SlideShare a Scribd company logo

Managing SCADA Operations and Security with Splunk Enterprise

Splunk
Splunk
Technology
1 of 14
Copyright © 2015 Splunk Inc. Managing SCADA Operations and Security with Splunk Enterprise
2 Will Gage Supervisor, SCADA Infrastructure and Cyber Security Enterprise Products Partners, L.P.
3 Agenda About Enterprise Products Partners About the SCADA Infrastructure and Cyber Security Team Where We Were Where We Are Where We Are Headed What You Can Do Too
4 Enterprise Products Partners
5 SCADA Infrastructure and Cyber Team
6 How We Got Started Recognizing the operational differences between OT and IT Recognizing the technical similarities between OT and IT Supporting the SCADA Systems before Splunk Difficulties meeting SLA’s (Regulatory)
7 Splunk Enterprise at EPD AlertsMessages Metrics ChangesScriptsConfiguration s Log Files DatabasesNetworks Servers Virtual Machines Custom Applications Security Tickets Web Servers • Infrastructure and Applications Ops • Cyber Security • Improving SLAs
8 Infrastructure Operations Improving SCADA Network Availability and Performance • Augmenting SCOM • Need for rapid recovery • Impacts on safety and availability
9
10 Cyber Security Protecting Critical Infrastructure Against Threats • Palo-Alto project • Supporting VPN environments • Monitoring firewalls for alarming activity • Monitoring of industrial protocols
11 Improved SLA’s Adhering to PHMSA requirements with Splunk Enterprise • Aware of issues within 30 seconds • Rigorous escalations • Prescriptive alerting • Resolution in 4 minutes or less
12 What’s Next
13 Top Takeaways OT and IT are both similar and different Best practices for managing operations, cyber security and SLA’s with Splunk Enterprise How you too can be a SCADA superhero with Splunk Enterprise
Thank You

Recommended

Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
Splunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial EnvironmentSplunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial EnvironmentSplunk
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk
 
Machines are Talking. Are You Listening?
Machines are Talking. Are You Listening?Machines are Talking. Are You Listening?
Machines are Talking. Are You Listening?Splunk
 
Protect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureProtect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureQ1 Labs
 
SplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunk
 
Splunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial Environment Splunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial Environment Splunk
 
SplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunk
 

Recommended

Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
Splunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial EnvironmentSplunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial EnvironmentSplunk
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk
 
Machines are Talking. Are You Listening?
Machines are Talking. Are You Listening?Machines are Talking. Are You Listening?
Machines are Talking. Are You Listening?Splunk
 
Protect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureProtect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureQ1 Labs
 
SplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunkLive! Customer Presentation – Harris
SplunkLive! Customer Presentation – HarrisSplunk
 
Splunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial Environment Splunk for Monitoring and Diagnostics in the Industrial Environment
Splunk for Monitoring and Diagnostics in the Industrial Environment Splunk
 
SplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunk
 
SplunkLive! Customer Presentation - ExxonMobil
SplunkLive! Customer Presentation - ExxonMobilSplunkLive! Customer Presentation - ExxonMobil
SplunkLive! Customer Presentation - ExxonMobilSplunk
 
Viasat Customer Presentation
Viasat Customer PresentationViasat Customer Presentation
Viasat Customer PresentationSplunk
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_SolutionSteve Lim
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Thingsaliciasyc
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk
 
SplunkLIve! Warsaw IoT Session
SplunkLIve! Warsaw IoT SessionSplunkLIve! Warsaw IoT Session
SplunkLIve! Warsaw IoT SessionSplunk
 
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunk
 
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunk
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunk
 
Monitoring a Database Driven System Utilizing Splunk's DB Connect
Monitoring a Database Driven System Utilizing Splunk's DB ConnectMonitoring a Database Driven System Utilizing Splunk's DB Connect
Monitoring a Database Driven System Utilizing Splunk's DB ConnectSplunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomGeorg Knon
 
Catch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineCatch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineSplunk
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
Transcend Automation's Kepware OPC Products
Transcend Automation's Kepware OPC ProductsTranscend Automation's Kepware OPC Products
Transcend Automation's Kepware OPC ProductsBaiju P.S.
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
SplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT BreakoutSplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT BreakoutSplunk
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 

More Related Content

What's hot

SplunkLive! Customer Presentation - ExxonMobil
SplunkLive! Customer Presentation - ExxonMobilSplunkLive! Customer Presentation - ExxonMobil
SplunkLive! Customer Presentation - ExxonMobilSplunk
 
