Copyright © 2016 Splunk Inc.
Moving From Data To Wisdom
Mark Runals Lead Security Engineer, The Ohio State University Disclaimer
During the course of this presenta�on, we may make forward looking statements regarding future events or the expected performance of the company. We cau�on you that such statements reflect our current expecta�ons and es�mates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward- looking statements made in the this presenta�on are being made as of the �me and date of its live presenta�on. If reviewed a�er its live presenta�on, this presenta�on may not contain current or accurate informa�on. We do not assume any obliga�on to update any forward looking statements we may make. In addi�on, any informa�on about our roadmap outlines our general product direc�on and is subject to change at any �me without no�ce. It is for informa�onal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obliga�on either to develop the features or func�onality described or to include any such feature or func�onality in a future release.
2 Mark Runals
4 yr Splunk User ArcSight admin for 3 yrs Worked in InfoSec for 10+ yrs 2015 SplunkTrust Member Ø Ge�ng data into Splunk isn’t the end game!
3 Outcomes
Paradigm to rethink data/analysis
Common framework for Admins & ‘Management’
Deeper apprecia�on for what Splunk is
4 DIKW Pyramid
Wisdom Applica�on / Applied knowledge
Knowledge What the data means
Informa�on What the data is
Data Bits & Bytes
5 Typical Business
Management Wisdom Conceptual Views Wisdom Lines of Business Service Health Knowledge Knowledge Data Analysis Gap Informa�on
Proxy System Admins System Centric Views N++ Data Component Health ….. Discreet SMEs
Vuln Scan
6 Typical Business
Management Wisdom Conceptual Views Wisdom Lines of Business Microso� Service Health Excel Knowledge Knowledge
Informa�on
Proxy System Admins System Centric Views N++ Data Component Health ….. Discreet SMEs
Vuln Scan
7 What Splunk Brings
Business insight from Wisdom opera�onally enriched data
Knowledge • Enrich data with business context • Powerful analy�c pla�orm • Correlate data across silos Informa�on • Dynamic query Proxy
Data ….. N++
Vuln Scan
8 Splunk Maturity Model
Real-�me Business Proac�ve Opera�onal Insight Visibility
Proac�ve Monitoring Search and Aler�ng and Similari�es to DIKW…. Inves�gate
Reac�ve 9 OSU Mobile App - Data
10 OSU Mobile App - Informa�on
11 OSU Mobile App - Knowledge
12 OSU Mobile App - Wisdom
13 Other Thoughts
• Leverage the Splunk Common Informa�on Model (CIM) Common ‘language’ across data types W • Use Knowledge Objects to bridge systems to services lookups, tags, even�ypes K
• Make alerts more ac�onable – not just What happened I Incorporate recipient’s ‘next’ ques�on (ie where, who) D
14 Final Thoughts
• Understand the difference between Measurements and Metrics Metric = combina�on of 2 or more measurements W • Administer Splunk with end state in mind • What are your use cases? K • What pain points are you trying to address? I • Help bridge the Informa�on and Knowledge analy�c gap Ø Key step in leveraging Splunk toward ‘Wisdom’ ends D
15 THANK YOU