Friea Berg at Splunk wrote a nice article summarizing some of the latest highlights of how Splunk and Cisco have been teaming up to provide end to end security visibility and protection. You can find the original post HERE.
Over the past 7 years Cisco and Splunk have built a broad and multi-faceted relationship.
Internally Cisco IT, security, engineering and other teams use Splunk software every day for operational intelligence and security analytics. Cisco shared details at Splunk’s 2014 user conference in a session titled “How Cisco IT Moved from Reactive to Proactive and Even Predictive with Splunk” and Cisco’s CSIRT team commented a blog post on Security Logging in an Enterprise “… [W]e moved to Splunk from a traditional SIEM as Splunk is designed and engineered for ‘big data’ use cases.”
Splunk & Cisco have partnered across security, networking, application management, IoT, Big Data and other areas to help our joint customers realize the same value that Cisco gets from Splunk internally.
There’s so much going on, in fact, that a quick snapshot of key highlights from the past 12 months would be useful. Check out our 2014 Top 10 highlights …
- Centralized visibility across Cisco security platforms. Splunk’s fully updated Cisco Security Suite app provides a comprehensive view across Cisco ASA/PIX/FWSM firewalls, web and email security appliances (WSA/ESA), Advanced Malware Protection, Sourcefire, and Cisco Identity Services Engine (ISE). See how security analysts use Splunk and Cisco security platforms before, during and after an attack in this 8 minuteAttack Chain demo.
- End-to-end Threat Protection for Cisco Network Environments. Security analysts can instantly quarantine users and devices from Cisco Security Suite or other Splunk dashboards leveraging Cisco ISE/pxGrid integration. Check out a real-world example of how remediation is being used in a BYOD context for policy enforcement and don’t miss Cisco’s post, More Than Just a Pretty Dashboard: Turn Event Analysis into Action.
- Expose the full value of Cisco Advanced Malware Protection. In 2013 Spunk became the first major SIEM vendor to fully support Cisco Advanced Malware Protection. At RSA 2014 Splunk and Cisco highlighted theCisco eStreamer for Splunk app, which externalizes more AMP/Sourcefire event data than any major SIEM integration.
- Validation of Splunk for Cisco networking and security environments (aka CVD!). A new Cisco Validated Design (CVD) providing design and implementation guidance for integrating a variety of Cisco security and networking technologies incorporates Splunk for visibility and operational intelligence. The Cisco Cloud Security VMDC CVD also outlines how organizations can meet financial (PCI DSS), Health Care (HIPAA) and Federal (FISMA) compliance requirements using Splunk Enterprise as part of the overall Cisco reference architecture.
- Recognizing the awesomsauce of the popular Cisco Networks App. At Splunk’s annual user conference we saluted Datametrix senior consultant and Splunk app developer Mikael Bjerkeland. Get the scoop on Mikael’s Cisco IOS app (now Cisco Networks) and how it delivers centralized visibility across Cisco switches, routers, wireless devices and other infrastructure components.
- Centralized Application Health for ACI. An inaugural Cisco Application Centric Infrastructure (ACI) partner, Splunk has teamed with Cisco to deliver centralized real-time visibility for applications and ACI infrastructures and enable admins to rapidly detect, troubleshoot, and repair faults across multi-tenant environments. Check out Cisco’s perspective on how collaboration with Splunk and the new Cisco ACI and Cisco Nexus Splunk Apps enable comprehensive application health.
- Learning about new, customer-driven Splunk + Cisco IoT use cases. Our joint customers. We love hearing about new, innovative uses that involve analytics at the very edge of the network using Splunk and Cisco. Check out this IoT demo developed for a Splunk theme park customer showing how wireless data collected by Cisco Meraki wireless devices can be used to track queue patterns.
- Accelerating time to value for with proven integrated infrastructure solutions. Recognizing that many Cisco customers have rapidly expanding Splunk environments, Cisco published 4 highly tuned architectures for Splunk that deliver exceptional performance and massive scalability. Check out Cisco Distinguished EngineerRaghu Nambiar’s blog post on Cisco UCS Integrated Infrastructure for Big Data with Splunk Enterprise.
- Showcasing Cisco as a top tier sponsor of Splunk’s annual user conference. Check out Cisco IT, security, IoT and ACI sessions from show here and read about tracking attendee mobile presence using Cisco Meraki wireless devices. There are also some great articles on Cisco VP of advanced services Sanjay Pol’s views on IoT, Cisco and Splunk and how Cisco is building security offerings in partnership with Splunk.
- Spotlighting the broad value of Splunk at Cisco Live US. Splunk and Cisco co-presented strategies forgetting more out of security and BYOD and Splunk ninja Mark Groves shared tips for Developing with Splunk. Cisco highlighted Splunk in an all day CyberRange tectorial, WSA Deployment and troubleshooting, a 4-hour CCNP Security Exam prep session, and a CSIRT session on detecting advanced threats. (p.s. this is really point #10. I blame my blog editing tool)
This is just the tip of the iceberg of the goodness Splunk and Cisco are working on …
If you’re attending Cisco Live Milan please stop by the Splunk booth and say hello. Alternately, if you can’t join us in Italy look for Splunk at Cisco Live Melbourne (March), Cisco Live US (June), conf (Sept) or an upcoming local Splunk Live user group
Finally, block your calendar now for February 24th when Splunk VP Shay Mowlem joins Cisco and other partners for a webcast on Analytics Solutions for Driving Better Business.