Feedback From 2016 Splunk.conf – The Need For Adaptive Response – Charles Leaver

By | November 2, 2016

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

All the latest greatness from Splunk

Last week I attended the yearly Splunk conference in the excellent sunshine state – Florida. The Orlando-based event enabled Splunkers from all over the world to acquaint themselves with the current and most successful offerings from Splunk. Although there were a variety of fun activities throughout the week, it was clear that attendees existed to learn. The statement of Splunk’s security-centric Adaptive Response initiative was well-received and so happens to integrate rather well with Ziften’s endpoint solution.

In particular, the “Transforming Security” Keynote Presentation presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, demonstrated the power of Splunk’s new Adaptive Response interface to thousands of attendees.

In the clip just below taken from that Keynote, Monzy Merza exemplifies how critical data provided by a Ziften agent can likewise be utilized to enact bi-directional functionality from Splunk by sending out instructional logic back to the Ziften agent to take instant actions on a jeopardized endpoint. Monzy had the ability to successfully identify a jeopardized Linux server and remove it off the operational network for further forensic examination. By not only supplying important security data to the Splunk instance, but likewise enabling the user to remain on the very same user interface to take functional and security actions, the Ziften endpoint agent enables users to bi-directionally use Splunk’s effective structure to take instantaneous action across all operating systems in an exacting manner. After the talks our booth was swamped with demonstrations and extremely intriguing discussions concerning operations and security.

Have a look at a 3 minute Monzy highlight from the Keynote:

Over the weekend I had the ability to process the broad range of technical conversations I had with hundreds of brilliant individuals in our booth at.conf. Among the funny things I discovered – which nobody would honestly admit unless I pulled it out of them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I likewise observed the obvious: event response was the main focus of this year’s event.

However, many people use Ziften for Splunk for a range of things, such as operations and application management, network tracking, and user habits modeling. In an attempt to illuminate the broad functionality of our Splunk App, here’s a taste of exactly what folks at.conf2016 enjoyed most about Ziften for Splunk:

1) It’s wonderful for Enterprise Security.

a. Generalized platform for digesting real-time data and taking immediate action
b. Autotomizing remediation from a large scope of signs of compromise

2) IT Operations like us.

a. Tracking of Systems, Hardware Lifecycle, Management Of Resources
b. Application Management – Compliance, License Verification, Susceptibilities

3) Network Monitoring with ZFlow is a game changer.

a. ZFlow ties netflow with binary, system and user data – in a single Splunk SPL entry. Do I have to say more here? This is the best Holy Grail from Indiana Jones, folks!

4) Our User Habits Modeling exceeds simply notifications.

a. This could be connected back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software usage, logins, raised binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a complimentary Security Centric Splunk package, however we transform all of the data we collect from each endpoint to Splunk CIM language – Not simply our ‘Alerts’.

Ultimately, using a single Splunk Adaptive Response interface to manage a wide variety of tools within your environment is what helps build a strong business fabric for your business – one in which operations, security and network groups more fluidly overlap. Make better decisions, quicker. Discover on your own with our totally free 1 Month trial of Ziften for Splunk!

Leave a Reply

Your email address will not be published. Required fields are marked *