SlideShare a Scribd company logo

cisco-and-splunk-innovation-through-the-power-of-integration.pdf

L
LonJames2

Splunk reports

1 of 63
Download to read offline
Cisco and Splunk Innovation through the Power of Innovation Douglas Hurd | Cisco Security Technical Alliances PM Colin Lowenberg | Cisco Meraki Platform Partnerships PM Karthik Karupasamy | Cisco UCS Technical Marketing Engineer Robert Novak | Cisco Big Data Technical Solutions Architect September 28, 2017 | Washington, DC
During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
Eight Years of Integration and Innovation A brief history of Cisco and Splunk together With Robert Novak
▶ Splunk will run on almost anything (even my laptop) ▶ Standalone servers have lower admin overhead ▶ Build up your clusters and you have to keep them consistent ▶ Grow your data sources (and uses) and you have to add servers ▶ Cluster constipation is bad, mmmkay? Why Does Hardware Still Matter? 4
▶ Cisco customer big data pools tend to grow 2-3x/year ▶ Cisco customer IT staff doesn’t grow as fast ▶ The Cisco Unified Computing System (UCS) provides scalable, repeatable, predictable, and manageable deployments across dozens to thousands of servers for any application deployment ▶ Pallet to production in hours, not days or weeks ▶ Deep engineering integration between Cisco and Splunk with tested and proven configurations More on this later… Why Does Hardware Still Matter? 5
▶ 10s of thousands of employees, contractors, devices ▶ 100s of offices, business apps, audiences ▶ Lots of data in lots of places ▶ No one tool (not even Splunk) can do everything for everyone all the time ▶ High volume, low value, low shelf life • Stealthwatch (formerly Lancope), Hadoop feed into Splunk ▶ Low to moderate volume, high value, (any) shelf life • Splunk on its own, sometimes with fronting dashboards ▶ Additional visualizations with Platfora, Tableau, etc Big Data at a Big Customer: Cisco 6
▶ Customer for 8+ years, strategic partner for 4+ years ▶ Geographically disparate data collection and analysis ▶ Over 70 business applications/use cases across the company • Around 20 teams using Splunk including Cisco IT and CSIRT ▶ Nearly 10x growth in search volume from 2014-2016 A closer look at Splunk within Cisco 7
8 Dozens Of Apps And Add-ons At Splunkbase Always more being added and updated, by Cisco, Splunk, partners, third party developers, and end users!
Splunk and Cisco API-based Integrations Programmable Operational Analytics at Scale Security Collaboration Business Analytics Infrastructure Identity Services (ISE/pxGrid) FirePOWER Next Gen Firewall Umbrella (DNS) CloudLock ThreatGrid* Cisco UCS ACI / APIC Call Manager Spark and many more here https://splunkbase.splunk.com/apps/#/search/Cisco/ Nexus 9k Wireless / CMX
Cisco Security Integrations Making sense of a broad security platform using Cisco and Splunk technologies With Douglas Hurd
Splunk & Cisco Security – “Better Together” • Largest security footprint in the industry • Produces broad range of security telemetry across most security technologies • Ubiquitous network footprint enables bi- directional integration for executing security automation • High investment in Splunk apps for serving joint customers • Voluminous, context-rich Cisco data sources drive license volumes while enabling improved security & compliance, more effective SIEM use cases and new use cases beyond security • Automated actions in Cisco network environs • Proven, supported integrations accelerate time to value Security Breadth, Customer Reach, Infrastructure for Automation Analytics Efficacy, Ability to Automate, Committed Customers
12 Cisco Splunk Integrations ü CVD: Cisco UCS Integrated Infrastructure for Splunk Enterprise (Distributed Deployment, High Capacity) (link) ü CVD: Cisco Application Centric Infrastructure with Splunk (link) ü Splunk on UCS Reference Architecture (link) ü Cisco Cloud Security for VMDC 1.0 Design Guide (link) Security IPS Identity Services Engine/pxGrid FireSIGHT (including AMP) ASA/PIX/FWSM Firewalls Web Security Appliance (WSA) Email Security Appliance (ESA) Stealthwatch Umbrella Investigate Cloud Web Security (CWS) AnyConnect CloudLock ThreatGrid Data Center / ACI Cisco UCS UCS Director Express for Big Data Application Centric Infrastructure (ACI - APIC) Nexus 9K Tetration (planned) Enterprise Networking Nexus and Catalyst Switches Nexus 1000V NGN Routers (CRS, ASR, ISR) Meraki Wireless Open SDN Network Controller CMX Wireless Network Data Platform (planned) Collaboration Call Manager Spark AppDynamics ü Inaugural SIEM & Threat Defense Partner ü Inaugural pxGrid partner ü Inaugural member of Cisco Security Tech Alliances program ü Inaugural ACI Partner ü Inaugural Data Analytics Partner Cisco Security Suite App Cisco Networks App
Cisco Firepower & Splunk Douglas Hurd / Cisco Security Technical Alliances
Threat Defense Security DURING Detect Block Defend AFTER Scope Contain Remediate BEFORE Discover Enforce Harden Unified Threat Management FirePOWER Services FirePOWER Appliances Secure Access & Identity Next Generation Firewall Next Generation IPS Email Security Web Security Advanced Malware Protection Sandboxing & Threat Analysis Network Anomaly Detection FirePOWER Services FirePOWER Appliances AMP for Endpoints AMP for Networks Meraki Appliances Wired & Wi-Fi Meraki Cloud Management Email Security Appliance Cloud Email Security AMP ThreatGRID Cloud & Appliance OpenDNS Investigate Identity Services Engine (ISE) TrustSec, AnyConnect VPN OpenDNS Umbrella Cloud Web Security, Web Security Appliance CloudLock StealthWatch Cognitive Threat Analytics Threat Intelligence
Threat Defense Security
Threat Defense Security DURING Detect Block Defend AFTER Scope Contain Remediate BEFORE Discover Enforce Harden Unified Threat Management FirePOWER Services FirePOWER Appliances Secure Access & Identity Next Generation Firewall Next Generation IPS Email Security Web Security Advanced Malware Protection Sandboxing & Threat Analysis Network Anomaly Detection FirePOWER Services FirePOWER Appliances AMP for Endpoints AMP for Networks Meraki Appliances Wired & Wi-Fi Meraki Cloud Management Email Security Appliance Cloud Email Security AMP ThreatGRID Cloud & Appliance OpenDNS Investigate Identity Services Engine (ISE) TrustSec, AnyConnect VPN OpenDNS Umbrella Cloud Web Security, Web Security Appliance CloudLock StealthWatch Cognitive Threat Analytics Threat Intelligence
▶ Firepower-Splunk mutual customer base expanding • ASA to Firepower Threat Defense – More FMCs ▶ Add-Ons for Firepower available on Splunkbase ▶ Cisco’s Firepower TA & App built in 2014, based on v.5.4 • Over 6000 downloads • Not recommended with FMC V6.x ▶ ‘Community Supported’ model facing challenges ▶ Focused on new business model for this critical integration ▶ Resources directed at Firepower 6.x customers Background on Firepower and Splunk
▶ Firepower-Splunk mutual customer base expanding • ASA to Firepower Threat Defense – More FMCs ▶ Add-Ons for Firepower available on Splunkbase ▶ Cisco’s Firepower TA & App built in 2014, based on v.5.4 • Over 6000 downloads • Not recommended with FMC V6.x ▶ ‘Community Supported’ model facing challenges ▶ Focused on new business model for this critical integration ▶ Resources directed at Firepower 6.x customers Background on Firepower and Splunk
