Date post: | 16-Jul-2015 |
Category: |
Technology |
Upload: | splunk |
View: | 279 times |
Download: | 4 times |
Taking Splunk to the Next Level for Management
David CaradonnaManager, Business Value ConsultingSplunk>
April 14, 2015
Legal NoticeDuring the course of this presentation, we may make forward looking statements regarding future events or theexpected performance of the company. We caution you that such statements reflect our currentexpectations and estimates based on factors currently known to us and that actual events or results could differmaterially. For important factors that may cause actual results to differ from those contained in our forward-lookingstatements, please review our filings with the SEC. The forward-looking statements made in this presentation are beingmade as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may notcontain current or accurate information. We do not assume any obligation to update any forward looking statementswe may make. In addition, any information about our roadmap outlines our general product direction and is subject tochange at any time without notice. It is for informational purposes only and shall not be incorporated into any contract orother commitment. Splunk undertakes no obligation either to develop the features or functionality described or toinclude any such feature or functionality in a future release.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk™, Splunk Cloud™, SplunkStorm® and SPL™ are registered trademarks or trademarks of Splunk Inc. in the United States and/or othercountries. All other brand names, product names or trademarks belong to their respective owners. © 2014Splunk Inc. All rights reserved.
Help Splunk customers, prospects, and partners
document the projected and already realized
business value of making machine data accessible,
usable, and valuable for everyone
Common Deliverables:
› CFO-Ready Business Cases
› Value Realization Studies
› Adoption Roadmaps and Maturity Assessments
› Customer and Use Case Benchmarks
Business Value Consulting @Splunk
3
Why Position Business Value?
4
Your process requires it
Create and maintain visibility
Replicate success across the org
Accelerate enterprise adoption
Maximize business results
Splunk is a Hidden Gem
5
Way cool, dude.
What business value do I get?
I’m invincible!
Top Challenges to Documenting Value
Lack of Splunk and Industry Benchmarks
xData
Lack of Tools to Make Value
Measurement Easy
xTools
Not Enough Time to Assess
Your Value
xTime
Splunk Can Help You Document Value
All Splunk Tools Are Available to
All of You
ToolsTime
Tools, Content and Team Will Save You Time
Access to Splunk and Industry Benchmarks
Data
Taking your Splunk Deployment to the Next Level
4
Quantify
business
value
1
Map your
adoption
chart
3
Position
further use
cases
Document
noticeable
successes
2
STEP 1 - Map your current deployment
1
Map your
adoption chart
• Provide a high level view
• Demonstrate where and how Splunk is in use
• Organize by group or by business service
• Highlight uses cases that the most drive value
• Tie key processes with Splunk
• Pick one of our adoption templates to get you started!
Enterprise Adoption
IT Operations
Security & Compliance
Application Support
Application Development
IT Operations Adoption Chart Template
% Data Indexed
Incident Investigation Faster Root
Cause Analysis
Fewer Outagesthrough
Proactive Alerting
Improved Capacity Planning
More Visibility through
Operational Dashboards
GroupsFaster Level 1 Triage
Fewer Level 2 & 3 Escalation
Faster incident MTTR
Virtualization 0%
Server - Unix 25%
Server - Windows 0%
Storage 33%
Network 100%
SAMPLE
= Splunk fully in use = Splunk partially in use = Splunk not in use
Application Development Adoption Chart Template
Applications% Data Indexed
faster test failure
analysis
faster debugging of
code
faster developmentof dashboards
and reports
increaserevenue with
business analytics
SAP 0%
Warehouse 30%
E-Commerce Website 0%
Call Center 25%
PeopleSoft 50%
Service Now 50%
SAMPLE
= Splunk fully in use = Splunk partially in use = Splunk not in use
Security & Compliance Adoption Chart Template
Data Sources%
Indexed
Automated Log
Collection
Monitoring and
Alerting
Faster Level 1 Triage
Faster Incident
Response
Streamlined Compliance Reporting
AutomatedContinuous Compliance
Automated Routine Log
Reviews
Threat Intel:(3rd Party)
0%
Threat Intel:(OS Blacklist)
30%
Network:(Firewall)
20%
Network:(IDS/IPS)
25%
Endpoint:(PCLM)
70%
Access & Identity Mgt
70%
SAMPLE
= Splunk fully in use = Splunk partially in use = Splunk not in use
Security Critical Security Controls
Critical Control In Place?
Monitor unauthorized devices or software
Monitor unmanaged devices or software
Monitor configuration compliance
Monitor patch compliance
Monitor malware defense
Monitor application software security
Monitor wireless access control
Analyze audit logs with time-based correlation
SAMPLE
Critical Control In Place?
