AWS Agility + Splunk Visibility = Cloud Success Splunk App for AWS Demo Laura Ripans, AWS Alliance Manager
AWS Agility + Splunk Visibility =
Cloud Success
Splunk App for AWS Demo
Laura Ripans, AWS Alliance Manager
Disruptive innovation and
business transformation starts with data
3
I HAVE BEEN GIVEN AN AWS ACCOUNT!!!
Why is Splunk Important For AWS Customers?
4
“You can’t protect what you can’t see.”
Best Practices for Securing Workloads in Amazon Web Services
Gartner, April 2015
Neil MacDonald, Greg Young
“Security monitoring will make or break a technology risk management program.”
“Security requires visibility.”
Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment
IDC, July 2015
Pete Lindstrom
Amazon Web Services
“Intro to AWS Security”
2015 AWS Summit Series
Extrapolating…
5
“You can’t operate what you can’t see.”
“You can’t manage cost for what you can’t see.”
“You can’t gain business analytics for what you can’t see.
IT Operations• What is my EBS footprint and posture
across all my accounts and all my regions?
• Who started/stopped/restarted what instances and when?
• What EC2 instances are underutilized and perhaps overprovisioned?
• What is the traffic volume into my VPC and where is it originating from?
• Why are certain resources unreachable from certain subnets/VPCs?
• List resources with missing or non-conforming tags
Security• Who added that rule in the security
group that protects our application servers?
• Where is the blocked traffic into that VPC coming from?
• What was the activity trail of a particular user before and after that incident?
• Alert me when a user imports key-pairs or when a security group allows all ports
• What instances are provisioned outside of a VPC, by whom and when?
• What security groups are defined but not attached to any resource?
Detailed Use CasesCost Management
• How many instances am I running?
• What reserved instances have I purchased in the past?
• What is my reserved instance utilization?
• How much am I paying per account?
• How much am I using per service across all accounts?
• How many reserved instances should I buy based on usage?
• Is this account within budget this month, and how has it tracked in the last year?
7
True End State: Complete Hybrid Visibility
Index Untapped Data: Any Source, Type, Volume
Online Services
Web Services
ServersSecurity GPS
Location
StorageDesktops
Networks
Messaging
TelecomsOnline
Shopping Cart
Web Clickstreams
Databases
Energy Meters
RFID
On-Premises
Private Cloud
End-to-End Visibility
Application Delivery
Security, Compliance, and Fraud
IT Operations
Business Analytics
Industrial Data andthe Internet of Things
Public Cloud
Config
Lambda
EC2
Containers
CloudTrail
End State: Comprehensive AWS Visibility
Splunk App for AWS
Explore Analyze Dashboard Alert
AWS Data Sources
EC2
EMR
Kinesis
R53
VPC
ELB
S3
CloudFront
CloudTrail
CloudWatch
Redshift
SNS
API Gateway
Config
RDS
CF
IAM
Lambda
8
Act
9
Name Brief Description Notes
CloudTrail API activity audit trail Low Volume/High Value
Config Change management data Low Volume/High Value
Config Rules Configuration rule check/evaluation Low Volume/High Value
CloudWatch Metrics System/Service metrics data High Volume
CloudWatch Logs Service or application logs High Volume
VPC Flow Logs VPC/“Firewall” logs High Volume
Detailed BillingSpending information for each service and
account High Value
ELB Elastic Load balancer logs High Volume
CloudFront Content delivery network access logs High Volume
S3 S3 bucket access logs High Volume
S3 (ANY) Any service or application that logs into S3 High Volume
Lambda Event driven computation framework High Volume
Inspector Security scan/assessment Low Volume/High Value
Kinesis Streams Generic streaming data High Volume
IoT IoT device data High Volume
SQS Simple queuing service High Volume
MetadataCustom Splunk-side collector of metadata
about AWS environment High Volume
Supported* List of AWS Services ad Splunk Data
Sources
*Non-inclusive list. More services may be supported via in-direct ingest method
Splunk App for AWS: The Value
10
Security Topology Timeline
Usage Insights Billing
• View user activity
• Gain a full audit trail
• Detect anomalous behavior
• View EC2 utilization metrics
• View by account, region, instance
• Supports numerous AWS services
• Visualize your AWS Environment
• View resource relationships
• Gain playback history
• Compare and correlate events
• View in a time-series ribbon
• Accelerate investigations
• Leverage machine learning toolkit
• Gain billing recommendations
• Detect security and billing anomalies
• Gain view into resource cost
• Improve RI planning / utilization
• Monitor actual spend vs. forecast
Enhance AWS Security with Splunk
11
AWS Well Architected Framework
● Stop guessing your capacity needs
● Test systems at production scale
● Automate to make architectural experimentation easier
● Allow for evolutionary architectures
● Data-Driven architectures
● Improve through game days
12
Splunk’s AWS Credentials
• AWS Advanced Technology Partner
• AWS Big Data Competency
• AWS Security Competency
• AWS Government Competency
• AWS IoT Competency
• AWS MSP Technology Provider
• AWS Marketplace BYOL & Private Pricing Partner
• AWS IoT Launch partner for IoT analytics
• AWS Security by Design Program Partner
• 1st partner with published Blueprints for AWS Lambda
• 1st partner to pass SaaS extension for Well Architected framework
Demo
Thank You