Leveraging Splunk Dashboards for Executive Visibility

For much of IT and cybersecurity history, data analytics has been a reactive process. Tools and teams relied on operational reporting that looked at databases, data warehouses and other systems of record to inform their decision-making. Real-time data that could inform leaders of the systems’ current posture were typically siloed and only seen by the specialized technology folks responsible for that technology silo, i.e. application logs, database logs, physical and virtualized server logs, containers and numerous other devices such as routers, firewalls and cloud services.

The Ponemon Institute estimates that public sector outages cost an average of $476,000 each. Outages due to a breach or ransomware attack can cause these costs to skyrocket. Determining the impact of downtime or a slowdown on productivity caused by a failure or breach is much more straightforward — productivity cost = the number of employees impacted by downtime or slowdown x hourly rate of pay. For government entities, this is the main concern since they do not experience customer churn.

When real-time data is siloed among the teams managing those devices, it is difficult to use it to inform decisions or even help resolve an incident. Typically, when an incident occurs, if it isn’t obvious what occurred to any of the teams looking at their data sets, a war room is convened. There are two problems with this very common scenario. First, it's only after or during an incident that this mitigation effort is being performed and the damage has already been done. And, second, it often turns into a “mean time to innocence” exercise with everyone trying to prove that their portion of the tech stack is not at fault. The question becomes not how to prevent disruption, but how to deliver critical services in the face of an attack or outage. Having a holistic view of your real-time posture eliminates these siloed views of data that require war rooms to investigate and resolve issues. Being predictive with real-time data that allows the team to avoid or minimize outages, slowdowns, and breaches is the holy grail for IT.

91% of government cybersecurity professionals said their organization needs a mature, overarching strategy for resilience, according to a recent survey by Meritalk and Splunk. But the same group reports that public sector leadership still thinks of resilience in terms of simple compliance and risk management. Splunk is not the first product that comes to mind as a visualization tool. But when it comes to real-time visualization of an organization's posture, Splunk's ability to ingest and analyze digital data streaming from devices, applications, on-premises and cloud services into a consolidated view provides executive insights that other operational reporting or data warehousing visualization tools cannot.

Because Splunk provides insights into real-time data sources like logs, metrics, events, and traces, Splunk dashboards can be used by nearly every leader to determine their current posture. Unlike static operational reports or historical reports, the real-time nature of these dashboards allows executives to be proactive, have greater visibility, reduce downtime and performance issues and save money and resources.

Proactive approach: For much of IT and cybersecurity history, data analytics has been a reactive process. Splunk, leveraging real-time data, enables a more proactive posture through data mining, predictive strategies and machine learning algorithms to identify patterns that weren’t easily uncovered using previously available methods and tools.

Greater visibility: Modern IT infrastructures are a heterogeneous mix of physical and virtual servers, public and private clouds, databases and applications with complex interdependencies — all of which create visibility challenges for IT teams. Real-time data coupled with Splunk as a unified monitoring and analytics tool provides executives with a single, comprehensive view into their environment to bring data to decisions.

Reduced downtime: Real-time data provides the grist to predict, prevent or detect failing components, service spikes, security threats and other infrastructure issues. By anticipating or quickly identifying these problems, teams can resolve them before significantly impacting customers.

Cost savings: Real-time data dashboards help reduce IT infrastructure costs by giving executives more insight into resource allocation and consumption, system health, and security weaknesses, among other things. With the opportunity to optimize infrastructure elements, ITOps can achieve significant cost savings.

Since 2013 Splunk has been tracking our ability to positively impact these four areas and has created customer-validated improvement benchmarks.

Value of Executive Dashboards

Organizations generate a tremendous amount of information and data, far more than any individual can review. As technology attempts to solve bigger problems and create better services it also increases the complexity of the deployment with new technologies. Add cloud services into the mix, along with maintaining legacy systems, and the amount of data generated only gets larger. Yet, executives are asked to synthesize and utilize massive amounts of data to make the smartest decisions for their agencies.

Well-designed executive dashboards present graphical representations of the state of the systems that shine an immediate spotlight on areas of concern. Executives can analyze real-time data, turning that insight into action plans, without needing to spend valuable time wading through reports or not being able to see the forest for the trees.