Monitor use of ports, protocols, and services
Monitor controlled use of admin privileges
Monitor perimeter IDS
Monitor controlled / uncontrolled access
Monitor orphan, expired, miss use of accounts
Monitor potential exfiltration of information
Monitor secure IP restriction policies
Maintain data going back months
= Splunk fully in use = Splunk partially in use = Splunk not in use
Enterprise Adoption Chart Template
= Splunk fully in use = Splunk partially in use = Splunk not in use
Production Support Application Development Security & Compliance
TOP 5 FSI Applications
reduce frequency
of incidents
accelerate incident MTTR
streamline post
incident reviews
optimize server
capacity
faster test failure
analysis
faster debugging
of code
faster developmentof dashboards
and reports
increaserevenue with
business analytics
reduce risk of fraud
reduce risk of data
breach
reduce risk of
IP theft
efficient audit
activities
automate routine
procedures
Online Banking
Treasury Internet Banking
Wires
Future Core
Credit Lead
STEP 2 - Document and Measure your Success
Document
noticeable
successes
2 • Document a few success stories of your Splunk usage
• Summarize BEFORE and AFTER Splunk
• Highlight metrics of improvement
• Demonstrating success will help further the cause
• Leverage our success story templates to get you started!
Success story templates• Pick 2 or 3 use cases
• Sit down with your Splunk user for 60 min/use case
• Gather Before and After data to build your story slide(s)
• Follow our questionnaire guidelines
Example of a success story slide
Faster Investigation of Server Events– Mundane issues consume a lot of our time
Examples: Mailflow issues, Webproxy issues, Websites being blocked, etc
Investigation 75% faster
Regained 35% of staff time to work
on higher value activities
– Before Splunk
Difficult to troubleshoot and more time consuming
Hard to get a global picture, if troubleshooting an issue in Tennessee, real issue could be in Ohio
Had to manually investigate 5 to 10 servers, typically
taking 1 to 2 hours to fix mundane issues
50% of our time was spent on these types of issues
– With Splunk
One source of information that can crawl all servers
Mundane issues now resolved in ~30 minutes instead of hours
Regained 35% of staff time, we can now focus on higher value work
Saved over 3,000 hours per year
Step 3 - Position key areas to expand
3
Position
further use
cases
• Identify opportunities by showing usage and gaps
• Socialize your success stories to target groups
• Position potential value with future use cases
• Demonstrate actual Splunk customer successes
• Leverage Splunk customer benchmarks to get you started!
Production Support Application Development Security & Compliance
TOP 5 FSI Applications
reduce frequency
of incidents
accelerate incident MTTR
streamline post
incident reviews
optimize server
capacity
faster test failure
analysis
faster debugging
of code
faster developmentof dashboards
and reports
increaserevenue with
business analytics
reduce risk of fraud
reduce risk of data
breach
reduce risk of
IP theft
efficient audit
activities
automate routine
procedures
Online Banking
Treasury Internet Banking
Wires
Future Core
Credit Lead
Adoption Charts in ActionCan you find 5 Opportunities here?
5
51
2 43
= Splunk fully in use = Splunk partially in use = Splunk not in use
Splunk IT Operations BenchmarksKnow what to project and/or compare how you’re doing
20
Reduced Sev1 and Sev2 incidents by 43%
Reduced MTTR by 95% and reduced escalations by 50%
Improved capacity utilization and avoided $200k in infrastructure
15% to 45% reduction in system incidents
70% to 90% faster investigation of system incidents
67% to 82% reduction in financial impact from outages
5% to 20% optimization with server capacity allocation
Splunk Application Support/Dev BenchmarksKnow what to project and/or compare how you’re doing
21
15% to 45% reduction in application incidents
70% to 90% faster investigation of QA defects and incidents
10% to 50% faster time to market
10% to 50% increase in value for key projects
Went from 1 release/day to 8 because of Splunk
Shortened their development cycles by 30%
Reduced the number of incidents leading to 9M Euro per year in revenue recaptured
Splunk Security & Compliance BenchmarksKnow what to project and/or compare how you’re doing
22
70% to 90% improvement with detection and research of events
70% to 90% faster investigation of security incidents
10% to 50% lower risks with data breaches, fraud and IP theft
70% to 90% reduction in compliance labor
Reduced investigation effort by more than 75%
Reduced the time to report on SAS70 compliance by 83%
Reduced the number of security incidents by 80%
Step 4 - Create a CxO-Ready business case
4
Quantify
business value
• Expanding Splunk might require a business case
• Align your project with key goals
• Identify key metrics that drive the most value
• Quantify value first, then the investment
• Defend your case with industry benchmarks
• Leverage our IVA - Interactive Value Assessment tool to get you started!
