Splunk at the NCCDC 2011

Fellow Splunkers,

I am happy to be representing Splunk here in the Alamo City (aka San Antonio, Texas) at the National Collegiate Cyber Defense Competition where Splunk is a Silver Sponsor.

While I won’t have time to visit the Alamo basement on this trip, I do have the opportunity to observe and interact with some of the nation’s most talented security neophytes.

Following this morning’s keynote address, the scenario for this year’s competition was revealed:

  • Each team has just been hired to run IT services for an online drug company
  • The previous IT team was just recently let go, and suffice it to say the breakup didn’t go so well
  • The current corporate infrastructure consists of a traditional data center with certain services that must maintain SLA as well as a cloud environment that must maintain similar SLA

The real adversaries in this exercise are a talented group of security professionals that combine to form the ‘Red Team’.  The students must take this inherited environment, assess their current service status and defense posture, and then maintain their SLA while defending their networks from nefarious intruders.

Teams can use only approved software (including Splunk, McAfee EPO, and others) on their systems, and have various other restrictions that keep the competition very true to a real life scenario.  For example, at a real corporation, the IT team can’t decide to reimage all the web servers during peak business hours; likewise, they can’t scan or probe their attackers.

Two topics that have been mentioned several times this morning bear repeating here:

  • The energy and enthusiasm level that these competitors bring to the event is tangible and palpable
  • These competitors are truly the future in the race to secure our government and corporate assets

Splunk is providing each team with a briefing that will get them started using Splunk to manage their logs, find the needle in the haystack, and maintain digital situational awareness.

In addition, the contestants are free to use (tag: nccdc) to get help installing, configuring, and using Splunk.

Splunk is also being used in the operations hub for the event to provide operational intelligence:

Splunk in the NCCDC Operations hub

Finally, Splunk will be sending one of our local Texas cowboys to attend the recruiting mixer tomorrow.

Special thanks go to Dwayne Williams and his staff for this great event.  They have done a magnificent job in staging, planning, and logistics, and deserve all the credit in the world.

Splunk is looking forward to being associated with this event for the foreseeable future, and we also look forward to increasing involvement and sponsorship.


Alex Raitz

Posted by


Join the Discussion