Why I Love Big Data Partner Series 5: Cisco and Splunk: The Weapons of a Security Warrior
Jeff Aboud, Sr. Solutions Marketing Manager, Security Markets, Splunk Jeff Aboud has more than a dozen years in various areas of the security industry, spanning from the desktop to the cloud, including desktop AV, gateway hardware and software, encryption technologies, and how to securely embrace the Internet of Things. His primary focus today is to help business and security professionals understand how to visualize, analyze, and alert across a broad range of data sources in real time to maximize their security posture.
It’s no secret that advanced threats and malicious insiders present increasing security challenges to organizations of all sizes. Security professionals know that it’s not matter a question of if, but when an attack will successfully breach their network. Visibility is often what makes the difference between a breach and a major security incident, and enables proactive security posture throughout the attack continuum – before, during, and after the attack. It’s also essential to understand that the fingerprints of an advanced threat are often located in the “non-security” data, so the effective detection and investigation of these threats, before your data is stolen, requires security and non-security data.
So what does all this really mean, and how can you use it do dramatically improve your security posture?
You need to integrate and correlate the data from your firewalls, intrusion prevention, anti-malware, and other security-specific solutions along with your “non-security” data such as the logs and packet information from your servers, switches, and routers. This is no easy task with the large number of different security solutions present in most enterprise networks. But having all your data at your fingertips will help you improve your detection capabilities and automate the remediation of advanced threats.
But how can you do this, since Security Information and Event Management (SIEM) systems only look at traditional security sources? The partnership between Splunk and Cisco is the answer. Splunk is integrated across Cisco security platforms, as well as other places throughout the network including various Cisco switches, routers and Cisco Unified Computing Systems (UCS) to deliver broad visibility across your environment.
Together, Splunk and Cisco provide security and incident response teams the tools they need to quickly identify advanced threats, visualize them in real-time across potentially thousands of data sources, and take automated remediation action on Cisco firewalls and intrusion prevention systems.
Splunk integrates with more than 20 Cisco products and platforms via a range of free apps that maximize the value of your data by enabling you to build customized correlations to easily visualize, analyze, and alert across a range of data sources in real time. Check out recent Cisco blog posts including More than Just a Pretty Dashboard: Cisco ISE & Splunk turn event analysis into action and Find and Fix Problems Faster with the New Splunk Integration for Cisco UCS.
An easy-to-use starting point is Splunk’s free Cisco Security Suite app, which leverages the Splunk Enterprise platform to collect, visualize and analyze event data from throughout your Cisco security deployment. The Splunk App for Enterprise Security further extends Cisco security capabilities by addressing SIEM use cases and much more, including incident response, fraud detection, and compliance.
Providing continuous, enterprise-wide security monitoring requires the ability to collect, index, and provide real-time reporting on terabytes of data every day. Implementing a Splunk big data security analytics solution requires a highly scalable, reliable, and easy-to-manage infrastructure. The breakthrough design of Cisco UCS delivers outstanding and predictable performance for Splunk Enterprise at scale. And because UCS provides a unified infrastructure for Hadoop, Windows, and other environments, customers can deploy Splunk on existing UCS infrastructures without requiring re-cabling, thereby helping speed time-to-value.
To facilitate faster, more reliable and more predictable Splunk Enterprise deployments Cisco has published 4 highly tuned versions of its UCS Integrated Infrastructure for Big Data tailored to Splunk Enterprise resource requirements. And, we’re extremely excited about Cisco Validated Design for Splunk Enterprise on Cisco UCS. This highly prescriptive guide provides step-by-step guidance to walk an end user or administrator from bare metal to a fully configured distributed Splunk Enterprise environment.
Using Splunk in conjunction with your Cisco deployment, security teams benefit from a layered defense strategy to help protect against advanced threats across the attack continuum. This is how you become a true security warrior!
To learn more, stop by Splunk booth (booth #2319) or join the Big Data Analytics Demonstrations Booth Tours. You can also find Splunk in Cisco’s Connected Transportation IoE, Security Solutions and Enterprise Networks Pavilions in the World of Solutions at CiscoLive San Diego.