Find it with Splunk, Fix it with Resolve: Your Solution for Enterprise-Wide Incident Response and Resolution Splunk Users – Across the Enterprise
Are you using Splunk Enterprise?
Are you using Splunk Enterprise Security?
Are you using Splunk ITSI?
Resolve Systems integrates and helps no matter which Splunk product(s) you use today. Incidents Impacting Businesses
The ability to respond to incidents and outages is critical to your business
This image cannot currently be displayed. This image cannot currently be displayed.
AWS: 5hr outage due Salesforce.com: Site JP Morgan: 76 Anthem: 87.6 million Equifax: PII was to human error takes down for 12hrs due million households individual records stolen for 143MM down Netflix, Reddit, to database incident and 7 million SMB’s compromised by people, which took 2 Airbnb and 1000’s of with severe business impacted by breach data theft months to detect more businesses impact
Many more high impact outages and breaches across verticals… End-to-End Incident Management
DETECT DIAGNOSE/INVESTIGATE RESOLVE VOLUME OF EVENTS
“Balance” Between Detection and Response
Network Mostly automated Manual, time consuming, and expensive
Systems Event Detection Analytics/ RESOLVED & Consolidation Correlation Machine Validation Diagnose Remediate Security Learning INCIDENT
Applications
Sensors KEY BUSINESS Increasing resolution time CHALLENGES Scarce skilled Supporting growing Risk to reputation and DATA & and cost hurting revenue, resources number of legal implications EVENTS customer satisfaction and systems/users with more declining budgets Resolve Systems: Incident Response and Automation
DETECT DIAGNOSE/INVESTIGATE RESOLVE VOLUME OF EVENTS Splunk “Finds It” Resolve “Fixes It”
Network Incident Response and Resolution
Systems Analytics/ Event Detection RESOLVED Correlation Machine Validation Diagnose Remediate & Consolidation INCIDENT Security Learning
ORCHESTRATION Applications AUTOMATION KNOWLEDGE
Sensors Enterprise Enterprise Security DATA & ITSI EVENTS And other SIEMs, Event Management, Ticketing,, Analytics, etc.
Across ALL IT, Network and Security Infrastructure and Systems Resolve Systems reduces the amount of time that it takes organizations to respond to, diagnose and remediate incidents across IT, Network & Security
• Unified process orchestration and automation platform • Fully-automated and unique human-guided automation • Prebuilt integrations, content and playbooks • “No-code,” “drag ‘n drop” automation development tools • Not rip-and-replace; extract significant value from existing investments • Proven success delivering, enabling and supporting the largest and most complex enterprises
17% 90% 5% 70% 30% Improvement in OPEX Improvement in MTTR YoY Reduction on Global IT Support Reduction of Incidents Related to Mission Reduction in headcount on P1 issues Spend Critical Enterprise Application What problem does Incident Response solve?
IT and NOC Security Incidents Unified Incident Response Automation
• High Volume of High Volume Ticketing Incidents First Responder Word | Sharepoint | Excel of False Alarms • Alert Fatigue Case Management Tracking • Manual and Adhoc IR Processes Events/Incidents • Inadequate Tools • Poor Security Controls
Processes • Manual Triage Analytics Capabilities • Limited Access Tickets/Chats/Calls/Emails Focus on Detection Increases Event Volume • Multiple IT Specialists IT TEAMS • Lengthy Time to Resolution DETECT DETECT DETECT • Minimal Tracking Server Email Firewall Actions/Queries/ Scripts Logs
Servers Apps Network DBs Intrusion Endpoint Email Firewall Web Content
IT AND SECURITY SYSTEMS AND DEVICES What problem does Incident Response solve?
IT and NOC Security Incidents Unified Incident Response Automation
• High Volume of High Volume Ticketing Incidents First Responder Word | Sharepoint | Excel of False Alarms • Alert Fatigue Case Management Tracking • Manual and Adhoc IR Processes Events/Incidents • Inadequate Tools • Poor Security Controls
Processes • Manual Triage Analytics Capabilities • Limited Access Tickets/Chats/Calls/Emails Focus on Detection Increases Event Volume • Multiple IT Specialists IT TEAMS • Lengthy Time to Resolution DETECT DETECT DETECT • Minimal Tracking
Actions/Queries/ Scripts Logs
• Standardized Response Procedures Servers Apps Network DBs Intrusion Endpoint Email Firewall Web Content • Accelerated Incident Response • “Automat-ability” IT AND SECURITY SYSTEMS AND DEVICES • Maximize Effect of Scarce Security Resources Can all incident types be treated the same?
