Splunk Archives - rSolutions

Splunk – A one field game changer

At rSolutions, we often get asked by clients and people we meet about the power of Splunk and why we’re so invested in the technology. It’s a great question for a number of reasons. In IT, and really technology in general, we’ve become a little used to the notion of a new technology coming out and in no time, it’s lost its lustre. Additionally, when the occasional truly interesting idea comes up, everybody and their dog has a similar technology adaptation on the same principle. Remember sandboxing? It was “disruptive” when it came out, and in time other companies found ways to get their technology synced to the same mental real estate that makes it more of a commonality instead of technological disruption. The disruptive, turned commonplace. It’s almost becoming a foundational law of technology. Something new and shiny comes out, its disruptive for a time, then its not, then something else comes along.

The Splunk Difference

So what makes Splunk different? We think it’s the rate of advancement in the Big Data analysis space that will keep it ahead of the pack for the foreseeable future. But instead of boring you with advantages that sound more like a sales pitch, we want to tell you tell you a story about how it helped a client. The proof is in the pudding (whatever that means…long story short, we’ll prove it)!

Because we’re a security company, naming names is not something we do, but we can tell you about a scenario where a client changed their business with visibility into just one field.

Web proxy logs contain some interesting data points, but not least of which is the user agent field. One common use of the user agent field is to log information about the browser of the computer that is accessing the page and some tidbits about the operating system. This allows the web site to customize content for the capabilities of a particular device, but it may also raise security issues.

Welcome to the Splunk Dashboard

We created a Splunk dashboard for our client on this one unremarkable field (one of many) and with it the business was instantly afforded 3 major insights. The first was AV.

Using the dashboard the Security Administrator had instant visibility into who had unauthorized AV running in their environment by the calls it was making out, he saw those calls were using improper ports and that because some of these AV were unsupported, they also weren’t being updated.

With this new visibility the Admin was able to create specific and targeted actions to the team to remediate the outdated supported AV, get rid of unsupported AV and patch holes created by competing AV operating in the environment caused by these less-than-helpful-but-well-intentioned removals or additions.

The next insight was visibility into the Operating Systems running in the environment. Once again, this single but useful dashboard showed there were a few systems still running…wait for it…Windows XP. Yep, XP. An all together unsupported OS still clunking away because (let’s call him “Tyler”) Tyler from Communications branch doesn’t like change. He hid from the upgrade years ago and has been secretly indulging in the comfort of unchanging features of XP. What Tyler didn’t know (or care about) was that XP hasn’t had a security patch since April 8th, 2014 – over two years at the time of work with the client.

The next day our security admin was able to get the security team zeroed in on replacing those relics, and allowed more of his organization to enjoy computing in the modern era. And with solitaire, spider and minesweeper now fully disengaged, the organization is now getting better yield from Tyler. Win-win!

The Insight of Data Visualization

The last insight was probably the largest and most useful. By looking at the data visualizations afforded by Splunk our security admin was able to see the callouts made by web-enabled apps. By filtering the view to unanswered calls out for information by these apps, they were able to quickly identify missing patches, security vulnerabilities, outdated apps and more. Once again, data insights allowed the security admin to instantly see vulnerabilities and make plans to remediate them quickly.

Just one dashboard. One dashboard allowing them to identify potential weaknesses, head off some challenges that had the potential to be incredibly time-consuming and be pro-active in addressing issues instead of reactive and it came from insights easily shown in Splunk.

This, for us, is one of the best Splunk stories, because its an incredibly common one. We see every day how businesses become more efficient in ways they never dreamed possible, how organizations can improve their security posture because all data is now security-relevant and how visibility can help you better predict outcomes based on the data you already have.

March 14, 2017/0 Comments/by Carter

IT Security and Data Analytics Firm, rSolutions, brings home award for International Excellence

Awards, Splunk

(LAS VEGAS, NV/ REGINA, SK)

Information Technology Security Firm rSolutions was honoured last night with the Americas Rookie Partner of the Year award at Splunk’s Global Partner Summit at the MGM Grand in Las Vegas, Nevada. This award puts rSolutions among the elite Splunk Partners in North America and around the world.

rSolutions was founded in 2010 with a vision to do business differently, with a greater focus on customer care. As business grew, they soon came to realize that all organizational data was relevant to IT security and operational intelligence. In 2011, rSolutions became one of a few vendors world-wide to carry Splunk (NASDAQ: SPLK) which is now the world’s leading Big Data Analytics and Machine Learning platform, utilized by over 80% of the Fortune 100.

Since 2011, rSolutions has building their strategic partnership with Splunk and is now the leading Splunk Elite Partner in Canada providing Splunk licensing, Professional Services, and Splunk Managed Services. rSolutions commitment and involvement with Splunk includes a seat on Splunk’s Technical Advisory Council, as well as the Splunk North America Partner Advisory Council. With staff in three provinces, rSolutions services clients from across North America.

Richard Baker is an MBA graduate of the Levene School of Business from the University of Regina and holds numerous security and vendor designations as the CEO of rSolutions. “Being honoured with an award from the leadership of Splunk is really special for us personally at rSolutions, but also for Information Security community, which is growing and prosperous.” Richard said. rSolutions’ international recognition illustrates that Saskatchewan’s technology sector is of international calibre and that companies from here can do business around the world.

“The award is nice, anytime you get acknowledged by your peers and partners it’s a good feeling, but it’s also personally validating – when we partnered with Splunk, I knew it was game-changing technology, but the way they innovate and change is really what keeps them, and by extension us at rSolutions, ahead of the competition.” Richard said.

Although rSolutions has been working with Splunk for many years, posting one of the world’s largest Splunk sales and continued excellence in implementation made rSolutions the clear choice for the award for what Splunk leadership called a ‘truly breakout year’.