Jesse Trucks, a Cyber Security Engineer with the Oak Ridge National Laboratory, discussed ORNL's experience with Splunk and the latest security trends with theCUBE co-hosts John Furrier and Dave Vellante, live at the Splunk .conf2013. Oak Ridge National Laboratory, a multiprogram science and technology laboratory, is part of the U.S. Department of Energy that conducts basic and applied research and development to increase the availability of clean, abundant energy, looking to restore and protect the environment, and contribute to national security, has been an early Splunk user, adopting the solution in 2006.
Trucks explained that while it used to be a log tool to access several machines without logging on for each of them, "now it is actually a data analytics platform. I never realized how much of a data geek I was" before having Splunk available, he added.
What Splunk does, other than just looking at logs, is look at the data and analyze it. ORNL has to keep track of large amounts of data, all the time. With Splunk's ability to do a statistical analysis on a broader set of data from all of our machines, "we can see patterns that we didn't see before," Trucks explained.
Splunk has "become more than just a framework, but originally it's a framework that allows us to drill down into our data. It's become a reporting platform. We're starting to use it for non-security operational things," Trucks stated. "Using splunk to mine and visualize data, we see things that we couldn't in a stock application that has a limited view."
Comparing Splunk to open source solutions Elastichsearch and logstash, Trucks said the two solutions offered limited ability to do data visualization. With Splunk 6 Enterprise, "data modeling allows you to use the information more without being super techie. I don't think they're mature enough for non-technical users." With Splunk, he could create an account and give it to someone who would then get the data they needed without being tech savvy.
On analytics + security
Asked how security had changed in the last decade, Trucks said the "the biggest difference in the security landscape is that the volume of attacks has increased to the point where it really is just a fire hose. You have to use tech that are capable of adapting. The successful attacks have become extremely complicated because they are driven by human actors. The complexity in how you look at your system has evolved, without data analytics, we cannot do our job."
The role analytics plays in security, Trucks explains, is that it enables security experts to keep track of the system logs and network device logs, which all goes into Splunk, and by running searches, they can see activities and patterns that are relevant, such as an unnaturally high number of account authentications or authentication failures, "we see patterns that emerge to show intrusion activity," he said.
Trucks advised security practitioners to become a member of InfraGard, an FBI supported initiative that helps organizations understand the newest threats. He also stressed the importance of having "a holistic view of your organization, understanding how your people and applications work." Businesses don't invest because is can be expensive, but the alternative is an immense cost in case of a breach due to stock price loss, reputation loss, customer loss, which ultimately amounts to a lot more than what they'd spend on security measures.
@thecube #theCUBE #Splunk #SiliconANGLE @Splunk
#SplunkConf
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Splunk.conf 2013. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Splunk.conf 2013
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Splunk.conf 2013.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Splunk.conf 2013. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Splunk.conf 2013
Please sign in with LinkedIn to continue to Splunk.conf 2013. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jesse Trucks, Oak Ridge National Laboratory | Splunk .conf2013
Jesse Trucks, a Cyber Security Engineer with the Oak Ridge National Laboratory, discussed ORNL's experience with Splunk and the latest security trends with theCUBE co-hosts John Furrier and Dave Vellante, live at the Splunk .conf2013. Oak Ridge National Laboratory, a multiprogram science and technology laboratory, is part of the U.S. Department of Energy that conducts basic and applied research and development to increase the availability of clean, abundant energy, looking to restore and protect the environment, and contribute to national security, has been an early Splunk user, adopting the solution in 2006.
Trucks explained that while it used to be a log tool to access several machines without logging on for each of them, "now it is actually a data analytics platform. I never realized how much of a data geek I was" before having Splunk available, he added.
What Splunk does, other than just looking at logs, is look at the data and analyze it. ORNL has to keep track of large amounts of data, all the time. With Splunk's ability to do a statistical analysis on a broader set of data from all of our machines, "we can see patterns that we didn't see before," Trucks explained.
Splunk has "become more than just a framework, but originally it's a framework that allows us to drill down into our data. It's become a reporting platform. We're starting to use it for non-security operational things," Trucks stated. "Using splunk to mine and visualize data, we see things that we couldn't in a stock application that has a limited view."
Comparing Splunk to open source solutions Elastichsearch and logstash, Trucks said the two solutions offered limited ability to do data visualization. With Splunk 6 Enterprise, "data modeling allows you to use the information more without being super techie. I don't think they're mature enough for non-technical users." With Splunk, he could create an account and give it to someone who would then get the data they needed without being tech savvy.
On analytics + security
Asked how security had changed in the last decade, Trucks said the "the biggest difference in the security landscape is that the volume of attacks has increased to the point where it really is just a fire hose. You have to use tech that are capable of adapting. The successful attacks have become extremely complicated because they are driven by human actors. The complexity in how you look at your system has evolved, without data analytics, we cannot do our job."
The role analytics plays in security, Trucks explains, is that it enables security experts to keep track of the system logs and network device logs, which all goes into Splunk, and by running searches, they can see activities and patterns that are relevant, such as an unnaturally high number of account authentications or authentication failures, "we see patterns that emerge to show intrusion activity," he said.
Trucks advised security practitioners to become a member of InfraGard, an FBI supported initiative that helps organizations understand the newest threats. He also stressed the importance of having "a holistic view of your organization, understanding how your people and applications work." Businesses don't invest because is can be expensive, but the alternative is an immense cost in case of a breach due to stock price loss, reputation loss, customer loss, which ultimately amounts to a lot more than what they'd spend on security measures.
@thecube #theCUBE #Splunk #SiliconANGLE @Splunk
#SplunkConf