IT Incident Security Incident Types Types
Complex Extreme Risk Business Service Credit Card Services, IPTV Service, Data Exfiltration, Unauthorized Data Access Incidents
Service Multi-Vector Incidents Web-based application services Attacks DSL, DDOS, Ransomware
Resource Intensive
Resource High Business Impact Incidents CPU Load Issues, Link Down Triage Malware, Phishing Increasing Time to Resolve / Resources Simple, Simple, Repetitive Repetitive Password Resets Incidents Incidents Service Restarts Can all incident types be treated the same?
IT Incident Security Incident Types Types • How do you address the other 90-95% of Complex Extreme Risk Business incident types? Service Credit Card Services, IPTV Service, Data Exfiltration, Unauthorized Data Access Incidents • How can you reduce your Incident 90-95% of Service Multi-Vector incident Response Time? Incidents Web-based application services Attacks types DSL, DDOS, Ransomware • Requires more than just end-to-end Resource Resource Intensive automation Incidents CPU Load Issues, Link Down Triage Malware, Phishing • Requires process Simple, Simple, guidance, knowledge Repetitive Repetitive 5-10% of Password Resets incident management Incidents Incidents Service Restarts types End-to-End Automation End-to-End Automation Resolve: Key Capabilities
Unified Incident Process Automat-ability Playbooks and Enterprise-Class Response Experience Orchestration Automations Capabilities Single pane of glass for Consistent and standards-based Powerful human-guided Prebuilt processes and Scalable, redundant and all Incident Response process guidance, case automation and end-to-end automations with most available with proven success tasks, investigations, processes, management, decision trees and automation to automate common security and IT in the most complex and automation and notes instructions based on NIST SP incrementally and systems and “no code” largest organizations 800-61 rev2 pragmatically automation design tools Enterprise-Wide Incident Response & Automation Platform
IT, Network, Security Infrastructure
This image cannot currently be This image cannot currently be This image cannot displayed. displayed. currently be displayed. This image cannot currently be Get Started With Resolve Fast CONNECTORS AUTOMATION TEMPLATES PLAYBOOKS
This image cannot currently be displayed.
This image cannot currently be displayed. Resolve’s Easy to Use Tools for Automation & Orchestration Build within Hours, Deploy within Days Action Task Builder Decision Tree Builder
This image cannot currently be displayed. • Easily and quickly design and build This image cannot currently be displayed. • Quickly drag and drop new automated tasks using a questions, answers and configuration wizard including content and let Resolve action and assessment creation quickly generate your • Game changing intelligent parsing guided procedures • Use the same wizards to modify and reuse existing tasks
Page Builder Automation Designer
This image cannot currently be displayed. This image cannot currently be displayed. • Quickly build and test new • Build powerful resolution processes using drag and drop dashboards using a fully- and input/output featured page builder interface configuration • Combine the higher level process and lower level task views in one pane • Drag and drop new integrated sessions into your process People
This image cannot Find it with Splunk, Fix it with Resolve currently be displayed. — Enterprise-Wide Incident Management
Engineers & SMEs
This image cannot This image cannot currently be displayed. This image cannot When IT, Network and Security incidents happen: currently be displayed. currently be displayed.
1. Leverage the same engineers and SMEs to resolve Centralized 2. Gather information from the same systems Service Desk 3. Take actions on the same systems Dev Team
This image cannot This image cannot This image cannot currently be displayed. currently be displayed. currently be displayed.
Centralize Incident Response platform that can be leveraged across the entire enterprise NOC IT Ops SOC 1. Familiar user interface for all teams 2. Tool that takes actions and automations across Systems enterprise devices/systems 3. Share processes/knowledge from SME resources across the organization 4. Build once and re-usable automations Monitoring & Monitoring & Detection, SIEM Event Mgmt Ticketing Shared Incident Response Platform - Processes Core, IT & Security Infrastructure tailored for each team
Core Infrastructure IT Management Apps Security The Resolve Advantage
ü Cohesive Enterprise Incident Response Strategy for IT, Networks & Security
• Unified process orchestration, KM & automation for faster incident response • Closed-loop and human-guided automations to address all incident types
ü Designed for Rapid Time to Value
• Out of box automations, procedures and integrations for rapid kick-start • Next-gen automation dev tools including “no-code” and “drag ‘n drop” for fast custom development
ü Proven Enterprise Grade Platform
• Deployed in largest enterprises and service providers across all verticals • Handles millions of daily events
5 Splunk Apps Available in Splunkbase today - Fully Certified!
16