Copyright © 2016 Splunk Inc. Moving From Data To Wisdom Mark Runals Lead Security Engineer, The Ohio State University Disclaimer During the course of this presentaon, we may make forward looking statements regarding future events or the expected performance of the company. We cauJon you that such statements reflect our current expectaons and esJmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward- looking statements made in the this presentaon are being made as of the Jme and date of its live presentaon. If reviewed aer its live presentaon, this presentaon may not contain current or accurate informaon. We do not assume any obligaon to update any forward looking statements we may make. In addiJon, any informaon about our roadmap outlines our general product direcJon and is subject to change at any Jme without noJce. It is for informaonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaon either to develop the features or funcJonality described or to include any such feature or funcJonality in a future release. 2 Mark Runals 4 yr Splunk User ArcSight admin for 3 yrs Worked in InfoSec for 10+ yrs 2015 SplunkTrust Member Ø Geng data into Splunk isn’t the end game! 3 Outcomes Paradigm to rethink data/analysis Common framework for Admins & ‘Management’ Deeper appreciaon for what Splunk is 4 DIKW Pyramid Wisdom Applicaon / Applied knowledge Knowledge What the data means Informaon What the data is Data bits & bytes 5 Typical business Management Wisdom Conceptual Views Wisdom Lines of Business Service Health Knowledge Knowledge Data Analysis Gap Informaon Proxy System Admins System Centric Views N++ Data Component Health ….. Discreet SMEs Vuln Scan 6 Typical business Management Wisdom Conceptual Views Wisdom Lines of Business MicrosoR Service Health Excel Knowledge Knowledge Informaon Proxy System Admins System Centric Views N++ Data Component Health ….. Discreet SMEs Vuln Scan 7 What Splunk brings business insight from Wisdom operaonally enriched data Knowledge • Enrich data with business context • Powerful analyJc plaorm • Correlate data across silos Informaon • Dynamic query Proxy Data ….. N++ Vuln Scan 8 Splunk Maturity Model Real-Jme Business Proacve Operaonal Insight Visibility ProacJve Monitoring Search and AlerJng and Similari'es to DIKW…. InvesJgate Reac%ve 9 OSU Mobile App - Data 10 OSU Mobile App - Informaon 11 OSU Mobile App - Knowledge 12 OSU Mobile App - Wisdom 13 Other Thoughts • Leverage the Splunk Common Informaon Model (CIM) Common ‘language’ across data types W • Use Knowledge Objects to bridge systems to services lookups, tags, evennypes K • Make alerts more acJonable – not just What happened I Incorporate recipient’s ‘next’ quesJon (ie where, who) D 14 Final Thoughts • Understand the difference between Measurements and Metrics Metric = combinaon of 2 or more measurements W • Administer Splunk with end state in mind • What are your use cases? K • What pain points are you trying to address? I • Help bridge the Informaon and Knowledge analyJc gap Ø Key step in leveraging Splunk toward ‘Wisdom’ ends D 15 THANK YOU .