SplunkLive! Stockholm 2017 - Norsk Tipping Customer Presentation
SplunkLive! Customer Presentation--ServiceNow
description
Transcript of SplunkLive! Customer Presentation--ServiceNow
Copyright © 2014 Splunk Inc.
Justin DollyCISO
ServiceNowServiceNow + Splunk Integration
2
ServiceNow OverviewServiceNow is the enterprise IT cloud company. We transform IT by automating and managing IT across the global enterprise. Organizations deploy our service to create a single system of record for IT and automate manual tasks, standardize processes, and consolidate legacy systems. Using our extensible platform, our customers create custom applications and evolve the IT service model to service domains inside and outside the enterprise
Founded in 2004
IPO in June 2012
2300+ customers
2100+ employees
2013= $470m revenue
3
ServiceNow OverviewSingle system of record for ITSingle Cloud PlatformRobust Suite of IT ApplicationsCustom Application DevelopmentEnterprise Cloud InfrastructureLights-out, zero-touch automationPowerful Business Intelligence ReportingAccelerate time-to-value
4
My Background and RoleJustin Dolly, VP & CISO at ServiceNowFormer CISO at VMwarePreviously held security and technology leadership roles at – Kaiser Permanente, – CNET Networks / CBS Interactive, – Macromedia – Wells Fargo Bank
5
Security ChallengesMost Security teams now have budget, staff & toolsHaving many tools can be cumbersome & inefficientSecurity teams typically work in a Silo
Our Situation, a year ago:Log Analytics and Service Management were disparate systemsNeed threat identification and event correlationInformation is there, but it’s difficult to accessNeeded to address compliance and audit reporting needs
6
Splunk @ ServiceNow TodayCollecting over 400GB/ day and growingEnterprise Security is our SIEM collecting threat intelligence data and providing actionable results‘Single pane of glass’ view across enterprise for threat identification and event correlationSplunk alerts trigger script actions which push events into ServiceNow via SOAP and XMLEvents are analyzed by a dedicated Security Operations team
7
Splunk @ ServiceNow TodaySyslog Events
• Network• Firewall• F5 LTM/ASM• Wireless IDS Syslog Store and Forward
Splunk Indexers SplunkESSearch Head
SplunkSearch Head
ServiceNow Security Instance
Event Console
8
Integration OverviewCustom built integration using the Splunk REST APIs and ServiceNow APIs
Splunk is periodically queried for security related events
Script actions push event data into ServiceNow instance events table
Business rules extract unique identifiers from the events table for de-duplication and correlation
Security analyst reviews events in the ServiceNow console and elevates events to incidents for investigation
New event data received is automatically associated to open incidents
Open incidents drive response activities and workflow across the organization
9
What’s NextWe continue to grow quicklyBig Data analytics also grows in importanceLeveraging the new Splunk integration with ServiceNow Event Management Console (newly released in Eureka)Integration with ServiceNow Threat Intelligence Portal
10
Top TakeawaysEmbrace the mind-shift in Security– Re-think the relationship between your systems, processes, and people– The traditional tools won’t save you
Technology when done right is extremely liberating– Applying threat intelligence and real-time analytics makes response activity faster
& more accurate
The only metric that matters is how quickly you respond to a security event– Don’t chase the information, let it come to you