Actionable Intelligence Meets Organized Action and Automation

Transcription

1 Actionable Meets Organized Action and Coordinated Human Action Actionable Aleem Cummins, SplunkTrust Member, Splunk CISO Customer Advisory Board Member

2 THE DISRUPTOR

3 Coordinated Human Action Actionable

4 WHY WHO HOW WHAT WHEN DIGITAL DISRUPTION

5 Data without Actionable

6 Gaining Actionable > Gaps/Challenges Security IT Operations Service Management DevOps Expertise Time Governance Infra Access Complexity Partial Data Ticket Management Resource Priority Speed / Confidence Inconsistency SOP Support

7 Consume Any Data Have Many Lenses

8 Actionable Prescription Coordinated Human Action Business Outcomes Make it about business outcomes Strategy Align to existing business strategies Actionable Value Create validated use cases with business sponsorship - Measure improvements Expectation vs Reality Kick

9 Coordinated Human Action Actionable

10 Actionable without Coordinated Action

11 Taking Action > Gaps/Challenges Security IT Operations Service Management DevOps Speed Triage Knowledge Environment Configuration Scale Availability Visibility Orchestration Resource Manual CSI Non-Linear Testing

12 Inaction Manual Automated Assisted People Time Systems Costs Risk Customer Experience

13 Action Prescription Impact Front Line over SME Coordinated Human Action Future Consider costs, scale and agility. Create models Communication Share success, be transparent, share updates and foster collaboration Actionable

14 Coordinated Human Action Actionable

15 Coordinated Human Action without Action without

16 Models vs Reality

17 Using > Gaps/Challenges Security IT Operations Service Management DevOps Speed Triage Knowledge Environment Configuration Scale Availability Visibility Orchestration Resource Manual CSI Non-Linear Testing

18 Intelligent Human-Guided Coordinated Human Action Manual Assisted Actionable Closed Loop

19 Maturity Model Intelligent Resolution Process Optimization Process Improvement Service Resolution Human-Guided Reduce Resolution Time/Effort Traditional Validation & Basic Resolution Correlation & Noise Reduction Incident & Alert Consolidation Reducing Incident Volume

20 Intelligent Human-Guided Coordinated Human Action Manual Assisted Actionable Closed Loop

21 Splunk + Resolve Validation & Diagnostics Minimize incident volume by proactively verifying and remediating events Level 1 Agent or Engineer Interactive Process Guidance with Human-Guided s Agent led through interactive procedures including instructions, decision trees & automations Infrastructure or Security Event Incident Resolution Dashboard Provides visual summary of automated tests and actions performed for each incident investigation with actionable next steps Level 2 Agents & Subject Matter Experts Resolution Record & Ticket Updated Resolve Connects to Applications, Networks & Infrastructure ITSM, Event Mgt, SIEM, Config Mgt, Devices, Firewall, IDS/IPS, Endpoint Protection, and more High Value Task Execution & Empowerment Refocused on complex tasks and building process guidance, decision trees, automations & analytics for first responders

22 Prescription Keep it Real Don t attempt to boil the ocean Identify top use cases Implement agile automations Coordinated Human Action Tools & Platforms Select tools and platforms that work together and leverage investment Human Decisions Combine human decisions and processes with automation Actionable

23 Creating Momentum Self 1 st Position Other Person 2 nd Position Meta Perspective 3 rd Position

24 Disruption Prescription 1. Align Business Objectives 2. Identify the Possible 3. Isolate Primary Use Cases Coordinated Human Action Manual Assisted 4. Identify the Too/Platforms 5. Create Momentum 6. Engage in Workshops Actionable Closed Loop

25 @AleemCummins LinkedIn.com/in/AleemCummins THANK YOU! Coordinated Human Action Actionable Meets Organized Action and Aleem Cummins, SplunkTrust Member, Splunk CISO Customer Advisory Board Member Actionable