Network Forensics for Splunk, an Emulex presentation
-
Upload
emulex-corporation -
Category
Technology
-
view
724 -
download
5
description
Transcript of Network Forensics for Splunk, an Emulex presentation
![Page 1: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/1.jpg)
Network Forensics for Splunkers
Matt Walmsley, EMEA MarketingTom Jones, Sales Engineer
Emulex, Endace Division
![Page 2: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/2.jpg)
2 Emulex Confidential - © 2013 Emulex Corporation
Today’s Topics
Time to Resolutio
n
Network Recording
Splunk Connector Q&A
![Page 3: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/3.jpg)
3 Emulex Confidential - © 2013 Emulex Corporation
The Networking Wheel of Life!
APMNPM
IPS / IDS
FirewallWAN Op
QoS
Recording &Forensics
Analysis & Intervention
![Page 4: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/4.jpg)
Time to Resolution
# E
ven
ts
Savings
• Reduce Slow To Fix Items
• Identify Root Cause & Fix
Time is… Money / Safety / Advantage / Reputation
![Page 5: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/5.jpg)
5 Emulex Confidential - © 2013 Emulex Corporation
The 3 E of Great Interventions
Skills & Knowledge
Experience & Context
Evidence
Understanding
Decision Making
Intervention
• Efficient• Economic• Effective
![Page 6: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/6.jpg)
6 Emulex Confidential - © 2013 Emulex Corporation
Collecting Evidence - Recording Evolution
Interesting Vs. Important Specialised Vs. Generalised
![Page 7: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/7.jpg)
7 Emulex Confidential - © 2013 Emulex Corporation
Intelligent Network Recording
National Security
Banking & Trading
Enterprise
Specialised
Generalised
![Page 8: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/8.jpg)
8 Emulex Confidential - © 2013 Emulex Corporation
Endace – The Packet Capture Experts
World leader in network recording
10+ years selling security solutions to global clients
– Govt, Traders, Telco & Enterprise
Reputation for accuracy, scalability & performance
A division of Emulex
![Page 9: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/9.jpg)
9 Emulex Confidential - © 2013 Emulex Corporation
Intelligent Network Recording - Use Cases
Application Performance Management
Security Operations
Network Infrastructure Operations
Audit & Compliance
Legal Intercept
Custom
![Page 10: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/10.jpg)
10 Emulex Confidential - © 2013 Emulex Corporation
Intelligent Network Recording - Deployment
Intelligent Network Recorder “Probe”
• High Speed, High Fidelity Packet Capture Appliance
• Packet Processing and Indexing• Storage and Retrieval
Network Traffic Analysis App
• Traffic Profiling & Visualisation• Packet Analysis• Integration with other
networking tools
![Page 11: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/11.jpg)
11 Emulex Confidential - © 2013 Emulex Corporation
Endace Network Recording - Infrastructure
High Performance Intelligent Network Recording
Up to 64 TB storageMix of 1 and 10GbE ports
EndaceProbe™ INR
Network Visibility Headend
Allows EndaceProbe INRs/ODE to scale to 40 and
100GbE
EndaceAccess™Endace NetFlow
Generator
High-Speed NetFlow Generation for 10GbE
Networks
4x10GbE Ports
Endace OpenHosting Platform(ODE)
Hosting Platform for Monitoring Apps
8x1GbE or 4x10GbE PortsUp to 16 TB internal storage;
FC support for SAN
![Page 12: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/12.jpg)
12 Emulex Confidential - © 2013 Emulex Corporation
Low Definition• The visibility most solutions provide
How Much Network Visibility Do You Need?
