Chuck Leaver – This Year’s Splunk.conf Showed How Critical Adaptive Response Is

Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO

All the most recent achievements from Splunk

Last week I went to the annual Splunk conference in the terrific sunshine state – Florida. The Orlando-based occasion allowed for Splunkers from all over the world to acquaint themselves with the most recent and greatest offerings from Splunk. Although there were a range of enjoyable activities throughout the week, it was clear that guests existed to learn. The announcement of Splunk’s security-centric Adaptive Response initiative was well-received and so happens to integrate rather perfectly with Ziften’s endpoint service.

In particular, the “Transforming Security” Keynote Session presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s brand-new Adaptive Response user interface to countless guests.

In the clip just below taken from that Keynote, Monzy Merza exhibits how important data supplied by a Ziften agent can likewise be used to enact bi-directional performance from Splunk by sending out instructional logic to the Ziften agent to take instant actions on a compromised endpoint. Monzy was able to successfully identify a compromised Linux server and remove it off the live network for more forensic investigation. By not only supplying vital security data to the Splunk instance, but likewise allowing the user to remain on the very same interface to take functional and security actions, the Ziften endpoint agent enables users to bi-directionally use Splunk’s effective framework to take immediate action throughout all running systems in an exacting way. After the talks our booth was overloaded with demos and extremely interesting conversations regarding operations and security.

Take a look at a three minute Monzy extract from the Keynote:

Over the weekend I had the ability to process the broad variety of technical conversations I had with hundreds of brilliant individuals in our booth at.conf. One of the amusing things I discovered – which no one would honestly admit unless I pulled it from them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I likewise observed the obvious: incident response was the primary focus of this year’s occasion.

Nevertheless, lots of people use Ziften for Splunk for a range of things, such as application and operations management, network monitoring, and user habits modeling. In an attempt to light up the broad performance of our Splunk App, here’s a taste of exactly what folks at.conf2016 enjoyed most about Ziften for Splunk:

1) It’s fantastic for Enterprise Security.

a. Generalized platform for digesting real-time data and taking immediate action
b. Autotomizing removal from a large scope of indicators of compromise

2) IT Operations like us.

a. Systems Tracking, Hardware Life Cycle, Resource Management
b. Application Management – Compliance, License Verification, Susceptibilities

3) Network Tracking with ZFlow is a game changer.

a. ZFlow ties netflow with binary, user and system data – in a single Splunk SPL entry. Do I need to state more here? This is the ideal Holy Grail from Indiana Jones, people!

4) Our User Habits Modeling surpasses just notifications.

a. This could be connected back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application usage, logins, elevated binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a totally free Security Centric Splunk bundle, but we convert all the data we gather from each endpoint to Splunk CIM language – Not simply our ‘Notifications’.

Eventually, utilizing a single Splunk Adaptive Response interface to handle a wide range of tools within your environment is exactly what assists construct a strong enterprise fabric for your organization – one in which operations, security and network teams more fluidly overlap. Make better choices, faster. Learn for yourself with our complimentary 30 day trial of Ziften for Splunk!