Adaptive Response Is Essential As Demonstrated At Splunk.conf 2016 – Chuck Leaver

Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO

 

All the most recent greatness from Splunk

Recently I participated in the annual Splunk conference in the fantastic sunshine state – Florida. The Orlando-based occasion permitted Splunkers from all over the world to acquaint themselves with the most recent and greatest offerings from Splunk. Although there were a variety of enjoyable activities throughout the week, it was clear that participants existed to discover new things. The statement of Splunk’s security-centric Adaptive Response effort was popular and so happens to integrate rather nicely with Ziften’s endpoint system.

In particular, the “Transforming Security” Keynote Address presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s brand-new Adaptive Response interface to thousands of attendees.

In the clip below extracted from that Keynote, Monzy Merza exhibits how crucial data supplied by a Ziften agent can likewise be used to enact bi-directional performance from Splunk by sending instructional logic to the Ziften agent to take immediate actions on a jeopardized endpoint. Monzy had the ability to successfully determine a jeopardized Linux server and remove it from the operational network for more forensic examination. By not only supplying crucial security data to the Splunk instance, however also enabling the user to remain on the very same user interface to take operational and security actions, the Ziften endpoint agent enables users to bi-directionally make use of Splunk’s powerful structure to take instant action across all running systems in an exacting way. After the talks our cubicle was swamped with demos and incredibly intriguing conversations concerning operations and security.

Take a look at a three minute Monzy highlight from the Keynote:

Over the weekend I was able to process the large selection of technical conversations I had with hundreds of brilliant people in our cubicle at.conf. Among the amusing things I discovered – which no one would openly admit unless I pulled it out of them – is that the majority of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I also observed the obvious: incident response was the main focus of this year’s occasion.

However, many people use Ziften for Splunk for a variety of things, such as operations and application management, network monitoring, and user habits modeling. In an effort to illuminate the broad functionality of our Splunk App, here’s a taste of exactly what folks at.conf2016 enjoyed most about Ziften for Splunk:

1) It’s wonderful for Enterprise Security.

a. Generalized platform for digesting real-time data and taking immediate action
b. Autotomizing remediation from a large scope of indications of compromise

2) IT Operations like us.

a. Systems Tracking, Hardware Life Cycle, Management Of Resources
b. Application Management – Compliance, License Rationalization, Vulnerabilities

3) Network Monitoring with ZFlow is a game changer.

a. ZFlow ties netflow with binary, user and system data – in a single Splunk SPL entry. Do I need to say more here? This is the best Holy Grail from Indiana Jones, guys!

4) Our User Habits Modeling surpasses just alerts.

a. This could be tied back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application usage, logins, elevated binaries, timestamps, etc is easily viewable in Splunk
c. Ziften supplies a totally free Security Centric Splunk bundle, however we convert all of the data we collect from each endpoint to Splunk CIM language – Not just our ‘Alerts’.

Ultimately, using a single Splunk Adaptive Response interface to handle a plethora of tools within your environment is what helps build a strong business fabric for your business – one where operations, security and network teams more fluidly overlap. Make better decisions, much faster. Discover on your own with our free 30 day trial of Ziften for Splunk!

Leave a Reply

Your email address will not be published. Required fields are marked *