Charles Leaver – 2016 Splunk.conf Demonstrates Adaptive Response Is Key

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

All the current success from Splunk

Recently I went to the annual Splunk conference in the great sunshine state – Florida. The Orlando-based occasion allowed for Splunkers from all over the world to familiarize themselves with the current and greatest offerings from Splunk. Although there were an array of enjoyable activities throughout the week, it was clear that attendees existed to learn. The announcement of Splunk’s security-centric Adaptive Response effort was well-received and so happens to integrate quite nicely with Ziften’s endpoint service.

Of particular interest, the “Transforming Security” Keynote Presentation presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s brand-new Adaptive Response user interface to countless guests.

In the clip just below extracted from that Keynote, Monzy Merza exhibits how critical data supplied by a Ziften agent can likewise be used to enact bi-directional performance from Splunk by sending out instructional logic back to the Ziften agent to take instant actions on a jeopardized endpoint. Monzy had the ability to effectively determine a jeopardized Linux server and remove it off the live network for further forensic investigation. By not only offering crucial security data to the Splunk instance, but also permitting the user to remain on the very same user interface to take functional and security actions, the Ziften endpoint agent allows users to bi-directionally use Splunk’s powerful framework to take instantaneous action across all operating systems in an exacting manner. After the talks our cubicle was overloaded with demos and very fascinating conversations concerning operations and security.

Have a look at a three minute Monzy extract from the Keynote:

Over the weekend I had the ability to process the wide selection of technical discussions I had with hundreds of brilliant people in our cubicle at.conf. One of the amusing things I found – which nobody would freely admit unless I pulled it out of them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I also observed the obvious: incident response was the main focus of this year’s event.

However, many people utilize Ziften for Splunk for a range of things, such as application and operations management, network tracking, and user behavior modeling. In an effort to light up the broad functionality of our Splunk App, here’s a taste of exactly what folks at.conf2016 liked most about Ziften for Splunk:

1) It’s wonderful for Business Security.

a. Generalized platform for digesting real-time data and taking immediate action
b. Autotomizing removal from a wide scope of indications of compromise

2) IT Operations like us.

a. Systems Tracking, Hardware Lifecycle, Management Of Resources
b. Management of Applications – Compliance, License Rationalization, Susceptibilities

3) Network Tracking with ZFlow is a game changer.

a. ZFlow ties netflow with binary, user and system data – in a single Splunk SPL entry. Do I need to state more here? This is the best Holy Grail from Indiana Jones, people!

4) Our User Behavior Modeling goes beyond just notifications.

a. This could be connected back under IT Operations however it’s becoming its own monster
b. Ziften’s tracking of software use, logins, elevated binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a totally free Security Centric Splunk package, but we transform all of the data we gather from each endpoint to Splunk CIM language – Not simply our ‘Notifications’.

Ultimately, using a single Splunk Adaptive Response interface to manage a multitude of tools within your environment is exactly what assists build a strong enterprise fabric for your company – one where operations, security and network teams more fluidly overlap. Make better decisions, much faster. Find out on your own with our complimentary One Month trial of Ziften for Splunk!