2. giovedì 7 aprile 2016giovedì 7 aprile 2016
A heterogeneous
Splunk adoption
All you can eat!
3. SAIPEM
A Leading Global EP(I)C General Contractor
Operating in more than 60 countries
~45,000 employees
from >129 nationalities
29 engineering and project
execution centers worldwide
11 fabrication yards in 5 continents
Engineering & Construction
Full service EP(I)C provider
Distinctive ‘frontier focus’ in Oil & Gas industries
Most modern, technologically advanced
offshore construction fleet
Drilling
High quality player onshore
and in niches offshore
4. 3 main datacenters: San Donato Milanese, Paris, Chennai
114 remote sites
46 vessels
3000 servers
85% virtual
5 petabytes
100 MPLS link
90 satellite links
50 VoIP call managers, 300 videoconference endpoints
SAIPEM
IT Figures
6. Splunk at Saipem timeline
Domains of adoption by year
REGULATIONS
Meet SOX and
Privacy compliance
2012
GOVERNANCE
IT VISION &
IT OPERATION
Dashboards
2013
RELIABILITY
Gain visibility on
backup coverage
and policies
2014
SECURITY
Manage security
events with Saipem
SIEM
2015
Splunk: a useful
tool which has
found different
application fields…
2016
7. Splunk Sources
MDM ActiveSync
uberAgent
Endpoint
Infrastructure
Network
Server
FirewallIPS
Next Generation
Firewall
Proxy
Authentication
Network devices, DHCP, Load Balancer AntiSpam, DNS & HTTP accelerator VPN
Web Application
Firewall
CMDB IP Management
Licenses Backup
IPPlan MDM, ActiveSync
Anti-malware,
Vulnerability Assessment
Audit Authentication
IPPlan
System
Management
AD
DB Activity Monitor
AvailabilityApplications Web Servers,
Application Servers
10. Splunk CORE (Infrastructure)
Compliance
Log Management & Security Services
Infrastructure
Log Management
Active Directory
Account Control
Application
Log Management
login/logout AdS
Adaptive
Perimeter
L.I.S.A. Log Continuity Controlli Syslog Controllo Accesso
Firewall
DHCP investigation
Web Application
Firewal
Layer Authentication
Compliance & Security
Vulnerability
Assessment
Endpoint ProtectionMDM
Next Generation
Firewall
Proxy
Lockout Analysis
Splunk Monitoring
Remote
Management
VPN Dashboard
(login, deny)
User Investigation
Log
Governance
Utilities & Services
Remote Vendor Access Network Devices Internet Access
Admin accounts
Anomalies
Security
Security DomainsAdvanced Threats
Event Investigator
Identity Investigator
Asset Investigator
Security Posture
Incident Review
Risk Analysis
Threat Activity
Protocol Intelligence
HTTP Analysis
Traffic Size Analysis
Access Endpoint Network Identity
Access Center
Account Management
Default Account Activity
Malware Center
Endpoint Changes
Update Center
Traffic Center
Intrusion Center
Vulnerability Center
Asset Center
Identity Center
Session Center
SIEM
Security Operation
VPN Sessions
VPN Client details
Malware Investigation
Security
Overview
IP Analysis
HTTP
Accelerator
FirewallIDSLoad Balancer Availability Server Audit
Integrated
Risk
Antispam
WAFIPS
Saipem.com monitoring
Regional Security
11. Internet Access – Authentication Need
Proxy authentication needs browser authentication
SAIPEM INTRANET
Authenticated
SESSION
* * * * * * *
INTERNET
Ticket
Kerberos
John Doe
Proxy
Server
EMPLOYE
E
EXTERNA
L
12. Internet Access – “We already know those guys!”
Which information are collected with Splunk
Domain
Authentication
AD
Wi-Fi
Authentication
VPN
Authentication
13. Internet Access - Splunk “Under the hood”
Splunk sends authenticated users to the proxy
AUTHENTICATED
USERS
Correlation
& Enrichment
Proxy
Server
USER + IP
SESSIONS
The flow is constantly monitored
14. Monthly Security reports – The Past
Central IT collects global reports
• Antivirus
• Intrusion Prevention
• Vulnerability
• Mobility
Antivirus
Intrusion Prevention
Vulnerability
Mobility
SOC Head of
Security
Manager
16. Monthly Security reports – New solution
One dashboard to rule them all
«Regional»
Geolocation DATA REPRESENTATION
FILTERED
VIEW
Next Generation
Firewall
Intrusion Prevention
System
Endpoint Protection
Antivirus Protection
Vulnerability
Management
Mobile Device
Management
17. Monthly Security reports – Tailored monthly Security reports
Less is more
Geographical scope
Enhanced visibility
Less effort
18. IPS Load Balancer Web Application FW IDS Firewall
Saipem.com - Security Overview
One-stop dashboard for security monitoring
Infrastructure status
Application status
User categorization
HTTP Accelerator
19. Saipem.com - IP Analysis
Tell me who you are and I will tell you your story
Geolocalization
User agents
Threatscore Correlation
20. Saipem.com - Investigation
Details for every pillar of the security architecture
Vertical drilldown
Anomaly detection
Predictive analysis
Curzio thanks Cristian and introduces Saipem for ITOps Use case presentation
[INTRODUCE DEMO PRESENTER]
[Calll out that demo is using Splunk Cloud]
[HAND OFF AV TO DEMO MACHINE FEED]
Thank you for that outstanding demo.
We just saw how Splunk used that same raw machine data to address a variety of use cases.
So let’s walk through a bit of detail on how Splunk delivers Operational Intelligence, starting with the platforms – Splunk Enterprise and Splunk Cloud.