Ziften at .conf2017
Like so many of you, we’re still recovering from Splunk .conf last week. As usual, .conf had great energy and the people who were in attendance were passionate about Splunk and the many use cases that it offers through the large app ecosystem.
One important announcement during the week worth mentioning was a new security offering known as “Content Updates,” which essentially is pre-built Splunk searches for helping to detect security incidents.
Basically, it takes a look at the newest attacks, and the Splunk security team creates new searches for how they would hunt through Splunk ES data to find these types of attacks, and then ships those new searches down to customer’s Splunk ES environments for automatic alerts when seen.
The best part? Because these updates are using mostly CIM (Common Information Model) data, and Ziften populates a lot of the CIM models, Ziften’s data is already being matched against the new Content Updates Splunk has created.
A quick demo showed which vendors are contributing to each type of “detection” and Ziften was mentioned in a large number of them.
For example, we have a recent blog post that shares how Ziften’s data in Splunk is used to detect and respond to WannaCry.
Ziften at Splunk .conf 2017
Overall, with the ~500 people who came by the booth over the course of .conf I have to say it was one of the best events we’ve done in terms of quality discussions and interest. We had nothing but positive reviews from our in-depth discussions with all walks of corporate life – from highly technical analysts in the public sector to CISOs in the financial sector.
The most common conversation usually started with, “We are just starting to roll out Splunk and are new to the platform.” I like those, since people can get our Apps for free and we can get them an agent to try out and it gets them something to utilize right out of the box to show value immediately. Other folks were very seasoned and really liked our approach and architecture.
Bottom line: People are genuinely excited about Splunk and real solutions are available to help people with real problems!
Curious? The Ziften ZFlow App and Technology Add-on helps users of Splunk and Splunk ES use Ziften-generated extended NetFlow from endpoints, servers, and cloud VMs to see what they are missing at the edge of their network, their data centers, and in their cloud deployments.