The Expanding Use of Machine Data: Notes on the SplunkLive Event
In the world of “big data,” one of the fastest growing, most complex, and least understood processes is the idea of “machine data.” In an enterprise, machine data contains a definitive record of all user transactions, sensor activities, customer behaviors, security threats, fraudulent activities, and so forth. It creates a comprehensive “tour de force” analysis of activities for cybersecurity officers. Yet for most IT organizations, making effective use of such a diverse set of data remains a challenge.
In March 2017, Splunk – a leading platform for operational intelligence that the Department of Homeland Security (DHS) itself uses – sponsored an exciting event, “SplunkLive” in Washington, DC. The event featured keynote speakers, use cases, and breakout sessions. The keynote speaker, a Senior Vice President at Splunk, emphasized the need to make machine data accessible, usable, and valuable. Another speaker – a retired FBI agent who had worked on the Boston Marathon bombing – discussed how teamwork and collaboration helped in resolving the famous case.
Giveaway from Sessions
Two of the breakout sessions were noteworthy. “Building an Analytics-Driven Security Operation Center” provided important insights into improving enterprise security by leveraging new technologies and strategies, including:
- using advanced analytics;
- improving threat detection and incident responses;
- understanding threat intelligence;
- going on “threat hunts;” and
- engaging in deep investigations.
Another workshop sessions, “The Power of SPL,” covered Search Processing Language (SPL), a Splunk tool that analyzes search commands and their functions, arguments, and clauses. The leader provided an overview of searching and filtering through data, charting statistics, predicting values, converging data sources, and the direction of data science.
Not all cybersecurity risks can be stopped – as we have seen with many famous cases of cyber-vandalism in just the past few years. But it is clear that technologies like Splunk are doing their part to make the world safer from threats.