform, Workload Management, New Dashboards and Visualizations, Security Access & Control, Machine Learning Toolkit Operator for Kubernetes, Python 3.7 Migration Splunk at the Heart of Security

Enhance threat visibility Accelerate incident response Scale your resources Security Use Cases

Incident Security response & SOC monitoring automation

Advanced & Compliance & insider threat data privacy detection

Incident Fraud analytics investigation & & detection forensics DATA CHALLENGES OF THE FUTURE

EMPOWERING ENABLING EMBRACING DATA FASTER DATA WHERE ACCESS DECISIONS IT LIVES

Scale and growth

• 85+ billion meeting minutes, annualized • 2,200+ employees in 10+ global offices • ~2x annual growth (multiple metrics) • Hybrid public/private cloud operating in 35+ global datacenters/regions • 66K+ customers with 10+ employees Global datacenters & POPs – Performance and reliability 300+ products & significant features shipped in 12 months

Zoom Phone Zoom Rooms Meetings Chat Video Webinar App Marketplace /Integrations • Introduced Zoom Phone • View in-meeting • Virtual background • Client UI redesign • Native HubSpot & • Introduced App • Upgrade Zoom Phone public chat without green screen • Star individual messages, Marketo integrations Marketplace call to a meeting • Support for waiting room • Recording consent contacts, and chat • Post webinar survey • 150+ apps & bots • Suppress incoming calls • 1080p support for • Video preview channels • Dial-in (phone-only) • Google calendar add-on while in a meeting video sharing • Capacity increase • Alert when available attendees can raise • MS teams • Transfer to voicemail • One-click to join third-party • Default password for • Bot infrastructure hand/allow to talk • Slack • Automatic call recording meetings meeting • OneDrive • Call delegation and • Scheduling display: • Breakout rooms: Closed • Dropbox shared lines Reserve other rooms and captioning and preassign • Salesforce • Support 50+ phones view floor map rooms • Atlassian • Contact center and • Zoom Device Management • Audio watermarks • Cornerstone Salesforce integrations (ZDM) • Support for multiple • Calendly • BYOC • Digital signage: Split screen pages on whiteboard • New APIs and SDKs • E911 and widgets • Select a secondary audio • O365/Gmail contact • People count device for ringer integration • Zoom Room use based on • Audio coverage expansion • VDI and Linux apps checked-in and released (20+ dial-in countries, • Dashboard reports 16+ call-out countries) on usage • Sip connected audio • Intelligent mute detection Security & compliance What did Zoom need?

Started with 20 GB New SIEM needed Splunk + AWS = Splunk license for scalability success

Zoom needed a tool that could help scale with the demands of the business while protecting the SOC

Migrating to AWS for the SOC allowed better scalability and monitoring Scaling with AWS

Global data Secure Flexibility consumption environment

● Going to the cloud scales, ● Co-located datacenters ● Separating security flexibility (15–16) to connect anywhere infrastructure from the ● Saw value in having ability – mobile, desktop, etc. rest of the infrastructure, to run Splunk in a separate ● Datacenters all over the which works for some VPC on AWS outside world, need to get data from companies that are higher physical datacenters the datacenters quickly, so potential targets for ● Large portion of logs run AWS made the most sense compromised activities on AWS, so scaling to AWS ● Amazon CloudWatch Logs made sense and all AWS service logs and application logs ● Amazon S3 buckets for video Securing environment with Splunk

Secure Flexibility Scalability Environment

● Scalability and flexible ● Splunk implementation is for ● Splunk is a leader in deployment model SOC processes, gathering security ● Capabilities with point for all security ● Detect threats before they integrating with existing instrumentation to correlate happen systems: Ticketing, CMBB events from various points of ● Visibility into all infrastructure applications ingesting data into Splunk By the numbers

100% 500+ GB 30–40

● Zoom is 100% cloud ● 500 GB/day of data ● Number of data for IT – don’t run IT because of Zoom sources ingested on applications in growth rate an average day datacenters ● Splunk driving ● Ingesting AWS ● Firewall and IDS and SecOps for Zoom services, applications antivirus monitoring; service (SaaS) and within AWS, endpoint protection, corporate IT systems/servers SSO data infrastructure outside AWS logs Securing AWS environment Tl;dr THE PROBLEM ● Zoom is high-scale and rapid growth, leveraging AWS and co-located datacenters ● Needed a tool and infrastructure that could support and scale with Zoom’s growth

THE SOLUTION ● Deployed and implemented Splunk in the cloud as the preferred tool for aggregating security information and events to provide visibility and predictability ● Leveraging Splunk to drive SOC processes for identifying, detecting, responding to, and recovering from security incidents

THE HOW ● Leveraged AWS Marketplace for efficient procurement process ● Opted into AWS ISV Workload Migration Program for infrastructure cost coverage “With Splunk, we were able to eliminate blind spots in a cost- efficient manner and predict threats before they happened.”

—Richard Farley Chief Information Security Officer, Zoom Communications, Inc.

• Consider separating out your security infrastructure from the rest of your infrastructure • Leverage single pane of glass tools, such as Splunk, to help SOC team stay productive • Don’t just think about how you protect your environment now, think about how to scale for the future, and invest in a tool and infrastructure that can scale for the future • Customer data protection is not just a security team priority, it’s everyone’s priority Join us at Topgolf tonight!

Don’t forget your AWS re:Invent badge for entry

When? Where? December 4, 2019 Topgolf Las Vegas 7:30PM – 10:30PM 4627 Koval Ln Las Vegas, NV 89109 Thank you!

Visit Splunk Booth #3003