Data Consumption – Eat In or Delivery? Expectations and User Roles are Changing
Data Parity Some customers want all data to be replicated on their SIEM
▶ Scalable app with major improvements ▶ TAC Support option will be offered • Free for customers that do not want TAC support • Chargeable for customers that want TAC support ▶ Official GA Release: End of June ▶ Beta II underway during May thru June 2017 ▶ PID: FP-SPLUNK-SW-K9 ▶ Description: “Cisco eStreamer eNcore for Splunk • Software downloads: software.cisco.com New Cisco eStreamer ‘eNcore’ for Splunk Free Version Pay Version App Cost Free $$$ Community Support Yes Yes TAC Support No Yes App Updates Yes Yes
Improvements and Enhancements Feature Benefit Built from scratch in Python • No Perl dependencies • Python very popular • Completely up to date with entire 6.2 API schema Multi-process • Highly scalable Multi-FMC Support • Connect multiple FMCs to one instance • Reduce complexity Fully Qualified Event Output • Encoded event info is written out in text Event de-duplication (Future) • Avoid paying Splunk for redundant event data • Gives Firepower HA configurations more flexibility TAC Supported option available • End to End support for Firepower Splunk customers Forward Compatible • Ongoing maintenance to support new eStreamer API versions
PXGrid?
Cisco Cloud Security and Splunk
Branch office Cisco Cloud Security Umbrella Secure access to the internet Cloudlock Secure usage of cloud apps Investigate Threat Intelligence HQ Roaming
API Automatically enrich security alerts inside Splunk, allowing analysts to discover the connections between the domains, IPs, and file hashes in an attacker’s infrastructure. domains, IPs, ASNs, file hashes Splunk Add-on for Cisco Umbrella Investigate INVESTIGATE
▶ Manage Cloud Security incidents within Splunk ▶ Seamless extend Security Operations to cloud environments while maintaining existing workflows ▶ Leverage Splunk’s rich data visualization, alerting and reporting functionality ▶ Two leaders - Partnership Strength Splunk App for Cisco Cloudlock
ShadowIT for Cisco FP and Splunk Customers CLOUDLOCK SHADOW IT ENGINE Cisco Web Security Cisco NGFW FirePOWER 3rd party Security Appliances SIEM:
Correlating Network And Infrastructure Data Around The World Using open APIs monitor and manage connectivity and security for the largest Latin American country Colin Lowenberg
30 Collecting Meraki Data Into Splunk Syslog API XML CMX TCP Input Add-on HTTP Event Collector
▶ Managed WiFi in all Mexican Gov’t buildings: libraries, health centers, community buildings, etc. ▶ Indoor and outdoor APs for gov’t and public use ▶ 22K+ sites across Mexico Cisco Meraki + Splunk México Conectado connects all Mexican government buildings using Meraki
© 2017 SPLUNK INC. The Mexico Conectado Project Country Digitization Analytics Platform CDAP (powered by Splunk) Smart Cities & Government Analytics
Your Splunk Environment: Better on Cisco UCS Automate deployment, correlate with your entire datacenter, and optimize for management and scalability With Karthik Karupasamy
Cisco UCS Add-On for Splunk Enterprise
▶ Splunk-built rewrite of original UCS add-on ▶ Aggregates, monitors, trends and analyzes all relevant data from Cisco UCS Manager instances ▶ Enables proactive capacity and performance monitoring/ management, fault trending, power and cooling, and more ▶ Works with other Splunk add-ons and data sources (including Enterprise Security and PCI Compliance add-ons) to aggregate and correlate data across your enterprise Splunk Add-On for Cisco UCS 35 Application s Operating Systems Hypervisors UCS server, storage, network
Accelerated Troubleshooting with Splunk & UCS See demo on Youtube at bit.ly/splunk-ucs-mtti
Cisco Unified Computing System Unified Management ▶ Faster deploy/ provision ▶ Unification leads to reduced complexity ▶ Management via a single interface Simplified Architecture ▶ Networking with fewer components ▶ Lower cost and easier scaling ▶ Fewer management touch points ▶ Stateless: any resource, any time ▶ Better TCO/ROI Scale ▶ Ultimate Scalability Enhanced design capability ▶ Designed for the future, today Higher Performance ▶ Brings out the best of x86 architecture ▶ Optimized resource utilization for compute, networking, and management A differentiated, revolutionary approach
SingleConnect: LAN, SAN and Management UCS 6200 and 6300 Series Fabric Internments, Installed in pairs, active-active. UCS Manager is embedded Pre-tested and pre-validated configuration Fabric-based infrastructure integrates computing, networking, and storage resources Designed for high performance and availability Cisco UCS Integrated Infrastructure for Big Data Topology Provisioning Monitoring Maintenance Growth Support for direct connectivity to Fabric Interconnects
Cisco UCS Director Express for Big Data
Features: ▶ Complete automation of industry-leading validated solution for Splunk Enterprise ▶ Indexer clustering – customizable Replication and Search Factors ▶ Search Head clustering ▶ Shared License Master, Deployer for SHC ▶ Ability to grow the Search head, Indexer clusters. ▶ Monitoring console UCS Director Express for Big Data Deploy your Splunk Enterprise Cluster in hours – not in days or weeks
UCSD Express For Big Data – Two Ways to Create Unified Management Platform for Highly Available Distributed Splunk Clusters Use Bundled Templates (Instant) Create your Custom Template Select Size Splunk Version OS IP Address Binding Ready-to- Use Splunk Cluster
Instant Splunk Cluster Under One Management Decisions Insights Marketing LOB Shadow IT for Big Data Supply Chain LOB IT Team Marketing Splunk Cluster Supply Chain Splunk Cluster Sales Splunk Cluster Decisions Insights Sales LOB • Faster Turnaround Time • No Shadow IT team • No Growing Pains • Scalable performance and Enterprise Grade system • Unified Data Center Management • Optimal Resource Utilization • Simplified Compliance and Governance UCSD Express
UCSD Express UCS 6200/6300 Series Fabric Interconnect UCS Manager UCS C220/C240 M4/M5 Series Rack Servers UCS S3260 Storage Server Cisco UCS Service Profile NIC MACs HBA WWNs Server UUID VLAN Assignments VLAN Tagging FC Fabrics Assignments FC Boot Parameters Number of vNICs Boot order PXE settings IPMI Settings Number of vHBAs QoS Call Home Template Association Org & Sub Org Assoc. Server Pool Association Statistic Thresholds BIOS scrub actions Disk scrub actions BIOS firmware Adapter firmware BMC firmware RAID settings Advanced NIC settings Serial over LAN settings BIOS Settings Splunk Enterprise Unified Management with UCS Director Express for Big Data Programmability, Scalability and Automation
