splunk app for aws at creative artists agencyfiles.meetup.com/4507922/splunk app for aws at... ·...
TRANSCRIPT
![Page 1: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/1.jpg)
Copyright © 2015 Splunk Inc.
Splunk App for AWS at Creative Artists Agency
![Page 2: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/2.jpg)
2
Jon Papp
Information Risk Management
Creative Artists Agency
![Page 3: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/3.jpg)
3
A Bit About Me …
Background in Mechanical Engineering with concentration on Robotics
Designed, built, and developed robotic jet engine manufacturing systems for Alcoa Power and Propulsion
Architected huge material handling systems (warehouse sortation, airport baggage handling, shipping and packaging, etc.) for BEUMER Group
Close friend recommended trying business intelligence consulting
Worked as a Splunk PS consultant across many industries
Now focused on IT Security at CAA
![Page 4: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/4.jpg)
4
About Creative Artists Agency
Headquartered in Los Angeles, CA
10 locations across 6 countries– Additional small/home offices– 4,000 employees– 6 security staff
Talent and Sports Agency– Represent world’s leading artists,
entertainers, athletes, and brands
![Page 5: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/5.jpg)
5
What We’re Protecting
Internal Data– Agent/Executive data– Corporate information– Financials– Internally developed applications
Client Data– Reputation– Personal/Sensitive information– Contracts– Salary information
![Page 6: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/6.jpg)
6
Migrating to the Cloud
Multiple teams actively migrating and producing entirely new services across multiple cloud environments (AWS and Azure)
No technical controls on what users are creating
No centrally managed automation deployment solution
Limited visibility into critical infrastructure changes
![Page 7: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/7.jpg)
7
Splunk App for AWS
![Page 8: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/8.jpg)
8
Splunk App for AWS
Quick and easy configuration
• Well documented installation guide
• My install was done in <1 hour
• Can easily manage inputs for multiple accounts all via user interface
![Page 9: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/9.jpg)
9
Splunk App for AWS
Easily review topology (and topology over time)
9
![Page 10: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/10.jpg)
10
Custom Designed Alerts
Audit new instance creation
10
![Page 11: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/11.jpg)
11
Custom Designed Alerts
Audit risky security group rules
![Page 12: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/12.jpg)
12
Custom Designed Alerts
Audit risky connections in VPC flow logs
![Page 13: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/13.jpg)
13
Deployment Auditing
Find hosts in AWS missing essential security software
![Page 14: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/14.jpg)
14
Quickly Resolve Incidents
![Page 15: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/15.jpg)
15
Quickly Resolve Incidents
• Within 10 minutes confirmed vendor had accessed server remotely and ran IP scan while attempting to debug an issue
• Reviewed with vendor and service owner and established proper process for future debugging
• Also removed local administrative privileges vendor had been granted
![Page 16: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/16.jpg)
16
What’s Next
First and foremost - replicating current AWS success in Azure to continue to provide holistic view of cloud infrastructure
Enforcing metadata tags on instances to assign accountability
Using Splunk to compile security risk and vulnerability information by instance and owner, giving owners a complete view of their security posture
![Page 17: Splunk App for AWS at Creative Artists Agencyfiles.meetup.com/4507922/Splunk App for AWS at... · First and foremost - replicating current AWS success in Azure to continue to provide](https://reader034.vdocuments.us/reader034/viewer/2022050306/5f6eeb340b8d100c1a5fe069/html5/thumbnails/17.jpg)
Thank You