IVA Highlights
Target your business case Calculate value seamlessly
Be credible Deliver value on the spot!
Choose 1 or many Groups
45 Value CalculatorsAutomatically surface those that are relevant
Built-in Industry Benchmarks and Customer Case Studies
Full Business Case Report
Accessing the IVA
• Interactive Value Assessment
• Excel Spreadsheet
• Work with your rep to gain access to the latest version
• Follow the Impact and Capture All the Value
• Complete Financial Analysis
Plan your Splunk
staffing roles
Execute against a strategy
Other Considerations
Take
incremental
steps
Take incremental steps
Position Value in Expansion Area
Value Opportunity:
• faster detection,
• faster investigation,
• faster root cause analysis of application incidents
• fewer developer escalation
After 3 to 6 months
After 3 to 6 months
Document Success for Server & Network teams
Document Success for App & DB teams Position Value in
Expansion Area
Application Development
Value Opportunity:
• faster test analysis,
• faster investigation of pre-production bugs,
• faster releases cycles
Position Value in Expansion AreaSecurity &
Compliance
Value Opportunity:
• faster detection, faster triage,
• faster investigation of security incidents
Value Realized:
• faster detection,
• faster investigation,
• faster root cause analysis of system incidents
IT OperationsApplication
Support
Execute against a strategy
• Avoid being reactive – don’t drive by data source
• Develop a plan to expand Splunk
• Link the plan to strategic company goals
• Document the anticipated value
• Set baselines for success
• Leverage our Value Roadmap templates
Execute against a strategy
Plan your Splunk Staffing RolesBe sure you have the staff and skills to maximize value
30
A successful and scalable deployment of Splunk relies on the orchestration of key roles and responsibilities, primarily centered around:
Architecture
Administration
User adoption (Power User)
Application development
Basic Communication Framework
31
Architect
Admin
Works with power users to determine which data sources should be indexed to meet each department’s needs
Scales the Splunk architecture to meet business demand
Power Users Department Users
Adds data sources to the Splunk platform according to business needs
Assist power users with the development of advanced dashboards, alerting and reporting
Maintains the Splunk SW and it’s infrastructure for optimal performance
1 Power user per department
Provides basic support for new and existing reports and dashboards
Works with their group to identify opportunities where Splunk can provide value
Splunk Roles & Recommended Training
32
Splunk Roles
Using Splunk
Splunk Administration
Searching and
Reporting
Creating Knowledge
Objects
Advanced Searching & Reporting
DevelopingApps with
Splunk
Developing with Splunk
SDKs
Architect Required Required Optional Optional Optional Optional Optional
Admin Required Required Optional Optional
Power User Required Required Required Optional
Developer Required Optional Required Required Optional Required Optional
for Splunk on-premises
Map Your Roles & Highlight Training Gaps
33
Splunk Architect#name
Splunk Developer
#name
SecurityPower User
#name
CollaborationPower User
#name
DatabasePower User
#name
CRMPower User
#name
NetworkPower User
#name
Financial AppsPower User
#name
Splunk Architect#name
= Fully Trained = Partially Trained = Not assigned
WebPower User
#name
ServerPower User
#name
Your Company
RecapTaking your Splunk Deployment to the next level
4
Quantify
business
value
1
Map your
adoption
chart
3
Position
further use
cases
Document
noticeable
successes
2
Plan your Splunk
staffing roles
Execute against a strategy
Remember to…
Take
incremental
steps
36
The 6th Annual Splunk Worldwide Users’ Conference
• September 21-24, 2015
• The MGM Grand Hotel, Las Vegas
• 4000 IT & Business Professionals
• 2 Keynote Sessions
• 3 days of technical content• 165+ sessions
• 3 days of Splunk University• Sept 19-21, 2015• Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP, etc.• Save thousands on Splunk education!
• 80 Customer Speakers
• 80 Splunk Speakers
• 35+ Apps in Splunk Apps Showcase
• 65 Technology Partners
• Ask The Experts and Security Experts, Birds of a Feather, Chalk Talks and a new & improved Partner Pavilion!
• Register at conf.splunk.com
Prizes in Exchange for Your Survey Feedback!
Text Splunk to 878787
OR
Scan this QR Code
Then stop by our reg desk for a free gift and a chance to win a $100 AMEX gift cards