We recently delivered a presso that described how DotSec has used Splunk for a number of interesting projects. (In preparing the presso, I was a bit shocked to discover that we’ve actually been using Splunk now for over 12 years! Fun times!) Anyhow, our presentation was quite interactive, and it covered off four projects which pretty-well summarise work that we do at DotSec on a fairly regular basis:
- Splunk for compliance. Lots of our customers have compliance requirements, especially regarding PCI DSS, IRAP and ISO 27001. Other customers are keen to align their computing environment with accepted infosec best practice. Logging, monitoring, reporting and alerting is a big part of achieving compliance with almost any framework or best-practice guideline, and this part of the presso showed how easily DotSec has used Splunk to help in meeting our customers’ compliance goals.
- Splunk for due diligence. As shown in at least one news article almost every week, attackers are often successful in their goal of compromising and misusing any organisation’s information systems. When this worse case event happens, directors and C-level officers need to be able to show that the compromise was not as a result of negligence. O365 has been a key component in at least four recent incident-response jobs so it’s clear that O365 security needs to be included in any due diligence planning. Furthermore, insurance underwriters are increasingly including questions in their coverage applications that seek to understand how effectively an organisation manages and secures its corporate computing environment. This part of the presso discusses Splunk in the context of insurance coverage and obligations.
