Find It with Splunk, Fix It with Resolve: Your Solution for Enterprise-Wide Incident Response and Resolution Splunk Users – Across the Enterprise

Find it with Splunk, Fix it with Resolve: Your Solution for Enterprise-Wide Incident Response and Resolution Splunk Users – Across the Enterprise

Are you using Splunk Enterprise?

Are you using Splunk Enterprise Security?

Are you using Splunk ITSI?

Resolve Systems integrates and helps no matter which Splunk product(s) you use today. Incidents Impacting Businesses

The ability to respond to incidents and outages is critical to your business

This image cannot currently be displayed. This image cannot currently be displayed.

AWS: 5hr outage due Salesforce.com: Site JP Morgan: 76 Anthem: 87.6 million Equifax: PII was to human error takes down for 12hrs due million households individual records stolen for 143MM down Netflix, Reddit, to database incident and 7 million SMB’s compromised by people, which took 2 Airbnb and 1000’s of with severe business impacted by breach data theft months to detect more businesses impact

Many more high impact outages and breaches across verticals… End-to-End Incident Management

DETECT DIAGNOSE/INVESTIGATE RESOLVE VOLUME OF EVENTS

“Balance” Between Detection and Response

Network Mostly automated Manual, time consuming, and expensive

Systems Event Detection Analytics/ RESOLVED & Consolidation Correlation Machine Validation Diagnose Remediate Security Learning INCIDENT

Applications

Sensors KEY BUSINESS Increasing resolution time CHALLENGES Scarce skilled Supporting growing Risk to reputation and DATA & and cost hurting revenue, resources number of legal implications EVENTS customer satisfaction and systems/users with more declining budgets Resolve Systems: Incident Response and Automation

DETECT DIAGNOSE/INVESTIGATE RESOLVE VOLUME OF EVENTS Splunk “Finds It” Resolve “Fixes It”

Network Incident Response and Resolution

Systems Analytics/ Event Detection RESOLVED Correlation Machine Validation Diagnose Remediate & Consolidation INCIDENT Security Learning

ORCHESTRATION Applications AUTOMATION KNOWLEDGE

Sensors Enterprise Enterprise Security DATA & ITSI EVENTS And other SIEMs, Event Management, Ticketing,, Analytics, etc.

Across ALL IT, Network and Security Infrastructure and Systems Resolve Systems reduces the amount of time that it takes organizations to respond to, diagnose and remediate incidents across IT, Network & Security

• Unified process orchestration and automation platform • Fully-automated and unique human-guided automation • Prebuilt integrations, content and playbooks • “No-code,” “drag ‘n drop” automation development tools • Not rip-and-replace; extract significant value from existing investments • Proven success delivering, enabling and supporting the largest and most complex enterprises

17% 90% 5% 70% 30% Improvement in OPEX Improvement in MTTR YoY Reduction on Global IT Support Reduction of Incidents Related to Mission Reduction in headcount on P1 issues Spend Critical Enterprise Application What problem does Incident Response solve?

IT and NOC Security Incidents Unified Incident Response Automation

• High Volume of High Volume Ticketing Incidents First Responder Word | Sharepoint | Excel of False Alarms • Alert Fatigue Case Management Tracking • Manual and Adhoc IR Processes Events/Incidents • Inadequate Tools • Poor Security Controls

Processes • Manual Triage Analytics Capabilities • Limited Access Tickets/Chats/Calls/Emails Focus on Detection Increases Event Volume • Multiple IT Specialists IT TEAMS • Lengthy Time to Resolution DETECT DETECT DETECT • Minimal Tracking Server Email Firewall Actions/Queries/ Scripts Logs

Servers Apps Network DBs Intrusion Endpoint Email Firewall Web Content

IT AND SECURITY SYSTEMS AND DEVICES What problem does Incident Response solve?

IT and NOC Security Incidents Unified Incident Response Automation

Actions/Queries/ Scripts Logs

• Standardized Response Procedures Servers Apps Network DBs Intrusion Endpoint Email Firewall Web Content • Accelerated Incident Response • “Automat-ability” IT AND SECURITY SYSTEMS AND DEVICES • Maximize Effect of Scarce Security Resources Can all incident types be treated the same?

