Three Use Cases for Splunk

June 26, 2012
253 Views

The greatest source of potential use cases for technology is the user community. This is a great reason to attend events where customers are at the center of focus.

The greatest source of potential use cases for technology is the user community. This is a great reason to attend events where customers are at the center of focus. This was what last month’s Splunk Live DC was like. Splunk is a very user-focused capability and when you create a venue where users can exchange info it can be a particularly virtuous event.

The following are use cases from three Splunk customers. Splunk, as you probably know, derives knowledge and actionable information by indexing and searching machine data. Users at Splunk Live explained why they were so happy with the software by presenting three use cases. The users presenting there included Cisco, the U.S. Food and Drug Administration, and Defense. These use cases all point to the  use of Splunk to handle their machine data effectively and efficiently. Here is more:

  • Jeff Bollinger is an infosec investigator on the Cisco Computer Security Incident Response Team (CSIRT), which provides enterprise-wide security monitoring and incident response. With Splunk, CSIRT can look  everywhere for anomalies by collecting all event data. Without Splunk, such a holistic approach would be overwhelming for a network as large as Cisco’s. Using Splunk, CSIRT was able to counter the OSX Flashback virus and separate IT operations issues from  security issues. Bollinger added that he was able to do all of this without being a programming expert, as Splunk is intuitive to use and its scripting language easy to navigate. By gathering all the machine data and indexing it with time stamps, Splunk could provide historical data to discover who was infected once signs of an attack are discovered. Splunk’s indexing also helps with monitoring, metrics, and threat reporting.
  • The FDA got the most use out of Splunk through the Microsoft Exchange app, an example of the useful applications and add-ons that extend Splunk and make it easier to use. Microsoft Exchange handles mail, contacts, calendaring, and tasks, but the FDA did not have a way to monitor it to support security measures. With Splunk, the FDA could track inbound and outgoing messages, respond to requests in a timely manner, and enforce policy.
  • Jake Groth, the VP of Security Engineering and Architecture at Defense Point Security, talked about using Splunk to deliver Big Data and enterprise logging as a service. It does so by supporting component and enterprise visibility, role based access controls, a good user experience, scalability, predictable capacity planning, and reliability. That Splunk supports to many different use cases also helps provide a range of offerings for different communities.

For more on Splunk see our CTOlabs Write Up.

This post by AlexOlesker was first published at CTOvision.com.