solving compliance for big data
DESCRIPTION
EQALIS describe how Splunk can help solve your Compliance problems with Big Data. Presentation given at Infosec 2012.TRANSCRIPT
Solving Compliance for BIG DATAAndrew Walley – Sales DirectorIan Tinney – Technical Director
InfoSecurity Europe 24-26 April 2012
SECURITY & COMPLIANCE with BIG DATA
Cyber attacks increasing
Regulations tighten
Skills shortage - By 2018, 190,000 too few people with analytical skills [McKinsey]
Tools, like SIEMs, don’t scale; inflexible; expensive
BIG…
Daily log volumes >=petabytes
90% of data created in last 2 years
Data is pervasive email, pda, web-access, financial
transactions, systems access, network devices.
…DATA
90% is Unstructured data
Beyond capabilities of traditional Database technologies
Difficult to Search and report
What is BIG DATA?
HOLDING BACK THE FLOOD OF BIG DATA
Volume Need to be able to cope with massive amounts of data
Variety Need to cope with unstructured data
Velocity Need to scale beyond today!
YOU WANT SPLUNK ON YOUR SIDE Universal Indexing
ability to add new, unstructured data sources Unstructured Data
now accessible, usable, valuable… Unlocks the potential
expose a hidden treasure chest of information Ultimately Scalable
horizontally scalable
SPLUNK THINKS LIKE A
CRIMINAL
Collects and Indexes ANY Machine Data
Customer Facing Data
Outside the Datacenter
ApplicationsWeb logsLog4J, JMS, JMX.NET eventsCode and scripts
NetworkingConfigurationssyslogSNMPnetflow
DatabasesConfigurationsAudit/query logsTablesSchemas
Virtualization & Cloud
HypervisorGuest OS, AppsCloud
Linux/UnixConfigurationssyslogFile systemps, iostat, top
WindowsRegistryEvent logsFile systemsysinternals
Logfiles Configs Messages Traps Alerts
Metrics Scripts TicketsChanges
Click-stream dataShopping cart dataOnline transaction data
Manufacturing, logistics…CDRs & IPDRsPower consumptionRFID dataGPS data
• Any amount, any location, any sourceNo upfront schema
No custom connectorsNo RDBMSNo need to filter/forward
COMPLIANCE – Challenges
GPG13
Mandatory for anyone working with the Government on the GCSX network
Different technologies, logs and fields
Need to monitor the monitoring tools
PCI – DSS
Mandatory – for company processing CC payments
Myriad log formats
Daily Log Review is labour-intensive
Good Practice Guide 13 Payment Card Industry Data Security Standard
WHAT DOES EQALIS PROVIDE?
Eqalis GPG13 app: Eqalis PCI app:
Why Splunk? What’s wrong with my SIEM?
Good at raising a Red Flag but then what?
Why not an appliance-based solution?
Can your appliance scale? Can you improve performance?
Is it a Turn-key solution?
Do you all use the same OSs and make of Firewall?
Can it do anything else?
Splunk can be used for many things…
BONUS FEATURES…So what else can Splunk do for me?Splunk for VMware
Collects performance metrics, tasks, events, logs to provide complete visibility into virtual environments
VMware vCenter Server
VMware vSphere
• Collects and persists data directly from hosts (to avoid the VC bottleneck)
• Integrates data with VC inventory information
• Collects and persists tasks & events from VC to maintain complete picture
• Initial set of views/dashboards as a starting point
Splunk for Enterprise SecuritySplunk for ExchangeSplunk for Cisco Security
A Growing Family of Splunk Apps
Security
IronPort WSA
HQ in Bracknell, Berkshire
Founded 2008
Largest Splunk VAR in UK
Premier Splunk Partner EMEA 2009
Splunk Partner of the Year 2011
10 Employees, UK and EMEA focus
120+ Customers
Real Time Operational Intelligence
Security Network
Ops Web
Compliance
BI
Professional Services
Splunk Authorised Training
www.eqalis.com0845 643 9180
EQALIS Ltd, Lily Hill Road,
Bracknell, Berkshire,
RG12 2SJ
QUESTIONS?
DEMONSTRATION?
Thank you