• Industry leading tool to provision, manage and monitor all software and hardware components • Policy and model-based management, with service profiles, that improves agility and reduces risk • Utilizes auto-discovery to detect, inventory, manage, and provision system components • Offers a comprehensive open XML API, which facilitates integration with third-party management tools UCS Manager • Manages multiple, globally distributed Cisco UCS domains with thousands of servers from a single pane • Provides global configuration capabilities for pools, policies, and firmware UCS Central Management UCS Director • Delivers a unified converged infrastructure management solution • Provides programmable application containers across computing, networking, and storage resources and extend automation benefits to the entire infrastructure stack UCS Director Express for Big Data • Delivers scalable and reliable Hadoop deployment on UCS Big Data clusters • Offers centralized visibility across Hadoop and physical infrastructure • Provides greater IT agility resulting in increased IT impact on business Abstraction of all configuration and identity information into a service profile speeds deployment, reduces errors, lowers costs Programmable Infrastructure Policy based Management UCS Management Software provides: Provisioning Monitoring Maintenance Growth Speed Ease of experimentation Consistency Simplicity Visibility
UCS Director Express for Big Data End-to-end provisioning, deployment and management 4 Associate Hadoop and Infrastructure Profiles to create Hadoop Clusters 3 Service Profile Templates Create Service Profiles 2 Policies Used to Create Hadoop and Infrastructure Service Profile Templates Network SME Namenode, data node configuration Configure Hadoop services Setup heap size and memory buffers HDFS, MapReduce configuration Setup other Hadoop services Uplink and server port configuration Network interface card (NIC) configuration: MAC address, VLAN, and QoS settings; worldwide names (WWNs), and bandwidth constraints; and firmware revisions Unique user ID (UUID), firmware revisions, and RAID controller settings Service profile assigned to server, chassis slot, or pool 1 Subject Matter Expert Define Policies Create Infrastructure Profile Create Hadoop Profile Create Hadoop Application Profile Server SME Storage SME Hadoop SME
Creating and Managing Splunk clusters
Splunk Cluster customizations Optionally add another NIC for Replication Traffic Select custom RAID policy for each Role Customize Storage Tiers Select physical infrastructure options
Creating a Splunk cluster ▶ Cluster Name ▶ OS (RHEL) ▶ Splunk version ▶ UCS Manager ▶ Organization
Creating a Splunk Cluster ▶ Server-pools (per role) ▶ Map vNIC to IP-Pools. • Mgmt, (and ingest) • Data1 for Replication (optional), ▶ Click Submit PXE VLAN Replication Factor, Search Factor Server Pools Networking
Creating a Splunk Cluster -- Server Pool Selection Server Pools Server Count Hostname Prefix
Creating a Splunk Cluster -- VNIC configuration ▶ Map vNIC to IP-Pools. NOTE: eth0 à MGMT pool binding shown. ▶ Click Submit
▶ Splunk Cluster is powered by Underlying UCS HW Template ▶ Splunk’s UCS HW Template comes with Flexible RAID Policy ▶ RAID Policies Supported: • RAID1, RAID0 • RAID5, RAID6 • RAID10 (default) • Future (RAID50, RAID60) ▶ Separate RAID policies for HOT/WARM, COLD and Frozen Flexible RAID config via UCS HW Profiles
Splunk UCS HW Template – RAID Policy RAID Policy Custom Partitions
Splunk UCS HW Template – Inside the RAID Policy RAID10 for HOT/WARM Cold data on the same RAID group
Splunk UCS HW Template – Inside the RAID Policy RAID10 for HOT/WARM RAID5 for COLD
Typical Big Data Deployment Challenges ▶ Paralysis by HW analysis ▶ Inconsistent configurations ▶ Repeatable results ▶ Justifiable costs/TCO/footprint ▶ Scalability and sustainability Cisco UCS Delivers ▶ Accelerated Sales cycle/time to production ▶ Reduced architectural planning and calculation for the customer ▶ Consistent, repeatable results ▶ Comprehensive automated deployment ▶ Facilitates Splunk expansion at a reduced footprint
ACI and Tetration
ACI app center Aci-splunk: What Is New? Cisco ACI App & Add-on for Splunk Enterprise version 4.0 – Splunk Certified Multi-Pod visibility Micro-Segmentation support Multiple APIC monitoring Enhanced user interface with drill down capabilities ACI App Center integration Supported on APIC 1.3 and higher Compatible with Splunk 6.4 & above Available on splunkbase
Cisco Tetration App & Add-on for Splunk Enterprise version 1.0 Central Proactive Monitoring Operational Analytics Cross tier Visibility Real-time Application Monitoring Accelerated RCA & deeper visibility Policy Enforcement Tetration App for Splunk V1.0 Cisco Tetration Analytics Use Tetration APIs to receive ADM, Endpoints, Inventory data Send Configuration data, health & performance metrics, syslog and fault information Enforce policies using Tetration sensors Tetration Analytics App for Splunk
Why You Never See Tacos Mounted On Drones In The Real World Wrapping up the Cisco and Splunk innovation story With Robert Novak
© 2017 SPLUNK INC. Don't forget to rate this session in the .conf2017 mobile app Thank You
© 2017 SPLUNK INC. Supplemental Information
Cisco Technology Description SplunkBase URL Cisco Security Suite The Cisco Security Suite provides a single pane of glass interface into Cisco security data. https://splunkbase.splunk.com/app/525/ Cisco Firepower™ Management Center Splunk Add-on for Cisco FirePower Management Center leverages data collected via Cisco eStreamer to allow a Splunk Admin to analyze and correlate reports from Cisco through the Splunk Common Information Model. https://splunkbase.splunk.com/app/1808 Cisco eNcore for Splunk Comprehensive eStreamer ‘Client’ or Splunk ‘TA’ that collects all ten event types in their entirety from Firepower Management Center 6.x https://splunkbase.splunk.com/app/3662/ Cisco Umbrella Automatically enrich security alerts inside Splunk, allowing analysts to discover the connections between the domains, IPs, and file hashes in an attacker’s infrastructure https://splunkbase.splunk.com/app/3324/ Cisco ISE Splunk App for Cisco ISE. Collects data from ISE via Syslog and provides Adaptive Network Control (ANC) Mitigation Actions via pxGrid. https://splunkbase.splunk.com/app/1589/ https://splunkbase.splunk.com/app/1915/ Cisco CloudLock The CloudLock Cloud Access Security Broker harnesses crowd-sourced, actionable cybersecurity intelligence to enable enterprises to securely leverage the cloud. https://splunkbase.splunk.com/app/3043/ https://www.cloudlock.com/blog/tag/cloudlock- for-splunk/ Cisco eStreamer eStreamer log collection and comprehensive selection of dashboards optimized for Sourcefire System 5.2+ and Splunk 6. https://splunkbase.splunk.com/app/1629/ Cisco IPS The Splunk Add-on for Cisco IPS allows a Splunk software administrator to consume, analyze, and report on Cisco IPS data that conforms to the Security Device Event Exchange (SDEE) standard. https://splunkbase.splunk.com/app/1903 Cisco CWS The Cisco Cloud Web Security (CWS) Add-on for Splunk allows a Splunk administrator to analyze and correlate Cisco Cloud Web Security (CWS) log data through the Common Information Model in Splunk Enterprise https://splunkbase.splunk.com/app/2791 Cisco ESA The Splunk Add-on for Cisco ESA allows a the Splunk software administrator to leverage Textmail, HTTP, and Authentication logs of Cisco ESA. https://splunkbase.splunk.com/app/1761 Cisco AnyConnect The Cisco AnyConnect Network Visibility (NVM) App for Splunk allows IT administrators to analyze and correlate user and endpoint behavior in Splunk Enterprise. https://splunkbase.splunk.com/app/2992/ Cisco ASA The Splunk Add-on for Cisco ASA allows a Splunk software administrator to map Cisco ASA devices, Cisco PIX, and Cisco FWSM events to the Splunk CIM. https://splunkbase.splunk.com/app/1620
Ad

