During .conf2015 we were pleased to play host to a session about one company’s transition to Splunk Cloud. Read on to learn more, but check the session recording for more details — and be sure to grab a copy of the presentation itself for reference.
Moving more than 250 million tons of commodities, Aurizon is one of the largest rail freight operators in Australia. Şebnem Kürklü, an information security manager, joined the company with a focus on improving IT security, vendor and service provider relationships, increase risk awareness in business units, and to leverage investment in current technologies. A full plate for anyone.
The Aurizon IT landscape
Aurizon outsources much of its IT to Fujitsu, though it maintains functions such as architecture and design, security, governance, and project delivery internally. That said, soon after joining the company Şebnem discovered that she had little visibility into the network and the overall environment.
Fortunately Aurizon had a pre-existing on-prem Splunk deployment that already had an enterprise security app monitoring malware events, performance of some directory servers, privileged access changes, code of conduct breaches, and internal application errors. However, it was only licensed for 20GB of data, there was not an internal support team assigned to make the most use of it, nor were there internal compute resources in place.
After evaluating Splunk and determining it was the right tool for the job they needed, Şebnem and her team determined that a 100GB license was ideal. They evaluated both physical and virtual deployments and determined that it would take a great deal of time, effort and resources to move to one of these deployments.
Making the case
Şebnem made a case to her management team for budget by citing:
- Reduced monthly operating costs (while improving performance)
- 100% availability without creating a full DR replica of the system
- Reduced system administration and maintenance tasks
- Operation intelligence could be advanced
- Indexing capacity could be increased with additional licenses but without platform changes
- More data could be retained without increasing operating costs
Now that you know why Aurizon chose Splunk Cloud, learn more about how they rolled it out and configured it by watching the presentation recording and checking out the presentation itself:
Save the date and RESERVE YOUR SPOT for .conf2016:
Sept 26-29, 2016 | Walt Disney World Swan and Dolphin Resort