Viasat Customer Presentation
Viasat Customer PresentationViasat Customer Presentation
Viasat Customer PresentationSplunk
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_SolutionSteve Lim
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Thingsaliciasyc
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk
 
SplunkLIve! Warsaw IoT Session
SplunkLIve! Warsaw IoT SessionSplunkLIve! Warsaw IoT Session
SplunkLIve! Warsaw IoT SessionSplunk
 
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunk
 
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunk
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunk
 
Monitoring a Database Driven System Utilizing Splunk's DB Connect
Monitoring a Database Driven System Utilizing Splunk's DB ConnectMonitoring a Database Driven System Utilizing Splunk's DB Connect
Monitoring a Database Driven System Utilizing Splunk's DB ConnectSplunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomGeorg Knon
 
Catch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineCatch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineSplunk
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
Transcend Automation's Kepware OPC Products
Transcend Automation's Kepware OPC ProductsTranscend Automation's Kepware OPC Products
Transcend Automation's Kepware OPC ProductsBaiju P.S.
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 

What's hot (20)

SplunkLive! Customer Presentation - ExxonMobil
SplunkLive! Customer Presentation - ExxonMobilSplunkLive! Customer Presentation - ExxonMobil
SplunkLive! Customer Presentation - ExxonMobil
 
Viasat Customer Presentation
Viasat Customer PresentationViasat Customer Presentation
Viasat Customer Presentation
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Things
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
 
SplunkLIve! Warsaw IoT Session
SplunkLIve! Warsaw IoT SessionSplunkLIve! Warsaw IoT Session
SplunkLIve! Warsaw IoT Session
 
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
 
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech ComputertechnikSplunkLive! Wien 2016 - Use Case TTTech Computertechnik
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für Security
 
Monitoring a Database Driven System Utilizing Splunk's DB Connect
Monitoring a Database Driven System Utilizing Splunk's DB ConnectMonitoring a Database Driven System Utilizing Splunk's DB Connect
Monitoring a Database Driven System Utilizing Splunk's DB Connect
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at Airbus
 
SplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - ExactSplunkLive! Utrecht 2016 - Exact
SplunkLive! Utrecht 2016 - Exact
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
Catch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineCatch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf Online
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXP
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Transcend Automation's Kepware OPC Products
Transcend Automation's Kepware OPC ProductsTranscend Automation's Kepware OPC Products
Transcend Automation's Kepware OPC Products
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS
 

Similar to Managing SCADA Operations and Security with Splunk Enterprise

SplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT BreakoutSplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT BreakoutSplunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco Splunk
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingGeorg Knon
 
Peloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWS
Peloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWSPeloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWS
Peloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWSAmazon Web Services
 
How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic Sumo Logic
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerSplunk
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsGabrielle Knowles
 
SplunkLive Auckland - Operational Intelligence
SplunkLive Auckland - Operational IntelligenceSplunkLive Auckland - Operational Intelligence
SplunkLive Auckland - Operational IntelligenceSplunk
 
SplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational IntelligenceSplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational IntelligenceSplunk
 
Customer Presentation - QuikTrip
Customer Presentation - QuikTripCustomer Presentation - QuikTrip
Customer Presentation - QuikTripSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DayZivaro Inc
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics DayZivaro Inc
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 

Similar to Managing SCADA Operations and Security with Splunk Enterprise (20)

SplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT BreakoutSplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT Breakout
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
 
Peloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWS
Peloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWSPeloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWS
Peloton Cycle Streaming Live Spin Classes to Thousands with Loggly & AWS
 
How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
 
SplunkLive Auckland - Operational Intelligence
SplunkLive Auckland - Operational IntelligenceSplunkLive Auckland - Operational Intelligence
SplunkLive Auckland - Operational Intelligence
 
SplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational IntelligenceSplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational Intelligence
 
Customer Presentation - QuikTrip
Customer Presentation - QuikTripCustomer Presentation - QuikTrip
Customer Presentation - QuikTrip
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech Day
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics Day
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Managing SCADA Operations and Security with Splunk Enterprise

