Building*aSplunk* Business*Case** for*Security* · Splunk> * Business*Value*ConsulAng*Mission* To*help*customers,*prospects*and*partners*documentthe* potenal and*alreadyrealized...

Copyright  ©  2014  Splunk  Inc.  

David  Caradonna  Manager  Best  PracAces,  Value  ConsulAng,  Splunk  

Building  a  Splunk  Business  Case    for  Security  

Disclaimer  

2  

During  the  course  of  this  presentaAon,  we  may  make  forward  looking  statements  regarding  future  events  or  the  expected  performance  of  the  company.  We  cauAon  you  that  such  statements  reflect  our  current  expectaAons  and  

esAmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,  

please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaAon  are  being  made  as  of  the  Ame  and  date  of  its  live  presentaAon.  If  reviewed  aQer  its  live  presentaAon,  this  presentaAon  may  not  contain  current  or  accurate  informaAon.  We  do  not  assume  any  obligaAon  to  update  any  forward  looking  statements  we  may  make.  In  addiAon,  any  informaAon  about  our  roadmap  outlines  our  general  product  direcAon  and  is  subject  to  change  at  any  Ame  without  noAce.  It  is  for  informaAonal  purposes  only  and  shall  not,  be  incorporated  into  any  contract  or  other  commitment.  Splunk  undertakes  no  obligaAon  either  to  develop  the  features  or  funcAonality  described  or  to  

include  any  such  feature  or  funcAonality  in  a  future  release.  

3  

Today’s  Speaker  David  Caradonna  Manager,  Value  ConsulAng  Best  PracAces  Splunk>  

 Business  Value  ConsulAng  Mission  To  help  customers,  prospects  and  partners  document  the  poten0al  and  already  realized  business  value  of  making  machine  data  accessible,  usable  and  valuable  to  everyone.  

Experience:          25  years  IT  Experience;          15  years  IT  OperaAons;          7  years  Value  ConsulAng  

Today’s  Agenda  

4  

!   A  day  in  the  life  of  an  IT  security  professional  !   Value  opportuniAes  with  Splunk  !   The  Splunk  IVA  tool  !   A  5-­‐step  process  you  can  use  to  build  your  business  case    

5  

1.   Constant  Triage  of  security  events  

2.   Cri0cal  Decision  on  whether  an  event  is  worthy  of  deeper  invesAgaAon  

3.   Deep  Dive  invesAgaAon  of  defined  incidents  

Security  Analyst  –  Part  I  

Source:    2013  Cyber  Security  Intelligence  Index    

6  

4.   Ongoing  Support  of  scheduled  audit  acAviAes  –  internal  and  external  

5.   Timely  Resolu0on  of  audit  findings  

6.   Con0nuous  Compliance  monitoring  and  reporAng  using  best  pracAce  frameworks  

Security  Analyst  –  Part  II  

GLBA    Gramm-­‐

Leach-­‐Bliley  Act  

Sarbanes-­‐Oxley    Act  

Health  Insurance  

Portability  and  Accountability  

Act  

Payment  Card  Industry  Data  

Security  Standard  

Common  Challenges  

7  

!   No  rapid  &  flexible  search  from  massive  log  files  !   No  visualizaAon,  no  correlaAon,  no  alert  based  on  log  analyAcs  !   No  Enterprise  SIEM,  each  team  has  silo’d  soluAons  that  collect  logs  !   Administrators  cannot  analyze  logs  efficiently  !   Higher  risk  for  APTs  leading  to  concerns  with  data  breach    

8  

Assess  Risk  

Deep  Analysis  

Monitor  Controls  

Audit  &  Comply  

Value  Opportuni0es  with  Splunk  

Con0nuous  compliance  on  ALL  components  and  policies  resulAng  in  faster  and  simpler  audits  

Faster  implementa0on  of  criAcal  security  controls  (ex:  SANS  20)  across  ALL  layers  of  the  organizaAon  ulAmately  resulAng  in  full  enterprise  visibility  and  significant  reducAon  in  risks  

Faster  deep  dive  inves0ga0on  on  events  and  ahacks  that  require  further  proacAve  and  reacAve  analysis  

Faster  1st  level  triage  on  ALL  security  events/ahacks  with  less  resources    as  opposed  to  reviewing  only  a  subset  of  events  

9  

Key  Security  &  Compliance  Metrics  70%  to  90%  improvement  with  detecAon  and  research  of  events  

