I am one of the new faces running around in the Splunk offices. The purpose of this blog post is to introduce myself. What am I doing at Splunk and what have I been doing in my past? I joined about a month ago to work in product management. My area of responsibility is the user interface, as well as search and indexing, which includes things like the search language. I am also taking on some of the responsibilities for Splunk’s “solutions” in the security area.
I most recently worked at ArcSight, where I had the responsibility over all of the solutions spanning three product lines. The three product lines were the enterprise security manager, which is a high-end correlation engine, the logger appliance – basically a very fast log collection appliance, the networking products dealing with network configuration management, as well as the threat response manager. The solutions addressed anything from regulatory compliance (SOX, PCI, IT governance, HIPAA, FISMA) to insider threat management and hardening guidelines for network equipment.
Prior to ArcSight, I worked for IBM research in Switzerland. I did a lot of work in the area of intrusion detection, correlation, and testing of IDSs. I also used to work for PriceWaterhouse Coppers Consulting, where I was an IT security consultant.
Approximately three years ago, ArcSight built a feature into the SIM product that allowed the user to visualize security data. I was magically drawn to it and started playing around. It was around the same time that the first user conference was going to be held. More out of stupidity than anything else, I submitted a proposal for a visualization talk. It got accepted and I had to put something together on the topic of visualizing security data. The presentation was a huge success. The audience loved the new way of dealing with their security data. They saw an incredible efficiency boost. That was the birth of my passion for security data visualization. Sine then I have presented at conferences around the world on the topic.
Slightly after the user conference, together with a co-worker, Christian, I started an open source project called AfterGlow. AfterGlow is a tool that helps you visualize data as link graphs. The obsession with visualization got as far as me currently writing a book about the topic. It will be published by Addison Wesley, probably called “Applied Security Visualization”. The story how I got started writing a book is another long one and I will keep that for another blog post 😉
Quite a few people have asked me why I left ArcSight. The reasons are a few. Looking from a pure product standpoint, there are some very interesting differences between IT data search and the traditional SIM way of managing log data. I am going to address the topic in some future blog posts. On my personal blog I already started to outline the problem of normalization, which is probably the biggest and most important diffference. I will roll the topic up again right here and continue some of the discussions around the differences between Splunk and the rest of the log management space.
I am extremely excited to be part of the Splunk team.
By Raffael Marty