Automated searches for certain conditions – what are those searches – Internal/External Firewalls
ROI/PCO are huge right now - what need does it full fill - are there other products lower price same functionality. We did due diligence. Picked the right fit. (response time, transaction tracing) Challenges: No one was looking at security toolsWe knew we needed centralized logging..Because of the inefficiencies that were going around. Looking at logs in different systems for troubleshooting and forensics. Limited with Switches and routing – that could hold internal logs. We played around with i don't even know how many open source syslog applications. Splunk was brought to my attentionFree for 500 MB – let's throw it in and see how it works...about 4 yrs ago. Initially we were just using it for centralized log collectionBut it got more embedded into our operations“I am amazed at how easy it is to index and analyze data in Splunk.
ROI/PCO are huge right now - what need does it full fill - are there other products lower price same functionality. We did due diligence. Picked the right fit. (response time, transaction tracing) Challenges: No one was looking at security toolsWe knew we needed centralized logging..Because of the inefficiencies that were going around. Looking at logs in different systems for troubleshooting and forensics. Limited with Switches and routing – that could hold internal logs. We played around with i don't even know how many open source syslog applications. Splunk was brought to my attentionFree for 500 MB – let's throw it in and see how it works...about 4 yrs ago. Initially we were just using it for centralized log collectionBut it got more embedded into our operations“I am amazed at how easy it is to index and analyze data in Splunk.
Network knew what type of user you were – student, faculty staffWe needed to take 10. address space to cut it upNetwork Access Translation: private vs public address
Alert goes out to campus policeIf it's wireless we put it up on a University map down to floor and roomNarrow down to a cable location
Installing 4.3 was super easy2 yr effort to support ipv6 natively on campus.Analyzing Netflow data – which buckets that have which IP addresses
Online MBA program, some other online programs less familiar.Dept education - dear colleague letter - concerned about financial aid fraud in higher edu. Some controls are comparing geo location from where they register, where they do their test, where they lived etc. etc.