  • 1. Copyright © 2015 Splunk Inc. Managing SCADA Operations and Security with Splunk Enterprise
  • 2. 2 Will Gage Supervisor, SCADA Infrastructure and Cyber Security Enterprise Products Partners, L.P.
  • 3. 3 Agenda About Enterprise Products Partners About the SCADA Infrastructure and Cyber Security Team Where We Were Where We Are Where We Are Headed What You Can Do Too
  • 6. 6 How We Got Started Recognizing the operational differences between OT and IT Recognizing the technical similarities between OT and IT Supporting the SCADA Systems before Splunk Difficulties meeting SLA’s (Regulatory)
  • 7. 7 Splunk Enterprise at EPD AlertsMessages Metrics ChangesScriptsConfiguration s Log Files DatabasesNetworks Servers Virtual Machines Custom Applications Security Tickets Web Servers • Infrastructure and Applications Ops • Cyber Security • Improving SLAs
  • 8. 8 Infrastructure Operations Improving SCADA Network Availability and Performance • Augmenting SCOM • Need for rapid recovery • Impacts on safety and availability
  • 9. 9
  • 10. 10 Cyber Security Protecting Critical Infrastructure Against Threats • Palo-Alto project • Supporting VPN environments • Monitoring firewalls for alarming activity • Monitoring of industrial protocols
  • 11. 11 Improved SLA’s Adhering to PHMSA requirements with Splunk Enterprise • Aware of issues within 30 seconds • Rigorous escalations • Prescriptive alerting • Resolution in 4 minutes or less
  • 13. 13 Top Takeaways OT and IT are both similar and different Best practices for managing operations, cyber security and SLA’s with Splunk Enterprise How you too can be a SCADA superhero with Splunk Enterprise

Editor's Notes

  1. Overview of Combined Operations Pipelines 51,000 miles of natural gas, NGL crude oil, refined products and petrochemical pipelines Storage (Salt Dome) 225 million barrels (MMBbls) of NGL, refined products and crude oil storage capacity 14 billion cubic feet (Bcf) of natural gas storage capacity Natural Gas Processing 24 natural gas processing plants Marine Services 63 tow boats 131 barges Fractionation 22 NGL and propylene fractionators Platforms 6 offshore hub platforms NGL Import/Export Terminals Houston Ship Channel Import Terminal offloading capacity – 14 MBbls/hr Houston Ship Channel Export Terminal loading capacity – 7.5 MMBbls/mo
  2. Before Splunk: Basically, control desks would notice inactivity, data not updating, or all data disappears. Talk to each other, shift supervisor. Call NOC, NOC calls SCADA on-call, escalate to SIG. Level of Service Agreement is 5 minutes of downtime per PHIMSA.
  3. 99% of data is datacenter based. 1% are workstations. Alarms and events.   Servers: Universal Forwarders – using deployment servers, apps: Windows, WMI, AD, not gathering data yet from the SCADA applications, but is monitoring failover, etc of SCADA applications from WMI. Plan is to test primary SCADA systems (events, alarms, etc). First priority: Errors and warnings (from SCADA process). Will also be adding connectivity via DBConnect 2 to SQL database (events, alarms, authentication, SCADA DB changes), communications statistics.
  4. Infrastructure and Application Operations Biggest piece is insight into when services fail and the IT systems don’t catch it. IT org uses SCOM and there are pieces of information that SCOM misses and Splunk catches. Never missed a significant issue with Splunk. Worked through a number of issues in new system – have to bring back system as quickly as possible – for example – issue shuts down control desk. They are a safety service solution. Quickly act upon this. Before Splunk: Basically, control desks would notice inactivity, data not updating, or all data disappears. Talk to each other, shift supervisor. Call NOC, NOC calls SCADA on-call, escalate to SIG. Level of Service Agreement is 5 minutes of downtime per PHIMSA. After Splunk : They know within 30 seconds. Rigorous escalation group – after hours, if nobody calls in and responds, every time they have had an issue they’ve been able to resolve in 4 mins or less. Immediately alerted on issues. Alerts are prescriptive alerts. Email contains diagnosis, location, etc.
  5. Security Palo Alto Project Looking for ways to do more with less. Palo Alto SCADA monitoring will deliver data to Splunk Support VPN Environment IDS Also watching SCADA firewalls (between SCADA and Corporate LAN) Various types of protocols across firewall. Looking at types of protocol data Modbus Fisher-ROC Allen Bradley (All 4 ver)
  6. Example of a few Alerts we have setup. As well as an email.
  7. Continue to get a handle on Cyber Security in ICS with Enterprise Security Add host monitoring to correlate with OS level information to help understand system performance. Also looking into “System” collections to show system status in Splunk AppEnsure may be able to be used to look for Critical Data processing bottlenecks or control points.