Splunk for Industrial Data and the Internet of Things
•
6 gostaram•2,980 visualizações
Splunk software provides a scalable and versatile platform for machine data generated by all of the devices, control systems, sensors, SCADA, networks, applications and end users connected by today's networks. In this session we will discuss and demo how you can use Splunk software to gain insights into machine data generated by devices and control systems. We’ll cover common themes in use cases, and show you how to access the free apps and add-ons that simplify the connection and collection of data from both industrial systems and the Internet of Things. In addition we will introduce you to Splunk’s growing ecosystem of IoT and Industrial focused technology partners.
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (20)
Semelhante a Splunk for Industrial Data and the Internet of Things
Semelhante a Splunk for Industrial Data and the Internet of Things (20)
Mais de Splunk
Mais de Splunk (20)
Último
Último (20)
Splunk for Industrial Data and the Internet of Things
- 1. Splunk, Industrial Data and the Internet of Things
- 2. IT Operations Application Delivery Developer Platform (REST API, SDKs) Delivers Value Across IT and the Business Business Analytics Industrial Data and Internet of Things Security, Compliance and Fraud © 2015 Splunk Inc. All rights reserved.
- 3. IT Operations Application Delivery Developer Platform (REST API, SDKs) Delivers Value Across IT and the Business Business Analytics Industrial Data and Internet of Things Security, Compliance and Fraud © 2015 Splunk Inc. All rights reserved.
- 4. Map Search Operation Playback OPERATIONAL VISIBILITYACROSS SILOS Experience Visualization © 2014 Splunk Inc. All rights reserved.
- 5. 5 Energy price monitoring React to price changes effectively Better operational analytics
- 6. 6 Monitoring flights and medicine in real time Making data accessible, usable and valuable to medical, flight, and support personnel Supporting outreach and fundraising efforts © 2014 Splunk Inc. All rights reserved.
- 7. 7
- 8. 8 Analyzing Robots to Improve Supply Chain 4%Throughput Improvements
- 9. Operational Technology (ICS) Energy Oil & Gas Process Manufacturing Medical Devices Telecom Smart Building Robots Consumer Technology Smart Home Wearables Media Scope of IoT & Industrial Data SCADA DCS Other Emerging Technology • ICS (Industrial Control System) - General Term Used to Describe a System or Process with Many Systems • SCADA (Supervisory Control and Data Acquisition) – Geographically Distributed Monitoring • DCS (Distributed Control System) – Process (Batch or Flow) with Many Data Points • Other - Embedded systems making up the rest of the IoT Space © 2015 Splunk Inc. All rights reserved.
- 10. Powerful Developer Platform Collection Indexing Search Processing Language Core Functions Inputs, Apps, Other Content SDKUI REST API Operational Intelligence Platform Content Core Engine User and Developer Interfaces
- 11. Powerful Extensibility 11 Splunk Web Framework R Project App Custom Search Commands in Python
- 12. Powerful IoT and Industrial Data Ecosystem 12 APIs, SDKs, App Framework, User Interface SDKs UI Legacy Data and Sensors IoT/ICS SecurityIoT Platforms Native Inputs REST Advanced Analytics and ML Custom Interfaces
- 13. Kepware Industrial Data Forwarder for Splunk © 2015 Splunk Inc. All rights reserved.
- 14. Example Deployment – Oil and Gas Operations Upstream •Wellsite Info (WITS Level 0) •Pump Controllers Midstream •ABB Total Flow Devices •Electronic Flow Measurement Device Downstream •PLCs •PACs •RTU’s •DCS •Data Recorders Accessed through Kepware Industrial Data Forwarder Additional Data Sources • Security-related events • Relational database and CSV lookups • Weather and other environmental events • Work order events • Safety-related events • Network and IT/OT infrastructure events Traditional Splunk Sources Splunk – At Intersection of IT and OT (a key trend going forward) © 2015 Splunk Inc. All rights reserved.
- 15. Use Cases Operations and Troubleshooting Security, Compliance and Safety Business Analytics Measurement and Verification Root Cause Analysis Capacity Planning Anomaly and Outlier Detection Cybersecurity Safety and Compliance Customer Intelligence Device Intelligence © 2015 Splunk Inc. All rights reserved.
- 16. App for Enterprise Security for ICS IT Security Events OT Security Events Process and Alarm Events © 2015 Splunk Inc. All rights reserved.
