AWS Agility + Splunk Visibility = Cloud Success Splunk App for AWS Demo Laura Ripans, AWS Alliance Manager
Disruptive innovation and business transformation starts with data
I HAVE BEEN GIVEN AN AWS ACCOUNT!!! 3
Why is Splunk Important For AWS Customers? You can t protect what you can t see. Security monitoring will make or break a technology risk management program. Security requires visibility. Best Practices for Securing Workloads in Amazon Web Services Gartner, April 2015 Neil MacDonald, Greg Young Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015 Pete Lindstrom Amazon Web Services Intro to AWS Security 2015 AWS Summit Series 4
Extrapolating You can t operate what you can t see. You can t manage cost for what you can t see. You can t gain business analytics for what you can t see. 5
Detailed Use Cases IT Operations What is my EBS footprint and posture across all my accounts and all my regions? Who started/stopped/restarted what instances and when? What EC2 instances are underutilized and perhaps overprovisioned? What is the traffic volume into my VPC and where is it originating from? Why are certain resources unreachable from certain subnets/vpcs? List resources with missing or nonconforming tags Security Who added that rule in the security group that protects our application servers? Where is the blocked traffic into that VPC coming from? What was the activity trail of a particular user before and after that incident? Alert me when a user imports key-pairs or when a security group allows all ports What instances are provisioned outside of a VPC, by whom and when? What security groups are defined but not attached to any resource? Cost Management How many instances am I running? What reserved instances have I purchased in the past? What is my reserved instance utilization? How much am I paying per account? How much am I using per service across all accounts? How many reserved instances should I buy based on usage? Is this account within budget this month, and how has it tracked in the last year?
True End State: Complete Hybrid Visibility Index Untapped Data: Any Source, Type, Volume End-to-End Visibility On- Premises Private Cloud Public Cloud Containers Servers Storage Online Shopping Cart Lambda Online Services Security Desktops Telecoms Web Clickstreams Web Services Networks RFID GPS Location CloudTrail Messaging Databases Config Energy Meters EC2 Application Delivery IT Operations Security, Compliance, and Fraud Business Analytics Industrial Data and the Internet of Things 7
End State: Comprehensive AWS Visibility AWS Data Sources Explore Analyze Dashboard Alert Act EC2 S3 Splunk App for AWS EMR Kinesis ELB RDS CF SNS API Gateway Redshift CloudFront Lambda CloudWatch VPC Config CloudTrail IAM R53 8
Name Brief Description Notes CloudTrail API activity audit trail Low Volume/High Value Config Change management data Low Volume/High Value Config Rules Configuration rule check/evaluation Low Volume/High Value CloudWatch Metrics System/Service metrics data High Volume Supported* List of AWS Services ad Splunk Data Sources *Non-inclusive list. More services may be supported via in-direct ingest method CloudWatch Logs Service or application logs High Volume VPC Flow Logs VPC/ Firewall logs High Volume Detailed Billing 9 Spending information for each service and account High Value ELB Elastic Load balancer logs High Volume CloudFront Content delivery network access logs High Volume S3 S3 bucket access logs High Volume S3 (ANY) Any service or application that logs into S3 High Volume Lambda Event driven computation framework High Volume Inspector Security scan/assessment Low Volume/High Value Kinesis Streams Generic streaming data High Volume IoT IoT device data High Volume SQS Simple queuing service High Volume Metadata Custom Splunk-side collector of metadata about AWS environment High Volume
Splunk App for AWS: The Value Security Topology Timeline View user activity Gain a full audit trail Detect anomalous behavior Visualize your AWS Environment View resource relationships Gain playback history Compare and correlate events View in a time-series ribbon Accelerate investigations Usage Insights Billing View EC2 utilization metrics View by account, region, instance Supports numerous AWS services Leverage machine learning toolkit Gain billing recommendations Detect security and billing anomalies Gain view into resource cost Improve RI planning / utilization Monitor actual spend vs. forecast 10
Enhance AWS Security with Splunk 11
AWS Well Architected Framework Stop guessing your capacity needs Test systems at production scale Automate to make architectural experimentation easier Allow for evolutionary architectures Data-Driven architectures Improve through game days 12
Splunk s AWS Credentials AWS Advanced Technology Partner AWS Big Data Competency AWS Security Competency AWS Government Competency AWS IoT Competency AWS MSP Technology Provider AWS Marketplace BYOL & Private Pricing Partner AWS IoT Launch partner for IoT analytics AWS Security by Design Program Partner 1 st partner with published Blueprints for AWS Lambda 1 st partner to pass SaaS extension for Well Architected framework
Demo
Thank You