70%  to  95%  faster  invesAgaAon  of  security  incidents  

10%  to  30%  lower  risks  with  data  breaches,  fraud  and  IP  theQ  

70%  to  90%  reducAon  in  compliance  labor  

Reduced  invesAgaAon  effort  by  more  than  75%  

Reduced  the  Ame  to  report  on  SAS70  compliance  by  83%  

Reduced  the  number  of  security  incidents  by  80%  

10  

The  HOW?  Best  PracAce  Guidelines  

Refer  to  the  Splunk  SANS  20  whitepaper  for  detailed  use  cases  and  examples  of  how  customers  use  Splunk  for  security  to  achieve  the  anAcipated  improvement  with:  

ü  Faster  Detec0on  of  Security  Events  ü  Faster  Research  and  Inves0ga0on  ü  Reduced  Risks  with  Data  Breach  and  IP  The[  

Building  your  Own  Security    Business  Case  

12  

Why  Build  a  Business  Case?  

Most  investments  today  require  one  

Analysts  recommend  focusing  on  business  impact  and  value  

Most  effec9ve  way  to  reason  the  need  for  change  

Establishes  project  priority  &  urgency  

Worth  à    Priority  à    Budget    à    Baseline  

13  

Things  to  Remember  A  business  case  ROI  is  not  based  on  exact  science,  esAmaAon  of  key  

performance  indicators  is  acceptable  

However,  KPIs  should  always  be  believable  and  defendable  

either  based  on  true  empirical  data  from  your  system,    

or  derived  from  industry  benchmarks  or  customer  use  cases  

Benchmarks,  Case  Studies,  White  Papers  should  always  be  embedded  into  your  case  

14  

Interac0ve  Value  Assessment  -­‐  IVA  

•  Built-­‐in  industry  best  pracAces  •  Relies  on  Splunk  Customer  Case  Studies  •  Facilitates  decisions  based  on  published  benchmarks  

the  Splunk  IVA  tool  

15  

Complete  a  defendable  Security  Business  Case  ROI  in  just  a  few  hours!  

Easy  steps  

16  

Capture  Baseline  KPIs  1  

•  # of security attacks/events per week •  # operators conducting 1st level triage (SOC)

•  # security incidents per week •  # people involved in incident investigations •  average duration of security incidents

•  $ impact from fraudulent transactions •  Online survey for data breach risk calculation

•  # audit activities per year •  # people hours involved per audit activity

17  

Review  Benefit  Calcula0ons  2  

›  Labor  Savings  with  •  Faster    triage  of  events  by  1st  level  staff  •  Faster  InvesAgaAon  of  Minor,  Moderate,  

and  Complex  Security  Incidents  •  Automated  and/or  streamlined  audit  

compliance  acAviAes  

›  Risk  Savings  with  •  ReducAon  in  fraudulent  transacAons  

•  ReducAon  in  risk  of  data  breach  •  ReducAon  in  risk  of  IP  theQ  

Automated  calculaAons  

18  

The  Anatomy  of  a  Benefit  Calculator  

19  

3   Right  Size  your  Value  

Faster  DetecAon  

70%  

Faster  InvesAgaAon  

75%  

Lower  Risks  

30%  

Adjust the levels of anticipated improvement for each Benefit Area

Decide whether your case should be

–  Conservative –  Probable –  Optimistic

Faster  ReporAng  

80%  

Assess your investment –  Splunk Licenses –  Splunk Training –  Professional Services –  Hardware –  Support Staff

20  

4   Forecast  Your  Cost  

Verify your payback period –  Reasonable payback is typically between 6 to 12 months

21  

5   Build  an  Execu0ve  Summary  

•  The  IVA  automaAcally  provide  CxO  ready  slides  that  can  be  copied  into  a  PPT  deck  

•  Leverage  our  Real-­‐world  Business  Case  Example  as  a  template  to  create  your  own  report!  

Value  Consul0ng  Prac0ce  

22  

IT  OperaAons  Management   Industrial  Data  /  Internet  of  Things  

Digital  Intelligence  

Business  AnalyAcs  

ApplicaAon  Delivery  

LOB  Owners/  Execu0ves  

System  Administrator  

Opera0ons  Teams  

Security  Analysts  

IT    Execu0ves  

Applica0on  Developers   Auditors   Website/Business  

Analysts  Customer  Support  

Security  and  Compliance  

Want  the  know  more?  

Stop  by  the  Rapid  Adop0on  Center  to  learn  more  about  our  Value  Services  and  how  a  business  case  can  help  you  accelerate  your  adopAon  of  Splunk!  

23  

THANK  YOU