- 17. Why is ICS Different Than IT? 17
- 18. Cyber Criminals Malicious Insiders Nation States ICS Security Threats
- 19. Why the Growing Interest in ICS Security? 19 Everyday Headlines
- 20. Preventing Control System Service Interruption Prevent Damage Health and Safety of Employees Meet Compliance Logging Capabilities Reporting Capabilities Correlation Between OT and IT Data Silos Existing ICS Security Problem Space 20 Weaknesses Drivers
- 21. A New Approach to ICS Security is Needed 21 Analyze all relevant data Contextual and Behavioral Relevance Rapid learning loops and responses Collaborative & Coordinated Leverage IOC & Threat Intel Fusion of Technology/People/Process • Goal-oriented • Human directed • Multiple tools, steps & activities • Dynamic • New evasion techniques • Coordinated
- 22. © 2015 Splunk Inc.22 Threat Intel Access IdentityEndpointsNetwork Splunk is the Security Brain (Intelligence)
- 23. Splunk’s ICS Security Focused Partners 23
- 24. Connecting the “Data Dots” 24 24 Machine data Traffic data Abnormal behavior High confidence event Med confidence event Low confidence event Malware download Program installation Access to ICS Malware install Malware & endpoint execution data User on machine Link to program And process Authenticated Sessions used to pivot into Control Systems LAN Delivery, exploit installation Gain trusted access Access Operations Environment Upgrade (escalate) Lateral movement Threat intelligence Auth - User Roles Host Activity/Security Network Activity/Security Control System LAN
- 25. Better quality and safety Drive product innovation Workflow and productivity improvements Detect cybersecurity threats Drive operational efficiencies Extend competitive advantage How Can IoT Analytics Transform Your Business? © 2015 Splunk Inc. All rights reserved.
- 26. © 2014 Splunk Inc. All rights reserved. Why Splunk? FAST TIME-TO-VALUE ONE PLATFORM, MULTIPLE USE CASES VISIBILITY ACROSS STACK, NOT JUST SILOS ASK ANY QUESTION OF DATA ANY DATA, ANY SOURCE OR DEPLOYMENT MODEL
- 27. © 2015 Splunk Inc. All rights reserved Demo
- 28. © 2015 Splunk Inc. All rights reserved Questions?
- 30. Don’t forget to fill out your survey! Complete survey for a chance to win Splunk schwag Visit http://t.validar.com/1/ecOQ7 Or text 878787
- 31. © 2015 Splunk Inc. All rights reserved Thank You !
Notas do Editor
- POSCO is a multi-national steel making company headquartered in Korea. They are the world’s 4th largest steelmaker. Data for one process coming from: sensors, devices, and servers. Each data type has different formats and fields and is stored in a different place. Existing SCADA tools only show current values. Cannot see past data or trends over time. For refinery operators to access data for investigations, must get permission from IT departments in each factory. Extract data from several databases into Excel files, mash it up and compare levels and trends over time to deduce root cause.! Between obtaining permissions, transforming data and actual analysis, investigations can take up to 2 weeks. The Perseus is a OI platform powered by Splunk that deliver three key values such as Experience Visualization, Operation Playback and Map Search in order to bridge gap of OI for the industry customers who want to get an operational visibility from their business infrastructures unlike the other siloed approaches. Perseus can integrate, correlate, manipulate and visualize data with contents such as images, maps, SCADA, remote desktops and even live streaming videos using next generation UX technology called POD (Pixel On Demand) which is powered by N3N. Most of all, Perseus is tightly integrated with Splunk in order to get world best BigData capability with valuable advantages. Experience Visualization – integrate all types of data needed to provide operators with complete operational visibility: Video, Links, Documents, Charts, Tables, Text, Images Map search: Always search within the context of the current view. Clicking the “search” button brings up the search view with all of the metrics in the current view pre-selected. Operators can easily change the visualization to get a different perspective on the data. Operation Playback: Adjust the time range for any view in the Perseus UI to see the values of each component in the view at any point in the past. This is incredibly useful for troubleshooting where existing systems make it hard to access and manipulate past data.
- Lumo Energy is an Australian energy retailing business with several power stations throughout Eastern Australia. They use a customized SCADA (supervisory control and data acquisition) system to monitor and control its machinery and equipment. They wanted to extend the capacity of their SCADA system to improve their ability to respond to price fluctuations in real time. They were also seeking more visibility into the infrastructure of their many power stations. Lumo uses Splunk to automate its monitoring of base electricity prices and predictions, which are provided by the Australian Energy Market Operator (AEMO). Splunk indexes all of the inbound data from AEMO, runs specific analysis and calculations specific to Lumo, and then securely provides pricing execution proposals to the stations. This way, AEMO can better predict and react to pricing fluctuations, thereby maximizing revenue. Lumo Energy also has greater control over their custom SCADA environment. Splunk dashboards display market demand and pricing information, power station status and output, resource utilization and other telemetry. Lumo Energy can respond faster to market fluctuations with greater operational intelligence and unparalleled visibility into plant and equipment efficiency. Splunk also provides fail-safe security for private online control of their energy assets operating in the Australian market.
