Chuck Leaver – A Recap Of Splunk.conf 2016 Adaptive Response Is Critical

Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO


All the current success from Splunk

Recently I participated in the annual Splunk conference in the great sunshine state – Florida. The Orlando-based occasion permitted Splunkers from around the world to acquaint themselves with the current and greatest offerings from Splunk. Although there were an array of enjoyable activities throughout the week, it was clear that guests existed to discover new things. The statement of Splunk’s security-centric Adaptive Response effort was favored and just so happens to integrate quite nicely with Ziften’s endpoint service.

Of particular interest, the “Transforming Security” Keynote Address presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s new Adaptive Response user interface to thousands of attendees.

In the clip just below taken from that Keynote, Monzy Merza exhibits how critical data provided by a Ziften agent can likewise be used to enact bi-directional functionality from Splunk by sending instructional logic to the Ziften agent to take immediate actions on a compromised endpoint. Monzy was able to effectively identify a jeopardized Linux server and remove it from the live network for further forensic examination. By not only offering vital security data to the Splunk instance, but likewise allowing the user to stay on the same user interface to take operational and security actions, the Ziften endpoint agent allows users to bi-directionally use Splunk’s powerful framework to take immediate action throughout all operating systems in an exacting way. After the talks our cubicle was overloaded with demonstrations and incredibly intriguing discussions regarding operations and security.

Have a look at a three minute Monzy extract from the Keynote:

Over the weekend I was able to process the wide variety of technical discussions I had with numerous brilliant individuals in our booth at.conf. One of the funny things I found – which no one would freely admit unless I pulled it from them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I likewise observed the obvious: incident response was the primary focus of this year’s event.

However, lots of people utilize Ziften for Splunk for a range of things, such as operations and application management, network tracking, and user habits modeling. In an effort to light up the broad performance of our Splunk App, here’s a taste of what folks at.conf2016 enjoyed most about Ziften for Splunk:

1) It’s great for Enterprise Security.

a. Generalized platform for digesting real time data and taking instant action
b. Autotomizing removal from a large scope of indicators of compromise

2) IT Operations love us.

a. Systems Tracking, Hardware Life Cycle, Resource Management
b. Management of Applications – Compliance, License Verification, Susceptibilities

3) Network Monitoring with ZFlow is a game changer.

a. ZFlow ties netflow with binary, user and system data – in a solitary Splunk SPL entry. Do I need to state more here? This is the ideal Holy Grail from Indiana Jones, folks!

4) Our User Behavior Modeling goes beyond simply alerts.

a. This could be tied back under IT Operations but it’s becoming its own monster
b. Ziften’s tracking of software use, logins, elevated binaries, timestamps, etc is readily viewable in Splunk
c. Ziften provides a complimentary Security Centric Splunk bundle, however we transform all of the data we gather from each endpoint to Splunk CIM language – Not simply our ‘Alerts’.

Ultimately, using a single Splunk Adaptive Response interface to handle a wide variety of tools within your environment is what helps build a strong business fabric for your company – one in which operations, security and network teams more fluidly overlap. Make better decisions, much faster. Discover for yourself with our free Thirty Days trial of Ziften for Splunk!


No Responses Yet to “Chuck Leaver – A Recap Of Splunk.conf 2016 Adaptive Response Is Critical”

Leave a Reply