Splunk at Netsmart

Improving IT Visibility and Response

Overview

Industry

  • Healthcare (SaaS and software-delivered)

Splunk Use Cases

  • Application Management
  • Security Investigations
  • Compliance Monitoring
  • Peformance Monitoring/Capacity Planning

Data Sources

  • Server and web sever logs and metrics
  • Virtualization platforms
  • Custom and packaged application logs
  • IP Backbone logs and metrics
  • Storage logs

The Splunk Moment

During Netsmart's SAS 70 audit, Splunk presented much of the log data needed for meeting most of the audit requirements - the first time. The Security and Compliance teams agreed, Splunk was a key part of passing.

Download

Success Story
Splunk at Netsmart

“Splunk has enabled us to be more proactive in managing our IT environment.”
Keith Goedde
Director of Security and Compliance

The Business

Netsmart provides on-demand and traditional software solutions to automate key financial, clinical, and management processes for more than 18,000 organizations in a variety of health and human services sectors. Its customers include individual private practices, small group providers, community health centers, counties and nearly 40 state systems. Delivering SaaS-based solutions reliably, securely and efficiently demands a high level of visibility into the IT environment. A growing customer base and tighter compliance standards were driving Netsmart to increase that visibility.

Limitations

For a detailed view of its SaaS environment, Netsmart needed to access massive volumes of log data, such as web server, backup and software patch-level logs. These logs were silod, scattered across dozens of servers, leaving Netsmart without a single view and with no ability to correlate or search other than using tedious and manual processes. These silod IT processes made incident investigation, problem resolution and compliance reporting difficult and capacity planning inefficient and time-consuming for their IT staff.

Furthermore, not every IT staff member needed or merited access to every type of log, but managing permissions on a server-by-server basis proved challenging. In addition, granting everyone access to all servers presented compliance and security issues.

The Splunking

The Netsmart team utilizes Splunk for troubleshooting, incident investigations, compliance reporting and capacity planning.

Operations

Splunk enables Netsmart to detect and investigate network, server, and storage issues relating to their physical and virtual infrastructures--including logs, performance data, metrics, alerts, traps, and configurations. Correlation between previously isolated data makes troubleshooting faster and easier with Splunk. An incorrect change to a configuration file, for example, could cause a mission-critical application to go down. When log files begin displaying errors, Splunk can correlate errors against configuration changes and notify Netsmart personnel, slashing resolution time.

Compliance

Splunk has automated Netsmart's compliance monitoring and reporting using the Splunk Enterprise Security Suite (ESS) for ISO compliance. The ESS ISO governance dashboard details their current posture, analyzes relevant log data and flags anomalous events. There is a report generated by the ISO dashboard that puts the dashboard item in a critical state, should the integrity of the log entries change. In ESS, Netsmart security policies can be configured to align with and help meet mandated requirements for data retention, log review, incident detection, audit trail and compliance reporting.

Breakthroughs

Productivity

The Netsmart team no longer looks for answers in many different places. By indexing all their machine data in one place, Netsmart can search and report on it immediately. Netsmart can instantly review a timeline of search results to identify trends or zoom in to isolate a single incident. This multi-dimensional view across their entire infrastructure - physical and virtual - has improved productivity and proactivity.

Responsiveness

IT can now get the information they need when they need it. Failed login reports could take hours to run in the past. With Splunk, reports are generated within minutes. And the Splunk powerful ad hoc reporting enables Netsmart to create new reports or modify existing reports in minutes to adapt to changing conditions and requirements.

Secure access

Protecting the network from external threats is important, but managing internal access to data is equally as critical. Under Splunk, role-based permissions for managing Splunk are integrated in one place rather than each individual system Integration with Active Directory allows staff to deploy dashboards and share searches based on their individual roles defined within Splunk.

.

Insights

Before Splunk, the task of estimating growth and determining storage needs was a cumbersome job. One of the unexpected benefits of Splunk was its ability to accurately analyze machine data for capacity planning. With Splunk, Netsmart has now developed executive-level dashboards for capacity planning.