Recommended

Interop 2013: Network Intelligent Applications & Driving Smarter Business wit...
Interop 2013: Network Intelligent Applications & Driving Smarter Business wit...Interop 2013: Network Intelligent Applications & Driving Smarter Business wit...
Interop 2013: Network Intelligent Applications & Driving Smarter Business wit...
Lauren Cooney
 
Cumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America LatinaCumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America Latina
Felipe Lamus
 
SplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by Splunk
Splunk
 
Winning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud EnvironmentsWinning Strategy For Hybrid Cloud Environments
Winning Strategy For Hybrid Cloud Environments
Carl De Groote
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture Design
Cisco Canada
 
Transform your organization with cisco cloud
Transform your organization with cisco cloudTransform your organization with cisco cloud
Transform your organization with cisco cloud
solarisyougood
 
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Cisco Canada
 
Стратегия Cisco в ЦОД (доклад на английском языке)
Стратегия Cisco в ЦОД (доклад на английском языке)Стратегия Cisco в ЦОД (доклад на английском языке)
Стратегия Cisco в ЦОД (доклад на английском языке)
Cisco Russia
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Robb Boyd
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
March 2023 PNW User Group
March 2023 PNW User GroupMarch 2023 PNW User Group
March 2023 PNW User Group
Amanda Richardson
 
SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024
Becky Burwell
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
Splunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-Cloud
Splunk
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and Multicloud
Splunk
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud
Splunk
 
Overview of Sponsor Sessions in Berlin
Overview of Sponsor Sessions in BerlinOverview of Sponsor Sessions in Berlin
Overview of Sponsor Sessions in Berlin
NetApp Insight
 
Cisco UCS for OpenStack Cloud
Cisco UCS for OpenStack CloudCisco UCS for OpenStack Cloud
Cisco UCS for OpenStack Cloud
Lora O'Haver
 
CISCO’s Cloud Journey (Keynote at Cloud Symposium)
CISCO’s Cloud Journey (Keynote at Cloud Symposium) CISCO’s Cloud Journey (Keynote at Cloud Symposium)
CISCO’s Cloud Journey (Keynote at Cloud Symposium)
Marcus McEwen
 
fire-power-asa.pdf
fire-power-asa.pdffire-power-asa.pdf
fire-power-asa.pdf
PCCW GLOBAL
 
All Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of EverythingAll Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of Everything
Inside Analysis
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Splunk
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
 
Simplify Operations
Simplify OperationsSimplify Operations
Simplify Operations
Cisco Service Provider
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers Presentation
Simplex
 
CL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and PlanningCL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and Planning
Cisco
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
Ulf Thornander
 
computer organization and assembly language.docx
computer organization and assembly language.docxcomputer organization and assembly language.docx
computer organization and assembly language.docx
alisoftwareengineer1
 
How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136
illuminati Agent uganda call+256776963507/0741506136
 
Ad

More Related Content

Similar to cisco-and-splunk-innovation-through-the-power-of-integration.pdf (20)

Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Robb Boyd
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
March 2023 PNW User Group
March 2023 PNW User GroupMarch 2023 PNW User Group
March 2023 PNW User Group
Amanda Richardson
 
SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024
Becky Burwell
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
Splunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-Cloud
Splunk
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and Multicloud
Splunk
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud
Splunk
 
Overview of Sponsor Sessions in Berlin
Overview of Sponsor Sessions in BerlinOverview of Sponsor Sessions in Berlin
Overview of Sponsor Sessions in Berlin
NetApp Insight
 
Cisco UCS for OpenStack Cloud
Cisco UCS for OpenStack CloudCisco UCS for OpenStack Cloud
Cisco UCS for OpenStack Cloud
Lora O'Haver
 
CISCO’s Cloud Journey (Keynote at Cloud Symposium)
CISCO’s Cloud Journey (Keynote at Cloud Symposium) CISCO’s Cloud Journey (Keynote at Cloud Symposium)
CISCO’s Cloud Journey (Keynote at Cloud Symposium)
Marcus McEwen
 
fire-power-asa.pdf
fire-power-asa.pdffire-power-asa.pdf
fire-power-asa.pdf
PCCW GLOBAL
 
All Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of EverythingAll Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of Everything
Inside Analysis
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Splunk
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
 
Simplify Operations
Simplify OperationsSimplify Operations
Simplify Operations
Cisco Service Provider
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers Presentation
Simplex
 
CL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and PlanningCL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and Planning
Cisco
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
Ulf Thornander
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Robb Boyd
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
March 2023 PNW User Group
March 2023 PNW User GroupMarch 2023 PNW User Group
March 2023 PNW User Group
Amanda Richardson
 
SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024
Becky Burwell
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
Splunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-Cloud
Splunk
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and Multicloud
Splunk
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud
Splunk
 
Overview of Sponsor Sessions in Berlin
Overview of Sponsor Sessions in BerlinOverview of Sponsor Sessions in Berlin
Overview of Sponsor Sessions in Berlin
NetApp Insight
 
Cisco UCS for OpenStack Cloud
Cisco UCS for OpenStack CloudCisco UCS for OpenStack Cloud
Cisco UCS for OpenStack Cloud
Lora O'Haver
 
CISCO’s Cloud Journey (Keynote at Cloud Symposium)
CISCO’s Cloud Journey (Keynote at Cloud Symposium) CISCO’s Cloud Journey (Keynote at Cloud Symposium)
CISCO’s Cloud Journey (Keynote at Cloud Symposium)
Marcus McEwen
 
fire-power-asa.pdf
fire-power-asa.pdffire-power-asa.pdf
fire-power-asa.pdf
PCCW GLOBAL
 
All Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of EverythingAll Together Now: Connected Analytics for the Internet of Everything
All Together Now: Connected Analytics for the Internet of Everything
Inside Analysis
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Splunk
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
 
Simplify Operations
Simplify OperationsSimplify Operations
Simplify Operations
Cisco Service Provider
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers Presentation
Simplex
 
CL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and PlanningCL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and Planning
Cisco
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
Ulf Thornander
 

Recently uploaded (20)

computer organization and assembly language.docx
computer organization and assembly language.docxcomputer organization and assembly language.docx
computer organization and assembly language.docx
alisoftwareengineer1
 
How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136
illuminati Agent uganda call+256776963507/0741506136
 
How iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost FundsHow iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost Funds
ireneschmid345
 
Conic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptxConic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptx
taiwanesechetan
 
Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...
Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...
Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...
James Francis Paradigm Asset Management
 
Data Science Courses in India iim skills
Data Science Courses in India iim skillsData Science Courses in India iim skills
Data Science Courses in India iim skills
dharnathakur29
 
Thingyan is now a global treasure! See how people around the world are search...
Thingyan is now a global treasure! See how people around the world are search...Thingyan is now a global treasure! See how people around the world are search...
Thingyan is now a global treasure! See how people around the world are search...
Pixellion
 
Classification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptxClassification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptx
wencyjorda88
 
04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story
ccctableauusergroup
 
FPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptxFPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptx
ssuser4ef83d
 
Simple_AI_Explanation_English somplr.pptx
Simple_AI_Explanation_English somplr.pptxSimple_AI_Explanation_English somplr.pptx
Simple_AI_Explanation_English somplr.pptx
ssuser2aa19f
 
VKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptxVKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptx
Vinod Srivastava
 
Cleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdfCleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdf
alcinialbob1234
 
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdfIAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
mcgardenlevi9
 
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Abodahab
 
Molecular methods diagnostic and monitoring of infection - Repaired.pptx
Molecular methods diagnostic and monitoring of infection - Repaired.pptxMolecular methods diagnostic and monitoring of infection - Repaired.pptx
Molecular methods diagnostic and monitoring of infection - Repaired.pptx
7tzn7x5kky
 
Perencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptx
Perencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptxPerencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptx
Perencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptx
PareaRusan
 
Digilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptxDigilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptx
satnamsadguru491
 
chapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptxchapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptx
justinebandajbn
 
Medical Dataset including visualizations
Medical Dataset including visualizationsMedical Dataset including visualizations
Medical Dataset including visualizations
vishrut8750588758
 
computer organization and assembly language.docx
computer organization and assembly language.docxcomputer organization and assembly language.docx
computer organization and assembly language.docx
alisoftwareengineer1
 
How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136
illuminati Agent uganda call+256776963507/0741506136
 
How iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost FundsHow iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost Funds
ireneschmid345
 
Conic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptxConic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptx
taiwanesechetan
 
Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...
Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...
Safety Innovation in Mt. Vernon A Westchester County Model for New Rochelle a...
James Francis Paradigm Asset Management
 
Data Science Courses in India iim skills
Data Science Courses in India iim skillsData Science Courses in India iim skills
Data Science Courses in India iim skills
dharnathakur29
 
Thingyan is now a global treasure! See how people around the world are search...
Thingyan is now a global treasure! See how people around the world are search...Thingyan is now a global treasure! See how people around the world are search...
Thingyan is now a global treasure! See how people around the world are search...
Pixellion
 
Classification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptxClassification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptx
wencyjorda88
 
04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story
ccctableauusergroup
 
FPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptxFPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptx
ssuser4ef83d
 
Simple_AI_Explanation_English somplr.pptx
Simple_AI_Explanation_English somplr.pptxSimple_AI_Explanation_English somplr.pptx
Simple_AI_Explanation_English somplr.pptx
ssuser2aa19f
 
VKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptxVKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptx
Vinod Srivastava
 
Cleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdfCleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdf
alcinialbob1234
 
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdfIAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
mcgardenlevi9
 
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Abodahab
 
Molecular methods diagnostic and monitoring of infection - Repaired.pptx
Molecular methods diagnostic and monitoring of infection - Repaired.pptxMolecular methods diagnostic and monitoring of infection - Repaired.pptx
Molecular methods diagnostic and monitoring of infection - Repaired.pptx
7tzn7x5kky
 
Perencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptx
Perencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptxPerencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptx
Perencanaan Pengendalian-Proyek-Konstruksi-MS-PROJECT.pptx
PareaRusan
 
Digilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptxDigilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptx
satnamsadguru491
 
chapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptxchapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptx
justinebandajbn
 
Medical Dataset including visualizations
Medical Dataset including visualizationsMedical Dataset including visualizations
Medical Dataset including visualizations
vishrut8750588758
 