IT Incident Security Incident Types Types

Complex Extreme Risk Business Service Credit Card Services, IPTV Service, Data Exfiltration, Unauthorized Data Access Incidents

Service Multi-Vector Incidents Web-based application services Attacks DSL, DDOS, Ransomware

Resource Intensive

Resource High Business Impact Incidents CPU Load Issues, Link Down Triage Malware, Phishing Increasing Time to Resolve / Resources Simple, Simple, Repetitive Repetitive Password Resets Incidents Incidents Service Restarts Can all incident types be treated the same?

IT Incident Security Incident Types Types • How do you address the other 90-95% of Complex Extreme Risk Business incident types? Service Credit Card Services, IPTV Service, Data Exfiltration, Unauthorized Data Access Incidents • How can you reduce your Incident 90-95% of Service Multi-Vector incident Response Time? Incidents Web-based application services Attacks types DSL, DDOS, Ransomware • Requires more than just end-to-end Resource Resource Intensive automation Incidents CPU Load Issues, Link Down Triage Malware, Phishing • Requires process Simple, Simple, guidance, knowledge Repetitive Repetitive 5-10% of Password Resets incident management Incidents Incidents Service Restarts types End-to-End Automation End-to-End Automation Resolve: Key Capabilities

Unified Incident Process Automat-ability Playbooks and Enterprise-Class Response Experience Orchestration Automations Capabilities Single pane of glass for Consistent and standards-based Powerful human-guided Prebuilt processes and Scalable, redundant and all Incident Response process guidance, case automation and end-to-end automations with most available with proven success tasks, investigations, processes, management, decision trees and automation to automate common security and IT in the most complex and automation and notes instructions based on NIST SP incrementally and systems and “no code” largest organizations 800-61 rev2 pragmatically automation design tools Enterprise-Wide Incident Response & Automation Platform

IT, Network, Security Infrastructure

This image cannot currently be This image cannot currently be This image cannot displayed. displayed. currently be displayed. This image cannot currently be Get Started With Resolve Fast CONNECTORS AUTOMATION TEMPLATES PLAYBOOKS

This image cannot currently be displayed.

This image cannot currently be displayed. Resolve’s Easy to Use Tools for Automation & Orchestration Build within Hours, Deploy within Days Action Task Builder Decision Tree Builder

This image cannot currently be displayed. • Easily and quickly design and build This image cannot currently be displayed. • Quickly drag and drop new automated tasks using a questions, answers and configuration wizard including content and let Resolve action and assessment creation quickly generate your • Game changing intelligent parsing guided procedures • Use the same wizards to modify and reuse existing tasks

Page Builder Automation Designer

This image cannot currently be displayed. This image cannot currently be displayed. • Quickly build and test new • Build powerful resolution processes using drag and drop dashboards using a fully- and input/output featured page builder interface configuration • Combine the higher level process and lower level task views in one pane • Drag and drop new integrated sessions into your process People

This image cannot Find it with Splunk, Fix it with Resolve currently be displayed. — Enterprise-Wide Incident Management

Engineers & SMEs

This image cannot This image cannot currently be displayed. This image cannot When IT, Network and Security incidents happen: currently be displayed. currently be displayed.

1. Leverage the same engineers and SMEs to resolve Centralized 2. Gather information from the same systems Service Desk 3. Take actions on the same systems Dev Team

This image cannot This image cannot This image cannot currently be displayed. currently be displayed. currently be displayed.

Centralize Incident Response platform that can be leveraged across the entire enterprise NOC IT Ops SOC 1. Familiar user interface for all teams 2. Tool that takes actions and automations across Systems enterprise devices/systems 3. Share processes/knowledge from SME resources across the organization 4. Build once and re-usable automations Monitoring & Monitoring & Detection, SIEM Event Mgmt Ticketing Shared Incident Response Platform - Processes Core, IT & Security Infrastructure tailored for each team

Core Infrastructure IT Management Apps Security The Resolve Advantage

ü Cohesive Enterprise Incident Response Strategy for IT, Networks & Security

• Unified process orchestration, KM & automation for faster incident response • Closed-loop and human-guided automations to address all incident types

ü Designed for Rapid Time to Value

• Out of box automations, procedures and integrations for rapid kick-start • Next-gen automation dev tools including “no-code” and “drag ‘n drop” for fast custom development

ü Proven Enterprise Grade Platform

• Deployed in largest enterprises and service providers across all verticals • Handles millions of daily events

5 Splunk Apps Available in Splunkbase today - Fully Certified!