Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
A couple of weeks ago, I was in one my favourite cities for SplunkLive Stockholm. We had a couple of hundred people in one of the most impressive rooms we’ve ever had a SplunkLive in. It felt more like the setting of Romeo and Juliet (as far as I know, there weren’t any declarations of undying love – not even for machine data).
This year we were very happy to have Statnett, Klarna and IKEA presenting on how they use Splunk.
Statnett
Statnett own, build and maintain the Norwegian power grid and “make sure the lights are on in Norway”. We had Linus from Statnett talking about how they “monitor all the things” using Splunk and how this feeds into their troubleshooting, DevOps, IT Service Management and security programs. The challenges they faced included issues such as how do you troubleshoot, monitor and secure 1000s of servers and network devices. You can see their presentation on SlideShare below:
Klarna
Next up was Henrik from Klarna who are an eCommerce company that provides payment services for online retail. Henrik spoke about how they work in 18 markets, with 250,000 payments a day from 35 million users. They explained how they started using Splunk in engineering for a distributed payments system and security monitoring of correlated events. They spoke about how over 50% of their 1200 employees have access to Splunk in IT Operations, development, technical sales, merchant customer support, operation analytics and business intelligence (truly making machine data accessible, usable and valuable to everyone…). They ended up talking about their security operations team and how Splunk is used to monitor and correlate authentication events, malware, firewall/netflow data, vulnerability management and address allocation. Their presentation is below:
IKEA
Last but by no means least was Magnus Johansson, Splunk Ninja at IKEA. He was presenting on how and why IKEA replaced their existing SIEM with Splunk:
He spoke about the new demands required of a security intelligence platform and the big wins on the way to SIEM replacement. First of these was the ability to monitor eCommerce systems. The adoption of Splunk enabled the eCommerce team to go from reactive troubleshooting to being much more proactive by correlating multiple data sources to show the business impact of any issues. The time to troubleshoot problems came down from days or weeks to minutes.
The second big win on the way to replacing their SIEM was that they started to deliver business analytics in four key areas:
During the implementation of Splunk as their new SIEM/security intelligence platform, they found that Splunk started off as an enabler to allow greater collaboration when working with security intelligence. The IKEA security teams then started to look into the “background noise” in the machine data. They detected new risk areas and insight into areas such as:
IKEA are now managing over a TB of machine data a day in Splunk from a huge number of sources including 1000 AIX servers, 3500 Linux servers, 5500 Windows servers and 100,000 Windows clients
Magnus summarised their enterprise security journey and the benefits along the way below:
IKEA are now using Splunk for enterprise wide security and they explained the key benefits as:
IKEA’s presentation can be found below:
Many thanks to everyone who attended and special thanks to Linus, Henrik and Magnus.
As always, thanks for reading and hopefully see you at a SplunkLive soon.
----------------------------------------------------
Thanks!
Matt Davies
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.