AWS Agility + Splunk Visibility = Cloud Success Splunk App for AWS Demo Laura Ripans, AWS Alliance Manager
Disruptive innovation and business transformation starts with data
I HAVE BEEN GIVEN AN AWS ACCOUNT!!! 3
Why is Splunk Important For AWS Customers? “Security monitoring will “You can’t protect what you make or break a technology “Security requires v isibility.” can’t see.” risk management program.” Best Practices for Securing Workloads Assessing the Risk: Yes, the Cloud Can Be Amazon Web Services in Amazon Web Services More Secure Than Your On-Premises “Intro to AWS Security” Environment Gartner, April 2015 2015 AWS Summit Series IDC, July 2015 Neil MacDonald, Greg Young Pete Lindstrom 4
Extrapolating… “You can’t gain business “You can’t operate what you “You can’t manage cost for analytics for what you can’t can’t see.” what you can’t see.” see. 5
Detailed Use Cases IT Operations Security Cost Management • • • What is my EBS footprint and posture Who added that rule in the security How many instances am I running? across all my accounts and all my regions? group that protects our application • What reserved instances have I purchased servers? • Who started/stopped/restarted what in the past? • instances and when? Where is the blocked traffic into that • What is my reserved instance utilization? VPC coming from? • What EC2 instances are underutilized and • How much am I paying per account? • perhaps overprovisioned? What was the activity trail of a particular user before and after that • How much am I using per service across • What is the traffic volume into my VPC and incident? all accounts? where is it originating from? • Alert me when a user imports key-pairs • How many reserved instances should I • Why are certain resources unreachable or when a security group allows all buy based on usage? from certain subnets/VPCs? ports • Is this account within budget this month, • List resources with missing or non- • What instances are provisioned outside and how has it tracked in the last year? conforming tags of a VPC, by whom and when? • What security groups are defined but not attached to any resource?
True End State: Complete Hybrid Visibility Index Untapped Data: Any Source, Type, Volume End-to-End Visibility Application Delivery Containers Online Services Web Services IT Operations Security GPS On- Servers Location Premises Config Networks Desktops Security, Compliance, Storage and Fraud Messaging Private EC2 Cloud RFID Telecoms Energy Online Business Analytics Meters Shopping Cart Databases CloudTrail Web Public Clickstreams Industrial Data and Cloud the Internet of Things Lambda 7
End State: Comprehensive AWS Visibility AWS Data Sources Explore Analyze Dashboard Alert Act EC2 Splunk App for AWS S3 RDS EMR SNS ELB Redshift CF Kinesis API Gateway CloudWatch CloudFront Lambda VPC Config IAM CloudTrail R53 8
Name Brief Description Notes CloudTrail API activity audit trail Low Volume/High Value Config Change management data Low Volume/High Value Config Rules Configuration rule check/evaluation Low Volume/High Value CloudWatch Metrics System/Service metrics data High Volume CloudWatch Logs Service or application logs High Volume VPC Flow Logs VPC/“Firewall” logs High Volume Supported* List Spending information for each service and Detailed Billing High Value account of AWS Services ELB Elastic Load balancer logs High Volume CloudFront Content delivery network access logs High Volume ad Splunk Data S3 S3 bucket access logs High Volume S3 (ANY) Any service or application that logs into S3 High Volume Sources Lambda Event driven computation framework High Volume Inspector Security scan/assessment Low Volume/High Value Kinesis Streams Generic streaming data High Volume IoT IoT device data High Volume *Non-inclusive list. More services may be SQS Simple queuing service High Volume supported via in-direct ingest method Custom Splunk-side collector of metadata Metadata High Volume about AWS environment 9
Splunk App for AWS: The Value Security Topology Timeline • • • View user activity Visualize your AWS Environment Compare and correlate events • • • Gain a full audit trail View resource relationships View in a time-series ribbon • • • Detect anomalous behavior Gain playback history Accelerate investigations Usage Insights Billing • • • View EC2 utilization metrics Leverage machine learning toolkit Gain view into resource cost • • • View by account, region, instance Gain billing recommendations Improve RI planning / utilization • • • Supports numerous AWS services Detect security and billing anomalies Monitor actual spend vs. forecast 10
Enhance AWS Security with Splunk 11
AWS Well Architected Framework ● Stop guessing your capacity needs ● Test systems at production scale ● Automate to make architectural experimentation easier ● Allow for evolutionary architectures ● Data-Driven architectures ● Improve through game days 12
Splunk’s AWS Credentials • AWS Advanced Technology Partner • AWS Big Data Competency • AWS Security Competency • AWS Government Competency • AWS IoT Competency • AWS MSP Technology Provider • AWS Marketplace BYOL & Private Pricing Partner • AWS IoT Launch partner for IoT analytics • AWS Security by Design Program Partner 1 st partner with published Blueprints for AWS Lambda • 1 st partner to pass SaaS extension for Well Architected framework •
Demo
Thank You
Recommend
More recommend