With Splunk this high-level view is not static and specific to the executive. Each persona can drill down into the greater context for any specific metrics on the executive view. This ensures that the leader and their teams, who are working on the solution, are using a consistent set of data to drive to resolution. Having a real-time consistent view of data not only saves executives time, but can help them better track enterprise metrics, gain better real-time insight and respond more quickly to opportunities or issues.

Dashboard Examples by Persona

Security Posture

CISO

^{Five areas to this dashboard provide real-time insight for a security leader. The four trend boxes along the top indicate which way the trend for each metric is heading and based on color if that is a positive or negative movement. Then there are two sets of graphics in the center of the dashboard that summarize security events by urgency and by security domain that gives a slightly deeper level of insight into the organization’s security posture. The bottom left graphic shows the timeline for the events grouped by security domain. Finally, on the bottom right corner is the most granular view based on the top security rules violated.}

Zero Trust Implementation Status

CEO, CIO, CISO, President, Provost, Chief Medical Officer

^{This view of a zero-trust implementation is a level up from the previous dashboard but leveraging much of the same data. This view is designed to give leadership IT and others a view into the progress of a critical implementation project. The left-hand side of the screen shows completion percentages for the key elements of the organization's zero trust implementation. The right-hand side maps those percentages to the overall project implementation timeline and completed milestones.}

Cloud Conversion/ Digital Transformation

CIO, CISO or CTO

^{Converting to cloud is a top priority for many organizations. However, getting real-time visibility into both the progress and savings realized can be a challenge. The left side of the dashboard shows the progress of both infrastructure and applications being migrated to the cloud from both the cost and percentage complete perspectives. The right side highlights cloud spend and the savings realized to date.}

WiFi

CIO or Network Operations

^{Providing high bandwidth WiFi connectivity is becoming a standard in cities, public transportation hubs and college/corporate campuses. Identifying high utilization areas and times allows organizations to optimize the performance of their WiFi by expanding service based on usage data trends. As you can see, it also supports the ability to show mobile users where there are better-performing locations and which locations to avoid.}

Workforce

HR Director

^{Even after “the great resignation,” monitoring employee satisfaction and maintaining and planning an organization's workforce is top of mind for many organizations. This dashboard provides a single view of employee work location, openings, tenure and satisfaction in a single view, allowing both executives and their human resources partners to identify areas of concern and of potential improvement.}

Healthcare Systems Provider

CCO (Chief Care Officer), CMO (Chief Medical Officer) or CNO (Chief Nursing Officer)

^{Real-time insight into staffing availability as shown on the left side of the dashboard allows department heads and CXOs to adjust schedules and optimize their caregiving resources. On the top right quadrant are important hospital metrics that could impact the availability of services and potentially having to make other accommodations. And finally the bottom right shows a snapshot of key financial metrics from the payer side of the equation.}

Splunk's ability to analyze any data type, in any format, across any time scale, and present that data in easy-to-interpret executive dashboards makes it the best platform to provide a real-time posture view for an organization’s executives. Splunk’s ability to highlight trends, patterns and anomalies in this data allows Splunk dashboards to provide vivid insights for leaders and their teams. With Splunk you can accelerate day-to-day operations to improve MTTD and MTTR, absorb shocks to better withstand and recover from system disruptions and drive transformation with visibility across all architectures to deliver on your mission

Unlike static reporting tools, the real-time nature of these dashboards allows executives to be proactive, have greater visibility, reduce downtime and predict performance issues, and consequently save money, time, and user productivity. Splunk enables your SecOps, ITOps and engineering teams to work individually and together, as needed, to become more resilient through three key outcomes.

Splunk's real-time dashboards provide organizations with comprehensive visibility into all their systems, enabling them to identify and address key risks and issues before they become major incidents. Through executive dashboards, teams across the organization can gain a comprehensive view of any issue or event, improving overall resilience. Public sector organizations can improve their MTTD and MTTR, getting back up and running faster. Additionally, Splunk's comprehensive view of underutilized data can accelerate digital transformation and allow them to better serve their constituents with confidence.

Splunk's purpose is to build a safer and more resilient digital world. We are engaged and prepared to support the SLED community. Learn more about how to build a foundation of cyber resilience with Splunk solutions.

Credit to David Habuda for developing the dashboards.