Ad

cisco-and-splunk-innovation-through-the-power-of-integration.pdf

  • 1. Cisco and Splunk Innovation through the Power of Innovation Douglas Hurd | Cisco Security Technical Alliances PM Colin Lowenberg | Cisco Meraki Platform Partnerships PM Karthik Karupasamy | Cisco UCS Technical Marketing Engineer Robert Novak | Cisco Big Data Technical Solutions Architect September 28, 2017 | Washington, DC
  • 2. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. Eight Years of Integration and Innovation A brief history of Cisco and Splunk together With Robert Novak
  • 4. ▶ Splunk will run on almost anything (even my laptop) ▶ Standalone servers have lower admin overhead ▶ Build up your clusters and you have to keep them consistent ▶ Grow your data sources (and uses) and you have to add servers ▶ Cluster constipation is bad, mmmkay? Why Does Hardware Still Matter? 4
  • 5. ▶ Cisco customer big data pools tend to grow 2-3x/year ▶ Cisco customer IT staff doesn’t grow as fast ▶ The Cisco Unified Computing System (UCS) provides scalable, repeatable, predictable, and manageable deployments across dozens to thousands of servers for any application deployment ▶ Pallet to production in hours, not days or weeks ▶ Deep engineering integration between Cisco and Splunk with tested and proven configurations More on this later… Why Does Hardware Still Matter? 5
  • 6. ▶ 10s of thousands of employees, contractors, devices ▶ 100s of offices, business apps, audiences ▶ Lots of data in lots of places ▶ No one tool (not even Splunk) can do everything for everyone all the time ▶ High volume, low value, low shelf life • Stealthwatch (formerly Lancope), Hadoop feed into Splunk ▶ Low to moderate volume, high value, (any) shelf life • Splunk on its own, sometimes with fronting dashboards ▶ Additional visualizations with Platfora, Tableau, etc Big Data at a Big Customer: Cisco 6
  • 7. ▶ Customer for 8+ years, strategic partner for 4+ years ▶ Geographically disparate data collection and analysis ▶ Over 70 business applications/use cases across the company • Around 20 teams using Splunk including Cisco IT and CSIRT ▶ Nearly 10x growth in search volume from 2014-2016 A closer look at Splunk within Cisco 7
  • 8. 8 Dozens Of Apps And Add-ons At Splunkbase Always more being added and updated, by Cisco, Splunk, partners, third party developers, and end users!
  • 9. Splunk and Cisco API-based Integrations Programmable Operational Analytics at Scale Security Collaboration Business Analytics Infrastructure Identity Services (ISE/pxGrid) FirePOWER Next Gen Firewall Umbrella (DNS) CloudLock ThreatGrid* Cisco UCS ACI / APIC Call Manager Spark and many more here https://splunkbase.splunk.com/apps/#/search/Cisco/ Nexus 9k Wireless / CMX
  • 10. Cisco Security Integrations Making sense of a broad security platform using Cisco and Splunk technologies With Douglas Hurd
  • 11. Splunk & Cisco Security – “Better Together” • Largest security footprint in the industry • Produces broad range of security telemetry across most security technologies • Ubiquitous network footprint enables bi- directional integration for executing security automation • High investment in Splunk apps for serving joint customers • Voluminous, context-rich Cisco data sources drive license volumes while enabling improved security & compliance, more effective SIEM use cases and new use cases beyond security • Automated actions in Cisco network environs • Proven, supported integrations accelerate time to value Security Breadth, Customer Reach, Infrastructure for Automation Analytics Efficacy, Ability to Automate, Committed Customers
  • 12. 12 Cisco Splunk Integrations ü CVD: Cisco UCS Integrated Infrastructure for Splunk Enterprise (Distributed Deployment, High Capacity) (link) ü CVD: Cisco Application Centric Infrastructure with Splunk (link) ü Splunk on UCS Reference Architecture (link) ü Cisco Cloud Security for VMDC 1.0 Design Guide (link) Security IPS Identity Services Engine/pxGrid FireSIGHT (including AMP) ASA/PIX/FWSM Firewalls Web Security Appliance (WSA) Email Security Appliance (ESA) Stealthwatch Umbrella Investigate Cloud Web Security (CWS) AnyConnect CloudLock ThreatGrid Data Center / ACI Cisco UCS UCS Director Express for Big Data Application Centric Infrastructure (ACI - APIC) Nexus 9K Tetration (planned) Enterprise Networking Nexus and Catalyst Switches Nexus 1000V NGN Routers (CRS, ASR, ISR) Meraki Wireless Open SDN Network Controller CMX Wireless Network Data Platform (planned) Collaboration Call Manager Spark AppDynamics ü Inaugural SIEM & Threat Defense Partner ü Inaugural pxGrid partner ü Inaugural member of Cisco Security Tech Alliances program ü Inaugural ACI Partner ü Inaugural Data Analytics Partner Cisco Security Suite App Cisco Networks App
  • 13. Cisco Firepower & Splunk Douglas Hurd / Cisco Security Technical Alliances
  • 14. Threat Defense Security DURING Detect Block Defend AFTER Scope Contain Remediate BEFORE Discover Enforce Harden Unified Threat Management FirePOWER Services FirePOWER Appliances Secure Access & Identity Next Generation Firewall Next Generation IPS Email Security Web Security Advanced Malware Protection Sandboxing & Threat Analysis Network Anomaly Detection FirePOWER Services FirePOWER Appliances AMP for Endpoints AMP for Networks Meraki Appliances Wired & Wi-Fi Meraki Cloud Management Email Security Appliance Cloud Email Security AMP ThreatGRID Cloud & Appliance OpenDNS Investigate Identity Services Engine (ISE) TrustSec, AnyConnect VPN OpenDNS Umbrella Cloud Web Security, Web Security Appliance CloudLock StealthWatch Cognitive Threat Analytics Threat Intelligence
  • 16. Threat Defense Security DURING Detect Block Defend AFTER Scope Contain Remediate BEFORE Discover Enforce Harden Unified Threat Management FirePOWER Services FirePOWER Appliances Secure Access & Identity Next Generation Firewall Next Generation IPS Email Security Web Security Advanced Malware Protection Sandboxing & Threat Analysis Network Anomaly Detection FirePOWER Services FirePOWER Appliances AMP for Endpoints AMP for Networks Meraki Appliances Wired & Wi-Fi Meraki Cloud Management Email Security Appliance Cloud Email Security AMP ThreatGRID Cloud & Appliance OpenDNS Investigate Identity Services Engine (ISE) TrustSec, AnyConnect VPN OpenDNS Umbrella Cloud Web Security, Web Security Appliance CloudLock StealthWatch Cognitive Threat Analytics Threat Intelligence
  • 17. ▶ Firepower-Splunk mutual customer base expanding • ASA to Firepower Threat Defense – More FMCs ▶ Add-Ons for Firepower available on Splunkbase ▶ Cisco’s Firepower TA & App built in 2014, based on v.5.4 • Over 6000 downloads • Not recommended with FMC V6.x ▶ ‘Community Supported’ model facing challenges ▶ Focused on new business model for this critical integration ▶ Resources directed at Firepower 6.x customers Background on Firepower and Splunk
  • 18. ▶ Firepower-Splunk mutual customer base expanding • ASA to Firepower Threat Defense – More FMCs ▶ Add-Ons for Firepower available on Splunkbase ▶ Cisco’s Firepower TA & App built in 2014, based on v.5.4 • Over 6000 downloads • Not recommended with FMC V6.x ▶ ‘Community Supported’ model facing challenges ▶ Focused on new business model for this critical integration ▶ Resources directed at Firepower 6.x customers Background on Firepower and Splunk