- Splunk’s customer, Royal Flying Doctor Service, uses Splunk to better manage the systems and aircraft through which they provide rural healthcare in Australia’s most remote environments. Sensor data from the cooling systems that keep the medicine safe during transport, avionic data from the aircraft, and precise location data give the RFDS team a unique view into overall operations – which is incredibly important as the number of med flights they execute makes them the third largest Australian Airline! In addition to troubleshooting and ops using sensor data, RFDS management is able to re-purpose the precise location data to deliver a unique fundraising opportunity – Buy the sky: buythesky.com.au As planes are servicing patients around Australia, individuals and businesses are able to sponsor patches of sky. As planes fly through these patches, Splunk alerts Salesforce, and a custom email Is sent to the sponsors letting them know their money is being put to good use!
- At CeBit2014, Volkswagen’s Data Lab chose splunk to demonstrate the power of the machine data generated by their next generation of electric vehicle – the e-up. There are some very interesting concepts and innovations in this dashboard. First is its capability to replay any vehicle’s journey for the selected time range. In the lower left, you can see the scrub controls, and vehicle activity is marked by a simple histogram. All available sensors on the vehicle are “played back” in real-time or fast-forward mode, including vehicle speed, engine RPM, battery status, vehicle range, outdoor temperature, door and headlight status. This is a really great example of Splunk’s capabilities as a developer platform. Using Splunk 6’s built in web framework, a web developer was quickly able to develop an engaging and compelling dashboard in far less time than it would have taken using traditional or competing web data frameworks.
- What does this platform look like? The platform consists of 2 layer: A core engine and an interface layer On top of the platform you can’t run a broad spectrum of content that supports use cases Use cases range from application mgmt. and IT operations, to ES and PCI compliance, to web analytics The core engine provides the basic services for real time data input, indexing and search as well alerting, large scale distributed processing and role based access The Interface layer consist of the basic UI for search, reporting and visualization – it contains developer interfaces, the REST API and SDKs The SDKs provide a convenient access to core engine services in a variety of programing language environments. These programmatic interfaces allow you to either: extend Splunk integrate Splunk with other applications build completely new applications from scratch that require OI or analytical services that Splunk provides
- Endpoints designed to have long life spans with availability in mind Usually has an Embedded Operating System and Software Limited memory and storage Different Components – HMI, Historian, PLC, Embedded Cyber to Physical – A software based system that has the capability to have a physical effect
- Lets start with today’s ever changing threat landscape: With all the news on cyber attacks and security breaches, you know we are constantly up against 3 very sophisticated adversaries: the cyber criminals, the nation states and also the malicious Insiders; All going after major stakes of our life, our company and our nation.
- SANS SCADA Security Survey found that 70% of respondents are most concerned about “Preventing Control System Service Interruption” and are most worried about “HMI, Servers and Workstations”. https://www.sans.org/reading-room/whitepapers/analyst/results-scada-security-survey-35135 One of the top ICS CERT Recommended Practices is to “Increase Logging Capabilities”. The other top recommendation is user behavior analysis. https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B https://ics-cert.us-cert.gov/Recommended-Practices#nogo Most technology in the ICS / SCADA industry is decades old and the market is looking for new solutions. Operations staff need solutions to decrease MTTR and keep facilities operational Security staff are looking for better visibility and monitoring capabilities for Control Systems Management wants to leverage IoT, ICS, SCADA data for better business intelligence solutions Audit often has regulatory requirements to meet and need improved capabilities in reporting and compliance
- What role doe Splunk’s solution play in the new security Universe ? Splunk is the Brain, the Nerve center. There are four key categories of solutions we work with : They bring the sensory info from end points to the network, contextual info from users to business Apps, and threat trends& visibility at global level (It is about intelligence, collecting information, deriving intelligence and sharing them!) Intelligence sharing is front and center of the WH Security summit, we are enabling our customers to do exactly that!
- Without our sponsors we couldn’t be here today. So please stop by outside this room in the pavilion. Thanks to all of you for being here and most of all sponsoring our happy hour!
- Without our sponsors we couldn’t be here today. So please stop by outside this room in the pavilion. Thanks to all of you for being here and most of all sponsoring our happy hour!