Published on July 24, 2014
Copyright © 2014 Splunk Inc. Justin Dolly CISO ServiceNow ServiceNow + Splunk Integration
2 ServiceNow Overview ServiceNow is the enterprise IT cloud company. We transform IT by automating and managing IT across the global enterprise. Organizations deploy our service to create a single system of record for IT and automate manual tasks, standardize processes, and consolidate legacy systems. Using our extensible platform, our customers create custom applications and evolve the IT service model to service domains inside and outside the enterprise Founded in 2004 IPO in June 2012 2300+ customers 2100+ employees 2013= $470m revenue
3 ServiceNow Overview Single system of record for IT Single Cloud Platform Robust Suite of IT Applications Custom Application Development Enterprise Cloud Infrastructure Lights-out, zero-touch automation Powerful Business Intelligence Reporting Accelerate time-to-value
4 My Background and Role Justin Dolly, VP & CISO at ServiceNow Former CISO at VMware Previously held security and technology leadership roles at – Kaiser Permanente, – CNET Networks / CBS Interactive, – Macromedia – Wells Fargo Bank
5 Security Challenges Most Security teams now have budget, staff & tools Having many tools can be cumbersome & inefficient Security teams typically work in a Silo Our Situation, a year ago: Log Analytics and Service Management were disparate systems Need threat identification and event correlation Information is there, but it’s difficult to access Needed to address compliance and audit reporting needs
6 Splunk @ ServiceNow Today Collecting over 400GB/ day and growing Enterprise Security is our SIEM collecting threat intelligence data and providing actionable results ‘Single pane of glass’ view across enterprise for threat identification and event correlation Splunk alerts trigger script actions which push events into ServiceNow via SOAP and XML Events are analyzed by a dedicated Security Operations team
7 Splunk @ ServiceNow Today Syslog Events • Network • Firewall • F5 LTM/ASM • Wireless IDS Syslog Store and Forward Splunk Indexers SplunkES Search Head Splunk Search Head ServiceNow Security Instance Event Console
8 Integration Overview Custom built integration using the Splunk REST APIs and ServiceNow APIs Splunk is periodically queried for security related events Script actions push event data into ServiceNow instance events table Business rules extract unique identifiers from the events table for de- duplication and correlation Security analyst reviews events in the ServiceNow console and elevates events to incidents for investigation New event data received is automatically associated to open incidents Open incidents drive response activities and workflow across the organization
9 What’s Next We continue to grow quickly Big Data analytics also grows in importance Leveraging the new Splunk integration with ServiceNow Event Management Console (newly released in Eureka) Integration with ServiceNow Threat Intelligence Portal
10 Top Takeaways Embrace the mind-shift in Security – Re-think the relationship between your systems, processes, and people – The traditional tools won’t save you Technology when done right is extremely liberating – Applying threat intelligence and real-time analytics makes response activity faster & more accurate The only metric that matters is how quickly you respond to a security event – Don’t chase the information, let it come to you
Speaker: Matt Stine Developing for the Cloud Track Marc Andressen has famou...
This presentation explains how to develop a Web API in Java using (JAX-RS or Restl...
How to bring innovation to your organization by streamlining the deployment proces...
Cisco Call-control solutions can handle voice, video and data
Nathan Sharp of Siemens Energy recently spoke at the SAP Project Management in Atl...
Isaac Mosquera, Socialize CTO SplunkLive! presentation; ... SplunkLive! Customer Presentation--ServiceNow. Isaac. Login or Join. Processing Login successful.
Introducing REVEYE, a marketing software platform from CHEETEYE. REVEYE increases casino profits by providing a way to fully engage customers using ...