Charles Leaver – Splunk.conf 2016 Showed Why Adaptive Response Is The Way To Go

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

All the latest achievements from Splunk

Last week I went to the yearly Splunk conference in the excellent sunshine state – Florida. The Orlando-based occasion enabled Splunkers from all over the world to acquaint themselves with the latest and most successful offerings from Splunk. Although there were a variety of fun activities throughout the week, it was clear that guests were there to discover new things. The announcement of Splunk’s security-centric Adaptive Response effort was popular and so happens to integrate rather nicely with Ziften’s endpoint service.

Of particular interest, the “Transforming Security” Keynote Address put on by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s new Adaptive Response interface to thousands of guests.

In the clip just below extracted from that Keynote, Monzy Merza exhibits how vital data supplied by a Ziften agent can also be used to enact bi-directional performance from Splunk by sending out instructional logic back to the Ziften agent to take immediate actions on a jeopardized endpoint. Monzy had the ability to effectively determine a jeopardized Linux server and remove it off the operational network for additional forensic examination. By not only supplying vital security data to the Splunk instance, however also permitting the user to stay on the exact same interface to take operational and security actions, the Ziften endpoint agent makes it possible for users to bi-directionally make use of Splunk’s effective structure to take immediate action across all operating systems in an exacting way. After the talks our cubicle was overloaded with demonstrations and extremely fascinating conversations relating to operations and security.

Take a look at a 3 minute Monzy extract from the Keynote:

Over the weekend I had the ability to process the large selection of technical conversations I had with numerous fantastic individuals in our cubicle at.conf. One of the funny things I discovered – which nobody would openly admit unless I pulled it out of them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I likewise observed the apparent: incident response was the main focus of this year’s occasion.

However, many individuals use Ziften for Splunk for a variety of things, such as operations and application management, network tracking, and user behavior modeling. In an effort to illuminate the broad functionality of our Splunk App, here’s a taste of what folks at.conf2016 loved most about Ziften for Splunk:

1) It’s fantastic for Business Security.

a. Generalized platform for absorbing real time data and taking immediate action
b. Autotomizing removal from a wide scope of signs of compromise

2) IT Operations love us.

a. Tracking of Systems, Hardware Life Cycle, Resource Management
b. Management of Applications – Compliance, License Verification, Vulnerabilities

3) Network Tracking with ZFlow is a game changer.

a. ZFlow ties netflow with binary, system and user data – in a single Splunk SPL entry. Do I need to say more here? This is the right Holy Grail from Indiana Jones, guys!

4) Our User Behavior Modeling exceeds simply notifications.

a. This could be tied back under IT Operations however it’s becoming its own monster
b. Ziften’s tracking of software use, logins, raised binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a totally free Security Centric Splunk bundle, but we transform all of the data we collect from each endpoint to Splunk CIM language – Not just our ‘Notifications’.

Ultimately, using a single Splunk Adaptive Response interface to manage a multitude of tools within your environment is what assists develop a strong enterprise fabric for your business – one in which operations, security and network groups more fluidly overlap. Make better decisions, much faster. Discover for yourself with our totally free Thirty Days trial of Ziften for Splunk!

Leave a Reply

Your email address will not be published. Required fields are marked *