High Definition – Endace Vision• See microbursts
• Know exactly what data has been compromised
• Identify issues impacting services and security application performance
![Page 13: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/13.jpg)
13 Emulex Confidential - © 2013 Emulex Corporation
EndaceVision - Actionable Insight
Bandwidth Over Time
Traffic breakdown and analysis
TCP/IP Conversations
Traffic over time Top Talkers Workflow
![Page 14: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/14.jpg)
14 Emulex Confidential - © 2013 Emulex Corporation
EndaceVision - Integrated and Open
Integration with “best of breed” solutions– API and hypervisor
– All tools share data from same secure location in datacenter
– Automated workflow, “pivot to packets” speeds up issue resolution
Lower Investment While Increasing ROI– Reduce device count
– Plan and train staff on the tools that fit customer situation best
EndaceProbe
EndaceFusion
APM NPM IDS HFT
![Page 15: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/15.jpg)
15 Emulex Confidential - © 2013 Emulex Corporation
Endace Solution - Key Features
• Market Leading Performance• 100% High fidelity packet capture • 10/100/1G/10G/40G/100GbE• 64TB on board storage
• FC SAN offload• Multi-unit “Sledging”
• Distributed Recording Fabric• Multiple EndaceProbe INRs, single recording
fabric• Traffic search and visualisation• Diverse, concurrent multiple uses
• Open and Flexible Integration• Endace dock hypervisor• RESTfull API• Endace Fusion solution ecosystem
![Page 16: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/16.jpg)
16 Emulex Confidential - © 2013 Emulex Corporation
Splunk & Endace – Macro and Micro
Log lines are a summary or interpretation of an event
Packets are the ground truth from which these are derived
Fusion connector links the two with a single click
Endace’s depth complements Splunk’s breadth
![Page 17: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/17.jpg)
17 Emulex Confidential - © 2013 Emulex Corporation
Feeding and Enabling Splunk
EndaceProbe INR Generated
Logs and Netflow Events
Splunk Generated Enquiries
![Page 18: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/18.jpg)
18 Emulex Confidential - © 2013 Emulex Corporation
Optimising Event Management Workflow
Event OccurrencePacket drill down and inspection
Traffic Analysis and Visualisation
Click to Traffic Search
Request Splunk Alert
!
![Page 19: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/19.jpg)
19 Emulex Confidential - © 2013 Emulex Corporation
Example Case – Finance / Trading Solution
Context• Network performance is critical to
$ services• Latency and outage intolerant• Multiple management tools
Solution• Integrated network monitoring and
security for a low latency 10GbE network
Products• Splunk!• EndaceProbe™ INR• Endace Fusion Connector for Splunk• EndaceVision™
Key Benefits• Greater insight into critical
network issues• Reduce time-to-resolution
(TTR)• Lower operational
expenditures (OPEX)
![Page 20: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/20.jpg)
20 Emulex Confidential - © 2013 Emulex Corporation
Real World Feedback
“While consolidating network monitoring and security tools was the primary need for the EndaceProbe INR, it was put to work even before the official deployment. the pilot and immediately discovered a security breach that had gone undetected with their existing tools, providing an immediate return on investment for the EndaceProbe INR 7000.”
“The EndaceProbe INR has been 100% reliable for us and we are impressed with its robust capabilities. We use it extensively and, coupled with the Fusion Connector for Splunk, are extremely happy with the results.” Global Head of Networks
![Page 21: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/21.jpg)
21 Emulex Confidential - © 2013 Emulex Corporation
Endace Helps You Enable the “3 E”
Understand macro and
micro situation
Reduce slow / hard to fix
items
Fix Route Cause
Stop Recurrent
Events
Reduce Time to Resolution Efficient
EconomicEffective
![Page 22: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/22.jpg)
22 Emulex Confidential - © 2013 Emulex Corporation
Which Means You Get…
Less stress, improved results
Uninterrupted weekends and evenings
Happy family, boss and stakeholders
![Page 23: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/23.jpg)
23 Emulex Confidential - © 2013 Emulex Corporation
Resources & Info
Solution Brief
Coming Soon
Testing Brief
Splunk Connector Appwww.emulex.com Blog
Video www.marquest.com
![Page 24: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/24.jpg)
Questions?
Thank you for your attention
![Page 25: Network Forensics for Splunk, an Emulex presentation](https://reader033.fdocuments.us/reader033/viewer/2022061219/54ba26014a79591e448b45bc/html5/thumbnails/25.jpg)
25 Emulex Confidential - © 2013 Emulex Corporation