Every year at SplunkLive! Zurich, IT experts from various industries come together to learn how to gain an advantage by analyzing their machine data, exchange ideas, and connect with their peers within the IT community.
This year we had five organizations from different industries with many different use cases demonstrating what’s possible with machine data. We were lucky to hear how Raiffeisen Schweiz, Swisscom, SBB, SIX Payments and Novartis have all progressed their unique data journeys.
Simon Züst, Head of Fraud Detection & Mobile Apps is responsible for a team of seven, developing the threat detection system for E-banking, technical fraud investigations, security architecture as well as developing mobile apps. Simon covered the threat landscape in E-Banking, discussing the three main attack points and deep diving into the Retefe Banking Trojan techniques. From there he moved to explain the use cases for log-based detection, their situation before Splunk and their journey from centralized log search for investigations to near real-time fraud detection and escalations into their banking fraud systems to protect their customers.
Michael Studer, DevOps Engineer, works in a small team who manages the Swisscom Product “Internet Booster”. Michael described the story behind the new innovative free service to compensate low broadband network speed for customers in the countryside and the story behind their Splunk dashboards. From BI Technology they know how many subscribers they have, and how many products they delivered but they had no visibility as to how many customers actually installed and are using the service. With Splunk, they built an end-to-end dashboard and broke down all steps into milestones. To gain that crucial visibility they had to collect data from many different systems involved, including Home Device Management, the User Accounting Database and more in a complex IT environment. Michael’s team haven’t stopped with just monitoring, they now provide Marketing Dashboards, Insights for customer care services whilst using Splunk for “green IT” - monitoring when a customer is no longer using the service, requesting the equipment back and recycling it.
Ursula Bühlmann, Service Delivery Manager Monitoring, presented together with Erwin Jud, Senior Security Engineer on Business Service- and Security Monitoring. Last year they attended SplunkLive! Zurich as visitors to learn what Splunk can offer, they got inspired from other customers, breakouts in the afternoon and a year later they were on stage to present their own work. Ursula shared how they planned and approached their journey to establish horizontal transparency and visibility across Rail, Network and Security as well as Applications, Platforms and IT Infrastructure by breaking down silos. The team have gone from whiteboard sessions, to selecting a business service for proof of value (ELAZ - SBB’s electronic assistant for employees on trains for pass controls, train schedule information, sell tickets etc.) doing a service decomposition workshop to data-onboarding and building two sets of glass tables in Splunk IT-Service Intelligence. Erwin Jud, from the Security Team from Telecom SBB, gave an overview from three years ago on OCT Security and today - From a centralized syslog log server to building the SOC Microcosm.
The team from SIX, shared how they are utilizing Machine Data and Splunk IT Service Intelligence to monitor their most critical company services. Thomas, Senior Business Engineer, explained how cashless payments work, involved parties, the payment authorization process to payment settlement and the challenges they faced with their in-house developed monitoring tool. He explained what traditional monitoring tools offer, what can be accomplished by just using Splunk Enterprise and then moved into the uniqueness that ITSI brings to their organization for real time service monitoring allowing to manage dependencies and rely on adaptive thresholds for KPI’s.
Khalid Gharbaoui, Cloud Monitoring Lead at Novartis Pharma AG, shared what their public cloud strategy looks like and how they established monitoring to align with the shared responsibility model. Khalid shared how they have established capabilities for monitoring, alerting, logging and reporting across their cloud providers for different use cases - empowering public cloud operations, security, customer application support as well as reporting on billing for cost management. All of this was established with a self-service monitoring capability in mind - so that different teams and departments can quickly get their questions answered.
Thanks a lot to all the speakers and Splunk enthusiasts for spending a day with our Switzerland team - we look forward to seeing you again next year!