  • 19. Data Consumption – Eat In or Delivery? Expectations and User Roles are Changing
  • 20. Data Parity Some customers want all data to be replicated on their SIEM
  • 21. ▶ Scalable app with major improvements ▶ TAC Support option will be offered • Free for customers that do not want TAC support • Chargeable for customers that want TAC support ▶ Official GA Release: End of June ▶ Beta II underway during May thru June 2017 ▶ PID: FP-SPLUNK-SW-K9 ▶ Description: “Cisco eStreamer eNcore for Splunk • Software downloads: software.cisco.com New Cisco eStreamer ‘eNcore’ for Splunk Free Version Pay Version App Cost Free $$$ Community Support Yes Yes TAC Support No Yes App Updates Yes Yes
  • 22. Improvements and Enhancements Feature Benefit Built from scratch in Python • No Perl dependencies • Python very popular • Completely up to date with entire 6.2 API schema Multi-process • Highly scalable Multi-FMC Support • Connect multiple FMCs to one instance • Reduce complexity Fully Qualified Event Output • Encoded event info is written out in text Event de-duplication (Future) • Avoid paying Splunk for redundant event data • Gives Firepower HA configurations more flexibility TAC Supported option available • End to End support for Firepower Splunk customers Forward Compatible • Ongoing maintenance to support new eStreamer API versions
  • 25. Branch office Cisco Cloud Security Umbrella Secure access to the internet Cloudlock Secure usage of cloud apps Investigate Threat Intelligence HQ Roaming
  • 26. API Automatically enrich security alerts inside Splunk, allowing analysts to discover the connections between the domains, IPs, and file hashes in an attacker’s infrastructure. domains, IPs, ASNs, file hashes Splunk Add-on for Cisco Umbrella Investigate INVESTIGATE
  • 27. ▶ Manage Cloud Security incidents within Splunk ▶ Seamless extend Security Operations to cloud environments while maintaining existing workflows ▶ Leverage Splunk’s rich data visualization, alerting and reporting functionality ▶ Two leaders - Partnership Strength Splunk App for Cisco Cloudlock
  • 28. ShadowIT for Cisco FP and Splunk Customers CLOUDLOCK SHADOW IT ENGINE Cisco Web Security Cisco NGFW FirePOWER 3rd party Security Appliances SIEM:
  • 29. Correlating Network And Infrastructure Data Around The World Using open APIs monitor and manage connectivity and security for the largest Latin American country Colin Lowenberg
  • 30. 30 Collecting Meraki Data Into Splunk Syslog API XML CMX TCP Input Add-on HTTP Event Collector
  • 31. ▶ Managed WiFi in all Mexican Gov’t buildings: libraries, health centers, community buildings, etc. ▶ Indoor and outdoor APs for gov’t and public use ▶ 22K+ sites across Mexico Cisco Meraki + Splunk México Conectado connects all Mexican government buildings using Meraki
  • 32. © 2017 SPLUNK INC. The Mexico Conectado Project Country Digitization Analytics Platform CDAP (powered by Splunk) Smart Cities & Government Analytics
  • 33. Your Splunk Environment: Better on Cisco UCS Automate deployment, correlate with your entire datacenter, and optimize for management and scalability With Karthik Karupasamy
  • 34. Cisco UCS Add-On for Splunk Enterprise
  • 35. ▶ Splunk-built rewrite of original UCS add-on ▶ Aggregates, monitors, trends and analyzes all relevant data from Cisco UCS Manager instances ▶ Enables proactive capacity and performance monitoring/ management, fault trending, power and cooling, and more ▶ Works with other Splunk add-ons and data sources (including Enterprise Security and PCI Compliance add-ons) to aggregate and correlate data across your enterprise Splunk Add-On for Cisco UCS 35 Application s Operating Systems Hypervisors UCS server, storage, network
  • 36. Accelerated Troubleshooting with Splunk & UCS See demo on Youtube at bit.ly/splunk-ucs-mtti
  • 37. Cisco Unified Computing System Unified Management ▶ Faster deploy/ provision ▶ Unification leads to reduced complexity ▶ Management via a single interface Simplified Architecture ▶ Networking with fewer components ▶ Lower cost and easier scaling ▶ Fewer management touch points ▶ Stateless: any resource, any time ▶ Better TCO/ROI Scale ▶ Ultimate Scalability Enhanced design capability ▶ Designed for the future, today Higher Performance ▶ Brings out the best of x86 architecture ▶ Optimized resource utilization for compute, networking, and management A differentiated, revolutionary approach
  • 38. SingleConnect: LAN, SAN and Management UCS 6200 and 6300 Series Fabric Internments, Installed in pairs, active-active. UCS Manager is embedded Pre-tested and pre-validated configuration Fabric-based infrastructure integrates computing, networking, and storage resources Designed for high performance and availability Cisco UCS Integrated Infrastructure for Big Data Topology Provisioning Monitoring Maintenance Growth Support for direct connectivity to Fabric Interconnects
  • 40. Features: ▶ Complete automation of industry-leading validated solution for Splunk Enterprise ▶ Indexer clustering – customizable Replication and Search Factors ▶ Search Head clustering ▶ Shared License Master, Deployer for SHC ▶ Ability to grow the Search head, Indexer clusters. ▶ Monitoring console UCS Director Express for Big Data Deploy your Splunk Enterprise Cluster in hours – not in days or weeks
  • 41. UCSD Express For Big Data – Two Ways to Create Unified Management Platform for Highly Available Distributed Splunk Clusters Use Bundled Templates (Instant) Create your Custom Template Select Size Splunk Version OS IP Address Binding Ready-to- Use Splunk Cluster
  • 42. Instant Splunk Cluster Under One Management Decisions Insights Marketing LOB Shadow IT for Big Data Supply Chain LOB IT Team Marketing Splunk Cluster Supply Chain Splunk Cluster Sales Splunk Cluster Decisions Insights Sales LOB • Faster Turnaround Time • No Shadow IT team • No Growing Pains • Scalable performance and Enterprise Grade system • Unified Data Center Management • Optimal Resource Utilization • Simplified Compliance and Governance UCSD Express
  • 43. UCSD Express UCS 6200/6300 Series Fabric Interconnect UCS Manager UCS C220/C240 M4/M5 Series Rack Servers UCS S3260 Storage Server Cisco UCS Service Profile NIC MACs HBA WWNs Server UUID VLAN Assignments VLAN Tagging FC Fabrics Assignments FC Boot Parameters Number of vNICs Boot order PXE settings IPMI Settings Number of vHBAs QoS Call Home Template Association Org & Sub Org Assoc. Server Pool Association Statistic Thresholds BIOS scrub actions Disk scrub actions BIOS firmware Adapter firmware BMC firmware RAID settings Advanced NIC settings Serial over LAN settings BIOS Settings Splunk Enterprise Unified Management with UCS Director Express for Big Data Programmability, Scalability and Automation
