Customer led webinars are always an eye opener and the recent Splunk webinar “Learn How Equinix Uses Splunk as a Cloud-Based SIEM” on March 31, 2016, was no exception.
George Do, CISO @ Equinix, discussed Equinix’s InfoSec drivers, Equinix’s vision for “SIEM in the Cloud” and provided detailed information on how Equinix is using Splunk Cloud and Splunk Enterprise Security to solve a wide range of security use cases and its value to Equinix.
The webinar was attended by Splunk customers and as well as non-customers. 98% of the poll respondents used a SIEM reflecting the wide-spread adoption of SIEM. 63% of the customers’ supported 10 SaaS applications and more than 32% of the customers supported 50 or more SaaS applications indicating the continued adoption of SaaS workloads.
Attendees posed more than 40 questions covering architecture, security, deployment, operations, scalability and cost of ownership indicating the growing interest in using SIEM in the Cloud.
Realizing Vision for SIEM in the Cloud
Equinix was looking to use Security Information Event Management (SIEM) as the key component of their security operations platform, without the overhead of purchasing, installing and managing hardware and software. Key factors that influenced Equinix to select a Cloud based SIEM were economic value, ease of deployment and the flexibility of the subscription model.
Key SIEM in the Cloud security use cases
Equinix goal is to protect customers, employee and data. Equinix maintains a traditional security infrastructure to detect malware on desk tops, user endpoints and servers.
Splunk Enterprise Security is used to alert and report on systems with malware and systems initiating command and control activity. Splunk Enterprise Security is also used to protect users by detecting access anomalies, i.e., users violating the land speed and system compromises.
Equinix improved threat identification, reduced remediation cycle times and was able to demonstrate regulatory compliance.
Using Splunk’s cloud-based SIEM, Equinix was able to deploy a SIEM/security intelligence solution as a cloud-based service. With Splunk Cloud and Enterprise Security, Equinix built 50 correlation rules and could focus on the critical and high priority alerts only. Equinix could transform roughly 12 billion raw events into 24,000 IOC (Indicators of Compromise) and ultimately into 143 actionable alerts.
My favorite part of the webinar was when George shared the real-time Equinix “CISO dashboard” which is used to summarize the security posture to the executive team and shareholders.
Why did Equinix select Splunk?
Equinix evaluated several solutions before choosing Splunk Enterprise Security and Splunk Cloud for its SIEM in the Cloud solution:
- Availability of ready to use Splunk Apps and add-ons that provided insight into all security relevant data. Equinix leveraged the free apps, which it did not have to build. Apps were useful to help frame the data. Equinix compares the App data and uses them for in-house use cases.
- Ability to search across all data sets was critical and a fundamental capability that helped Equinix to automate and reduce the noise from the 12 Billion events to 143 actionable alerts.
- Single pane of glass for use across Cloud and on-premise data
- Security of Splunk Cloud. Splunk Cloud encrypts all data in transit and has 3rd party validation of security services (SOC2 Type II attestation and ISO 27001)
- Splunk Cloud scaled to handle Equinix’s growing demand without having to worry about infrastructure acquisition and deployment.
How can you benefit?
The Splunk cloud-based SIEM solution helps you to realize value right out of the box with the help of pre-built dashboards, reports, incident response workflows, analytics, correlation searches and security indicators that simplify threat management and minimize risk.
Contact us to learn more and realize these benefits yourself.
Director, Security Product Marketing