Send It to the Clouds Delivering on the mission at lower costs and higher security

Transcription

1 SPLUNK INC. Send It to the Clouds Delivering on the mission at lower costs and higher security Ashok Sankar, Splunk Presenter Title May 2018

2 Forward-Looking Statements During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners Splunk Inc. All rights reserved.

3 Modernization Activity in Government President s Executive Order on Cybersecurity MGT Act Report on IT Modernization Aggressive recommendations and deadlines

4 IT Modernization Report 2017 Some reasons for not being able to modernize Resource prioritization Ability to procure services quickly Technical issues Address IT Modernization efforts through two categories Modernization and consolidation of networks Use of shared services to enable future network architectures

5 What About the Cloud? Instant access to infrastructure and software Pay-as-you-go model Less need for in-house expertise My team can focus on security events, not infrastructure. CISO At least 50% lower TCO compared to deploying an on-premises SIEM. CIO Lower TCO than on-premises Better security We re a bank. We don t want to be in the business of running a data center. CISO

6 Cloud Computing Is the New Normal Deploying new applications to the cloud by default Migrating existing applications as quickly as possible

7 Cloud Adoption Cloud Sandbox drives cost savings but Cloud is challenging Type of mission critical apps you migrated or plan to migrate to cloud Don t know / Not applicable Do new IT technology paradigms for the cloud make your IT function more complex or simple? Internal employee applications Citizen facing applications 11% It has made my function more complex Web applications 15% 45% It has made my function simpler Back office system (HR, ERP, etc) Unsure / Don t know Test environments 29% Not applicable Development environments Source: Ponemon Institute, 2017

8 Challenges with Cloud Migrations Other Limited customization to suit our needs Cloud vendors inability to provide SLA monitoring in near real-time Contract Limitations Data security/privacy Compliance/regulations Inability to correlate data and events across on-premises and Cloud Cost Lack of visibility across workloads Inabilty to monitor and troubleshoot applications Application performance and availability Source: Ponemon Institute, 2017

9 Challenges to Moving to the Cloud Lack of End-to-End Visibility is Stifling Migrations New Technologies and Paradigms Performance and Availability Workloads and Applications Metering and Billing Security Posture

10 Cloud Migration Considerations Monitoring Tool Requirements Before During After Set a baseline to evaluate future performance Evaluate performance holistically for fault tolerance Use the same monitoring tool throughout the migration Monitor performance closely for variance from baseline Identify issues using dashboards and alerts Earlier detection of issues leads to better outcomes Use the same monitoring solution to measure acceptable metrics and success Continue to monitor hybrid workloads to provide great customer experiences

11 Approach to Cloud Monitoring Cloud Migration Manage Hybrid Infrastructure One Consolidated Solution Cost, Capacity and Resource Management Get visibility at all stages of the migration process whether before, during or long after Hybrid infrastructure creates a complex monitoring environment A single solution that can replace a multitude of monitoring tools because holistic visibility is critical Understand how your resources are performing and how many are being used then optimize utilization and billing

12 Traditional Data Types Relational Data Reference Data Collectively, relational and reference data represent around 20% of all data.

13 MACHINE DATA Your data is talking. Are you listening?

14 Visibility beyond the Network Layer User Experience Usage, Response Time, Failed Interactions Byte Code Instrumentation Usage, Experience, Performance, Quality Business Performance Corporate Data, Intake, Output, Throughput Application Layer Single repository for ALL data Data in original raw format Server Performance, Usage, Dependency Storage Utilization, Capacity, Performance Network Packet, Payload, Traffic, Utilization, Perf Infrastructure Layer MACHINE DATA Simplified architecture Fewer resources to manage Collaborative approach

15 Why Has This Been So Hard? Machine data is messy and unpredictable Requires massive scale You don t always know which questions to ask

16 Splunk has the Cloud Covered Data Sources Explore Analyze Dashboard Alert Act EC2 S3 Splunk Apps EMR Kinesis VPC RDS ELB CF CloudFront Lambda SNS Redshift API Gateway CloudWatch Config CloudTrail IAM R53 16

17 Splunk in the Cloud, for the Cloud, and On-prem One view across your many data worlds Searches, Reports, Dashboards SplunkCloud (SaaS) BYOL to AWS & Azure (IaaS) On Premises Private Cloud Public Cloud Distributed search architecture supports easy use of, and migration to, Cloud-based services. Leverage our cloud, your cloud, and on-premise datacenters in a true hybrid architecture.

18 End State: Comprehensive Cloud Visibility

19 The Value of Holistic Monitoring Usage Security Billing View EC2 utilization metrics View user activity Gain view into resource cost View by account, region, instance Supports numerous AWS services Gain a full audit trail Detect anomalous behavior Improve RI planning / utilization Monitor actual spend vs. forecast Topology Timeline Insights Visualize your AWS Environment View resource relationships Gain playback history Compare and correlate events View in a time-series ribbon Accelerate investigations Leverage machine learning toolkit Gain billing recommendations Detect security and billing anomalies

20 Detailed Use Cases IT Operations Security Cost Management What is my EBS footprint and posture across all my accounts and all my regions? Who started/stopped/restarted what instances and when? What EC2 instances are underutilized and perhaps overprovisioned? What is the traffic volume into my VPC and where is it originating from? Why are certain resources unreachable from certain subnets/vpcs? List resources with missing or non-conforming tags Who added that rule in the security group that protects our application servers? Where is the blocked traffc into that VPC coming from? What was the activity trail of a particular user before and after that incident? Alert me when a user imports key-pairs or when a security group allows all ports What instances are provisioned outside of a VPC, by whom and when? What security groups are defined but not attached to any resource? How many instances am I running? What reserved instances have I purchased in the past? What is my reserved instance utilization? How much am I paying per account? How much am I using per service across all accounts? How many reserved instances should I buy based on usage? Is this account within budget this month, and how has it tracked in the last year?

21 Sample Topology Dashboard

22

23

24

25 Sample Billing Dashboard

26

27 Advantages of a Holistic Approach End-to-end Visibility in real-time provides the whole story Ability to Troubleshoot faster before major adverse impact to services Easier Management compared to multiple, disparate monitoring options Lower Total Cost of Ownership Enhanced Security

28 Splunk Company Overview 3,000+ Employees Globally NASDAQ: SPLK Global HQs San Francisco London Hong Kong Annual Revenue $1.25B+ 15,000+ Customers 89 of the Fortune 100 Rely on Splunk Largest License: 4+Petabytes/day Across 110+ Countries Customers Range From Small Businesses to Large Organizations Splunk4Good $100 Million Commitment to Support Nonprofits, Research & Education

29 Splunk in the Public Sector Customers Engagements Investment All 3 branches of US Govt. All 15 Cabinet-level Departments All 4 branches of US Military 25 largest civilian Depts. and Agencies (CDM) Defense ministries of (UK, Australia, New Zealand) From 500MB - 140TB per day Founding member - U.S. Chamber of Commerce s Cybersecurity Leadership Council National Cybersecurity Center of Excellence at the NIST Engage policy community on key technology issues Splunk4Good Public Sector office in Tysons Corner, VA 250+ employees & growing Sales, Professional Services, Solutions Expertise Key SI and GovCon partners GovSummit and User Groups

30 Thank You SPLUNK 8PLUNK INC.