Every year at SplunkLive! Zurich, IT experts from various industries come together to learn how to gain an advantage by analysing their machine data, exchange ideas, and connect with their peers within the IT community.
This year we had a great lineup of customer presentations, coming from three different industries, and who have all used Splunk for a number of years already. Swisscom, a private swiss bank, and Helvetia shared insights and an overview of the evolution they have gone through on their journey with Splunk.
Private Swiss Bank | Marves GmbH
Sebastian Schoer, Senior IT & Business Consultant at Marves, shared three user stories implemented at a private swiss bank. He explained what pre-tasks have to be done before going into “the tech bits and bytes” of a Splunk ITSI project for end-to-end service monitoring. He also showcased several glasstables and service views which the bank is now using to gain insights, and keep a cool head for critical business applications.
Florian Leibenzeder, Deputy Head of the Swisscom CSIRT, shared what the Splunk installation looks like, the security use cases that have been identified with Splunk to defend against digital threats, and what makes Swisscom CSIRT operations efficient. He presented some examples on; how the team runs domain monitoring for typosquatting, integrating Splunk with sysmon and virustotal for automated binary triage, and using Splunk with the corporate messenger for subsequent analysis.
Dominique Vocat, the “go-to” guy for anything Splunk at Helvetia, shared how the company initially started ten years ago with Splunk to collect event log entries from its windows clients. It then evolved to the de-facto logging platform, and the developers’ one-stop solution for troubleshooting and analysis. Today, Helvetia has started to implement a Security Operations Center, and is using Splunk as its SIEM solution. Domonique gave insights into how the team operates and manages the logging platform, including internal billing, gaining insights into IP telephony, and breaking down silos in security with SIEM.
Thanks a lot to all the speakers and Splunk enthusiasts for spending a day with our Switzerland team - we look forward to see you again next year!