On October 18th, .conf Go was held in Paris. It was the first opportunity post-pandemic for us to meet with our peers and discuss the latest developments in cybersecurity and observability. Operational resilience was high on the agenda and we discussed it with two of Splunk’s customers: David Charpagne, Global SOC Manager at Carrefour, and Youssef Kilany, Director of Architecture and Production at Net-entreprises (GIP-MDS).
What is operational resilience?
It’s about empowering your business to operate optimally in all circumstances, even if you have no idea what lies ahead. Today’s organizations are constantly facing new challenges and need to be prepared for unpredictable market events and cyber threats that are becoming more frequent and sophisticated. Organizations also have to learn to operate in increasingly complex environments. This is particularly relevant given the new DORA regulations, which establish a set of guidelines that financial services organizations will have to use to demonstrate their operational resilience, i.e., that they are able to withstand major unexpected events.
A good solution for operational resilience should provide all the tools you need to deal effectively with uncertainty. But how? Splunk, brings all of your data together on a single platform, regardless of source and scale, so you can quickly and easily detect, identify, and respond to incidents. Whether it’s supervising your services, ensuring the proper functioning of your infrastructure, managing your apps, or protecting yourself from emerging threats. Operational resilience is the remedy that ensures IT professionals can sleep soundly at night!
Operational resilience: feedback from Splunk’s Customers
The .conf Go Paris event was an opportunity for two long-time Splunk customers to share their operational resilience experiences and why they use Splunk.
Operational resilience resolves issues for Net-entreprises
“Moving from reactive to proactive”
According to Youssef Kilany, Director of Architecture and Production for Net-entreprises (GIP-MDS), Splunk’s operational resilience solutions have enabled his company to “move from being reactive to proactive.” In other words, its teams can now identify incidents and sticking points before they cause damage, instead of waiting for reports from customers. This approach enabled them to “transition from firefighter mode” and focus on higher value-added activities, such as developing new business applications or improving existing systems.
Specifically, Net-entreprises’ environment based on proactive analysis and hyper-vision has been particularly useful for optimizing operations on two crucial fronts:
At Net-entreprises, every file counts. The slightest loss or error in data routing can have serious repercussions on users. But in the past, the group sometimes had to contact multiple agencies to collect the necessary information. In order to optimize workflow, Youssef Kilany uses Splunk to ensure that he has a comprehensive view of the system at all times, which enables him to identify problems in real-time and react immediately.
The solutions adopted by Net-entreprises make it possible to avoid bottlenecks and resolve issues before they arise. Whether it’s managing a drop in flows, anticipating flow saturation or identifying retail difficulties, the company has managed to reduce the number of incidents by about 30% and gain resilience by not having to constantly deal with emergencies.
Operational resilience, Carrefour’s security SaaS
“SOC uses Splunk to be efficient and responsive”
At Carrefour, the day-to-day challenges are very different. David Charpagne can rely on Splunk SaaS which enables him to outsource data storage. The company’s SOC manager considers “(his) data is safe at Splunk,” especially in light of the range of attacks a retail giant like Carrefour faces.
Cybersecurity has changed a lot, and cyber resilience is now a top priority.
The management of systems and databases related to incident detection tools was previously part of a SOC’s role, and reliability could be an issue. With the move to cloud solutions like Splunk SaaS, analysts can focus on their core role of creating security incident detection and processing cases.
In order to operate successfully, the SOC (Security Operations Center) address security issues in real time, while continually looking for ways to improve the company’s security.
In the cybersecurity world, it is crucial to be able to create, refine, and nest queries in real-time, based on individual incident details. The solutions implemented must also use simple language. They must be accessible to analysts who don’t necessarily have development skills and often have to work under pressure. It is thanks to this exceptional flexibility and simplicity that “everyone at Carrefour is convinced that Splunk’s role in ensuring the SOC is efficient and responsive.”
Want to learn more about Splunk's cyber and operational resiliency solutions? Our website features all the recaps of .conf 22, which was held in Las Vegas last June. You can also find out more about operational resilience on Splunk’s website.