AWS Agility + Splunk Visibility = Cloud Success Splunk App for AWS - - PowerPoint PPT Presentation

AWS Agility + Splunk Visibility = Cloud Success Splunk App for AWS Demo

Laura Ripans, AWS Alliance Manager

Disruptive innovation and business transformation starts with data

3

I HAVE BEEN GIVEN AN AWS ACCOUNT!!!

Why is Splunk Important For AWS Customers?

4

“You can’t protect what you can’t see.”

Best Practices for Securing Workloads in Amazon Web Services Gartner, April 2015 Neil MacDonald, Greg Young

“Security monitoring will make or break a technology risk management program.” “Security requires visibility.”

Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015 Pete Lindstrom Amazon Web Services “Intro to AWS Security” 2015 AWS Summit Series

Extrapolating…

5

“You can’t operate what you can’t see.” “You can’t manage cost for what you can’t see.” “You can’t gain business analytics for what you can’t see.

IT Operations

• What is my EBS footprint and posture

across all my accounts and all my regions?

• Who started/stopped/restarted what

instances and when?

• What EC2 instances are underutilized and

perhaps overprovisioned?

• What is the traffic volume into my VPC and

where is it originating from?

• Why are certain resources unreachable

from certain subnets/VPCs?

• List resources with missing or non-

conforming tags

Security

• Who added that rule in the security

group that protects our application servers?

• Where is the blocked traffic into that

VPC coming from?

• What was the activity trail of a

particular user before and after that incident?

• Alert me when a user imports key-pairs
• r when a security group allows all

ports

• What instances are provisioned outside
• f a VPC, by whom and when?
• What security groups are defined but

not attached to any resource?

Detailed Use Cases

Cost Management

• How many instances am I running?
• What reserved instances have I purchased

in the past?

• What is my reserved instance utilization?
• How much am I paying per account?
• How much am I using per service across

all accounts?

• How many reserved instances should I

buy based on usage?

• Is this account within budget this month,

and how has it tracked in the last year?

7

True End State: Complete Hybrid Visibility

Index Untapped Data: Any Source, Type, Volume

Online Services Web Services Servers Security GPS Location Storage Desktops Networks Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters RFID

On- Premises Private Cloud

End-to-End Visibility Application Delivery Security, Compliance, and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things

Public Cloud

Config Lambda EC2

Containers

CloudTrail

End State: Comprehensive AWS Visibility

Splunk App for AWS

Explore Analyze Dashboard Alert

AWS Data Sources

EC2 EMR Kinesis R53 VPC ELB S3 CloudFront CloudTrail CloudWatch Redshift SNS API Gateway Config RDS CF IAM Lambda

8

Act

9 Name Brief Description Notes

CloudTrail API activity audit trail Low Volume/High Value Config Change management data Low Volume/High Value Config Rules Configuration rule check/evaluation Low Volume/High Value CloudWatch Metrics System/Service metrics data High Volume CloudWatch Logs Service or application logs High Volume VPC Flow Logs VPC/“Firewall” logs High Volume Detailed Billing Spending information for each service and account High Value ELB Elastic Load balancer logs High Volume CloudFront Content delivery network access logs High Volume S3 S3 bucket access logs High Volume S3 (ANY) Any service or application that logs into S3 High Volume Lambda Event driven computation framework High Volume Inspector Security scan/assessment Low Volume/High Value Kinesis Streams Generic streaming data High Volume IoT IoT device data High Volume SQS Simple queuing service High Volume Metadata Custom Splunk-side collector of metadata about AWS environment High Volume

Supported* List

• f AWS Services

ad Splunk Data Sources

*Non-inclusive list. More services may be supported via in-direct ingest method

Splunk App for AWS: The Value

10

Security Topology Timeline Usage Insights Billing

• View user activity
• Gain a full audit trail
• Detect anomalous behavior
• View EC2 utilization metrics
• View by account, region, instance
• Supports numerous AWS services
• Visualize your AWS Environment
• View resource relationships
• Gain playback history
• Compare and correlate events
• View in a time-series ribbon
• Accelerate investigations
• Leverage machine learning toolkit
• Gain billing recommendations
• Detect security and billing anomalies
• Gain view into resource cost
• Improve RI planning / utilization
• Monitor actual spend vs. forecast

Enhance AWS Security with Splunk

11

AWS Well Architected Framework

• Stop guessing your capacity needs
• Test systems at production scale
• Automate to make architectural experimentation

easier

• Allow for evolutionary architectures
• Data-Driven architectures
• Improve through game days

12

Splunk’s AWS Credentials

• AWS Advanced Technology Partner
• AWS Big Data Competency
• AWS Security Competency
• AWS Government Competency
• AWS IoT Competency
• AWS MSP Technology Provider
• AWS Marketplace BYOL & Private Pricing Partner
• AWS IoT Launch partner for IoT analytics
• AWS Security by Design Program Partner
• 1st partner with published Blueprints for AWS Lambda
• 1st partner to pass SaaS extension for Well Architected framework

Demo

Thank You