Welcome!

Web 2.0 Authors: Roger Strukhoff, Harald Zeitlhofer, Dana Gardner, Keith Cawley, Liz McMillan

Related Topics: Cloud Expo

Cloud Expo: Article

Three Use Cases for Splunk

Splunk derives knowledge and actionable information by indexing and searching machine data

The greatest source of potential use cases for technology is the user community. This is a great reason to attend events where customers are at the center of focus. This was what last month’s Splunk Live DC was like. Splunk is a very user-focused capability and when you create a venue where users can exchange info it can be a particularly virtuous event.

The following are use cases from three Splunk customers. Splunk, as you probably know, derives knowledge and actionable information by indexing and searching machine data. Users at Splunk Live explained why they were so happy with the software by presenting three use cases. The users presenting there included Cisco, the U.S. Food and Drug Administration, and Defense. These use cases all point to the  use of Splunk to handle their machine data effectively and efficiently. Here is more:

  • Jeff Bollinger is an infosec investigator on the Cisco Computer Security Incident Response Team (CSIRT), which provides enterprise-wide security monitoring and incident response. With Splunk, CSIRT can look  everywhere for anomalies by collecting all event data. Without Splunk, such a holistic approach would be overwhelming for a network as large as Cisco’s. Using Splunk, CSIRT was able to counter the OSX Flashback virus and separate IT operations issues from  security issues. Bollinger added that he was able to do all of this without being a programming expert, as Splunk is intuitive to use and its scripting language easy to navigate. By gathering all the machine data and indexing it with time stamps, Splunk could provide historical data to discover who was infected once signs of an attack are discovered. Splunk’s indexing also helps with monitoring, metrics, and threat reporting.
  • The FDA got the most use out of Splunk through the Microsoft Exchange app, an example of the useful applications and add-ons that extend Splunk and make it easier to use. Microsoft Exchange handles mail, contacts, calendaring, and tasks, but the FDA did not have a way to monitor it to support security measures. With Splunk, the FDA could track inbound and outgoing messages, respond to requests in a timely manner, and enforce policy.
  • Jake Groth, the VP of Security Engineering and Architecture at Defense Point Security, talked about using Splunk to deliver Big Data and enterprise logging as a service. It does so by supporting component and enterprise visibility, role based access controls, a good user experience, scalability, predictable capacity planning, and reliability. That Splunk supports to many different use cases also helps provide a range of offerings for different communities.

For more on Splunk see our CTOlabs Write Up.

This post by was first published at CTOvision.com.

More Stories By Bob Gourley

Bob Gourley, former CTO of the Defense Intelligence Agency (DIA), is Founder and CTO of Crucial Point LLC, a technology research and advisory firm providing fact based technology reviews in support of venture capital, private equity and emerging technology firms. He has extensive industry experience in intelligence and security and was awarded an intelligence community meritorious achievement award by AFCEA in 2008, and has also been recognized as an Infoworld Top 25 CTO and as one of the most fascinating communicators in Government IT by GovFresh.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.