Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO
All the latest success from Splunk
Last week I attended the yearly Splunk conference in the excellent sunshine state – Florida. The Orlando-based occasion permitted Splunkers from worldwide to familiarize themselves with the most recent and greatest offerings from Splunk. Although there were a range of fun activities throughout the week, it was clear that participants existed to find out new stuff. The announcement of Splunk’s security-centric Adaptive Response initiative was popular and so happens to integrate rather well with Ziften’s endpoint solution.
In particular, the “Transforming Security” Keynote Session put on by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s brand-new Adaptive Response interface to countless participants.
In the clip below taken from that Keynote, Monzy Merza exemplifies how vital data provided by a Ziften agent can likewise be used to enact bi-directional performance from Splunk by sending instructional logic to the Ziften agent to take instant actions on a jeopardized endpoint. Monzy was able to successfully determine a compromised Linux server and remove it from the operational network for further forensic investigation. By not just supplying crucial security data to the Splunk instance, however likewise permitting the user to stay on the exact same interface to take operational and security actions, the Ziften endpoint agent enables users to bi-directionally utilize Splunk’s effective framework to take instantaneous action throughout all operating systems in an exacting manner. After the talks our cubicle was overloaded with demos and incredibly intriguing conversations relating to operations and security.
Take a look at a three minute Monzy highlight from the Keynote:
Over the weekend I was able to process the large variety of technical conversations I had with numerous dazzling people in our booth at.conf. Among the amusing things I found – which nobody would freely admit unless I pulled it from them – is that the majority of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I likewise observed the apparent: incident response was the main focus of this year’s event.
Nevertheless, many individuals use Ziften for Splunk for a range of things, such as application and operations management, network tracking, and user habits modeling. In an effort to light up the broad performance of our Splunk App, here’s a taste of exactly what folks at.conf2016 loved most about Ziften for Splunk:
1) It’s fantastic for Business Security.
a. Generalized platform for absorbing real-time data and taking instant action
b. Autotomizing remediation from a wide scope of indications of compromise
2) IT Operations love us.
a. Systems Tracking, Hardware Lifecycle, Resource Management
b. Application Management – Compliance, License Rationalization, Vulnerabilities
3) Network Tracking with ZFlow is a game changer.
a. ZFlow ties netflow with binary, user and system data – in a single Splunk SPL entry. Do I have to state more here? This is the right Holy Grail from Indiana Jones, folks!
4) Our User Habits Modeling surpasses simply alerts.
a. This could be connected back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application use, logins, elevated binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a complimentary Security Centric Splunk bundle, however we transform all the data we gather from each endpoint to Splunk CIM language – Not simply our ‘Alerts’.
Ultimately, utilizing a single Splunk Adaptive Response interface to manage a wide variety of tools within your environment is exactly what helps develop a strong business fabric for your business – one where operations, security and network teams more fluidly overlap. Make better decisions, quicker. Learn on your own with our complimentary 1 Month trial of Ziften for Splunk!