  • 44. • Industry leading tool to provision, manage and monitor all software and hardware components • Policy and model-based management, with service profiles, that improves agility and reduces risk • Utilizes auto-discovery to detect, inventory, manage, and provision system components • Offers a comprehensive open XML API, which facilitates integration with third-party management tools UCS Manager • Manages multiple, globally distributed Cisco UCS domains with thousands of servers from a single pane • Provides global configuration capabilities for pools, policies, and firmware UCS Central Management UCS Director • Delivers a unified converged infrastructure management solution • Provides programmable application containers across computing, networking, and storage resources and extend automation benefits to the entire infrastructure stack UCS Director Express for Big Data • Delivers scalable and reliable Hadoop deployment on UCS Big Data clusters • Offers centralized visibility across Hadoop and physical infrastructure • Provides greater IT agility resulting in increased IT impact on business Abstraction of all configuration and identity information into a service profile speeds deployment, reduces errors, lowers costs Programmable Infrastructure Policy based Management UCS Management Software provides: Provisioning Monitoring Maintenance Growth Speed Ease of experimentation Consistency Simplicity Visibility
  • 45. UCS Director Express for Big Data End-to-end provisioning, deployment and management 4 Associate Hadoop and Infrastructure Profiles to create Hadoop Clusters 3 Service Profile Templates Create Service Profiles 2 Policies Used to Create Hadoop and Infrastructure Service Profile Templates Network SME Namenode, data node configuration Configure Hadoop services Setup heap size and memory buffers HDFS, MapReduce configuration Setup other Hadoop services Uplink and server port configuration Network interface card (NIC) configuration: MAC address, VLAN, and QoS settings; worldwide names (WWNs), and bandwidth constraints; and firmware revisions Unique user ID (UUID), firmware revisions, and RAID controller settings Service profile assigned to server, chassis slot, or pool 1 Subject Matter Expert Define Policies Create Infrastructure Profile Create Hadoop Profile Create Hadoop Application Profile Server SME Storage SME Hadoop SME
  • 47. Splunk Cluster customizations Optionally add another NIC for Replication Traffic Select custom RAID policy for each Role Customize Storage Tiers Select physical infrastructure options
  • 48. Creating a Splunk cluster ▶ Cluster Name ▶ OS (RHEL) ▶ Splunk version ▶ UCS Manager ▶ Organization
  • 49. Creating a Splunk Cluster ▶ Server-pools (per role) ▶ Map vNIC to IP-Pools. • Mgmt, (and ingest) • Data1 for Replication (optional), ▶ Click Submit PXE VLAN Replication Factor, Search Factor Server Pools Networking
  • 50. Creating a Splunk Cluster -- Server Pool Selection Server Pools Server Count Hostname Prefix
  • 51. Creating a Splunk Cluster -- VNIC configuration ▶ Map vNIC to IP-Pools. NOTE: eth0 à MGMT pool binding shown. ▶ Click Submit
  • 52. ▶ Splunk Cluster is powered by Underlying UCS HW Template ▶ Splunk’s UCS HW Template comes with Flexible RAID Policy ▶ RAID Policies Supported: • RAID1, RAID0 • RAID5, RAID6 • RAID10 (default) • Future (RAID50, RAID60) ▶ Separate RAID policies for HOT/WARM, COLD and Frozen Flexible RAID config via UCS HW Profiles
  • 53. Splunk UCS HW Template – RAID Policy RAID Policy Custom Partitions
  • 54. Splunk UCS HW Template – Inside the RAID Policy RAID10 for HOT/WARM Cold data on the same RAID group
  • 55. Splunk UCS HW Template – Inside the RAID Policy RAID10 for HOT/WARM RAID5 for COLD
  • 56. Typical Big Data Deployment Challenges ▶ Paralysis by HW analysis ▶ Inconsistent configurations ▶ Repeatable results ▶ Justifiable costs/TCO/footprint ▶ Scalability and sustainability Cisco UCS Delivers ▶ Accelerated Sales cycle/time to production ▶ Reduced architectural planning and calculation for the customer ▶ Consistent, repeatable results ▶ Comprehensive automated deployment ▶ Facilitates Splunk expansion at a reduced footprint
  • 58. ACI app center Aci-splunk: What Is New? Cisco ACI App & Add-on for Splunk Enterprise version 4.0 – Splunk Certified Multi-Pod visibility Micro-Segmentation support Multiple APIC monitoring Enhanced user interface with drill down capabilities ACI App Center integration Supported on APIC 1.3 and higher Compatible with Splunk 6.4 & above Available on splunkbase
  • 59. Cisco Tetration App & Add-on for Splunk Enterprise version 1.0 Central Proactive Monitoring Operational Analytics Cross tier Visibility Real-time Application Monitoring Accelerated RCA & deeper visibility Policy Enforcement Tetration App for Splunk V1.0 Cisco Tetration Analytics Use Tetration APIs to receive ADM, Endpoints, Inventory data Send Configuration data, health & performance metrics, syslog and fault information Enforce policies using Tetration sensors Tetration Analytics App for Splunk
  • 60. Why You Never See Tacos Mounted On Drones In The Real World Wrapping up the Cisco and Splunk innovation story With Robert Novak
  • 61. © 2017 SPLUNK INC. Don't forget to rate this session in the .conf2017 mobile app Thank You
  • 62. © 2017 SPLUNK INC. Supplemental Information
  • 63. Cisco Technology Description SplunkBase URL Cisco Security Suite The Cisco Security Suite provides a single pane of glass interface into Cisco security data. https://splunkbase.splunk.com/app/525/ Cisco Firepower™ Management Center Splunk Add-on for Cisco FirePower Management Center leverages data collected via Cisco eStreamer to allow a Splunk Admin to analyze and correlate reports from Cisco through the Splunk Common Information Model. https://splunkbase.splunk.com/app/1808 Cisco eNcore for Splunk Comprehensive eStreamer ‘Client’ or Splunk ‘TA’ that collects all ten event types in their entirety from Firepower Management Center 6.x https://splunkbase.splunk.com/app/3662/ Cisco Umbrella Automatically enrich security alerts inside Splunk, allowing analysts to discover the connections between the domains, IPs, and file hashes in an attacker’s infrastructure https://splunkbase.splunk.com/app/3324/ Cisco ISE Splunk App for Cisco ISE. Collects data from ISE via Syslog and provides Adaptive Network Control (ANC) Mitigation Actions via pxGrid. https://splunkbase.splunk.com/app/1589/ https://splunkbase.splunk.com/app/1915/ Cisco CloudLock The CloudLock Cloud Access Security Broker harnesses crowd-sourced, actionable cybersecurity intelligence to enable enterprises to securely leverage the cloud. https://splunkbase.splunk.com/app/3043/ https://www.cloudlock.com/blog/tag/cloudlock- for-splunk/ Cisco eStreamer eStreamer log collection and comprehensive selection of dashboards optimized for Sourcefire System 5.2+ and Splunk 6. https://splunkbase.splunk.com/app/1629/ Cisco IPS The Splunk Add-on for Cisco IPS allows a Splunk software administrator to consume, analyze, and report on Cisco IPS data that conforms to the Security Device Event Exchange (SDEE) standard. https://splunkbase.splunk.com/app/1903 Cisco CWS The Cisco Cloud Web Security (CWS) Add-on for Splunk allows a Splunk administrator to analyze and correlate Cisco Cloud Web Security (CWS) log data through the Common Information Model in Splunk Enterprise https://splunkbase.splunk.com/app/2791 Cisco ESA The Splunk Add-on for Cisco ESA allows a the Splunk software administrator to leverage Textmail, HTTP, and Authentication logs of Cisco ESA. https://splunkbase.splunk.com/app/1761 Cisco AnyConnect The Cisco AnyConnect Network Visibility (NVM) App for Splunk allows IT administrators to analyze and correlate user and endpoint behavior in Splunk Enterprise. https://splunkbase.splunk.com/app/2992/ Cisco ASA The Splunk Add-on for Cisco ASA allows a Splunk software administrator to map Cisco ASA devices, Cisco PIX, and Cisco FWSM events to the Splunk CIM. https://splunkbase.splunk.com/app/1620