Upload
marcus-panasan
View
238
Download
0
Embed Size (px)
Citation preview
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
1/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
SecurityBaseline eLearning
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
2/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
How do we compete
and succeed?
4
Case Study Examples
Competition
Discovery Questions
Modules
Who do we sell to?
1
Market Trends
Market Opportunity
Buyer Personas
How does it work?
3
Splunk Positioning
Features
Why do they buy?
2
Current Challenges and
Consequences
Future Vision and
Business Outcomes
Why do they buy?
2
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
3/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Module 1
3
Who do we
sell to?
1 Market Trends
Market Opportunity
Buyer Personas
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
4/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Security is Making $$ at Splun
About 30% of Splunk bookings
Customers are getting our Big Data forsecurity and more than a SIEM
messages
Security continues to make headlines:
4
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
5/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Advanced Threats in the Headlin
Cyber Criminals
Nation States
Insider Threats
160 million credit cards later, cutting edge hacking NBC News, July 2013
Banks Seek U.S. Help on Iran Cyber attacks
Wall Street Journal, Jan 2013
Verizon: Most Intellectual Property Theft Involves Co
Dark Reading, Oct 2012
5
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
6/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Target Market
Overall, SIEM is a $1B+ market
We compete for SIEM dollarswith a solution that is rapidly
eclipsing SIEMs in importance!
Overlap and cross selling
opportunities that involve
security DesVirtua$0.4
NetworkMgmt$3.4B
ServerVirtualization
Mgmt$2.4B
Event Correlation& Analysis$1.4B
Change &Config Mgmt
$4.9B
DesktopMgmt$1.3B
ServerMgmt
$420MM
ServiceDesk
$1.4B
Non SaaSCloud
Services$5.6B
A
SIEM/$
Web Analytics$1.0 B
End UserExperienceMonitoring$240MM
DatabaseMgmt$2.3B
ApplicMg$3.4
6
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
7/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Target Buyers
7
VP/Dir Information Security PhysicSecurity Analyst
Influencers
CISO
Meet Your Top Prospects
How do we prevent attacks?
How can I prevent data loss and revenue impact?
How can I ensure
Compliance as part of a
broader Security message?
Are
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
8/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Key Learning PointsModule
8
Security Market InfluBuyers
Security is top of mind
Require a Big Data
Approach
Security A
sometime
Overlap a
opportunsecurity
Its the CISO you want to talk
to (the Chief Information
Security Officer)
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
9/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Module 2
9
Why do they
buy?
2 Current Challenges a
Consequences
Future Vision and
Business Outcomes
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
10/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Security Information & Event Managis comprised of
Real-time moni
correlations, ale
Incident investimanagement
Use case: threa
Long-term data storage
Log / data analysis
Compliance ReportingUse case: compliance
Security Information Management (SIM) Security Event Mana
10
http://www.google.com/url?sa=i&rct=j&q=funnel&source=images&cd=&cad=rja&docid=PBipwkOCGN3PhM&tbnid=dhcoTi5J3C-tPM:&ved=0CAUQjRw&url=http://wonderfunnel.com/category/funnel-parts/&ei=VFsQUYv3BISpiAfRzYH4AQ&bvm=bv.41867550,d.aGc&psig=AFQjCNGwNEJV6p0-v5O9G4m9E7rEdj6PwQ&ust=13601128201063198/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
11/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Before Splunk State
Traditional SIEMs have significant
limitations and fail to deliver
Advanced threats evade detection
IT Security is outgunned by the adversaries
IT Security is reactive, not proactive
Data loss occurs frequently and often goesunnoticed
Reduced revenue as data loss re
damage and customers leaving
Higher costs from data loss relat
fines, lawsuits, or intellectual pr
Higher costs from inefficient inc
downtime, and threat clean up Weak security posture
Board and executives are under
11
CustomerChallenges
Business/ITConsequences
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
12/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
After Splunk State
Scalable solution that can index all data
types and quickly search it
Fast, efficient incident investigations and
security reporting
Ability to do real-time correlations, alerts,
and advanced threat detectionAbility to do real-time correlations, alerts,
and advanced threat detection
Single, enterprise-wide solution with all
data used for many use cases
All relevant data available for inv
threat detection
Reduced costs from faster and le
well as faster threat eradication
Reduced costs and less lost reve
Improved ROI and departmenta
12
FutureVision
BusinessOutcomes
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
13/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Key Learning PointsModule
13
SIEM SplunkCustomerChallenges
SIEM is comprised of two
different products -
Security Information
Management and SecurityEvent Management.
Single ent
for all dat
All data is
Traditional SIEMs are being
outsmarted
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
14/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Module 3
14
How does it
work?
3 Splunk Positioning
Features
S l k S it U O Ti
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
15/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Splunk Security Uses Over Time
Security Event
Investigation andForensics
Security/riskReporting
Simple real-timecorrelations andalerts
Find hidd
Time
Often complement
an existing SIEM
Often we are the
SIEM
15
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
16/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Case #1 - Incident Investigation/For
Often initiated by alert in another product
May be a cold case investigation requiringmachine data going back months
Need all the original data in one place and a
fast way to search it to answer:
What happened and was it a false positive?
How did the threat get in, where have they
gone, and did they steal any data? Has this occurred elsewhere in the past?
Take results and turn them into a real-time
search/alert if needed
client=unknown[99
.120.205.249]Jan 2616:27
(cJFFNMS
DHCPACK=A
SCII from
host=85.196.
82.110
January February Mar
16
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
17/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Case #2Security/Compliance Rep
17
Many types of visualizations
Easy to create in Splunk
Ad-hoc auditor reports
New incident list
Historical reports
SOC/NOC dashboards
Executive/auditor dashboards
C 3 C l ti d Al t
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
18/49
Global Field Enablement - Copyright 2013 Splunk, Inc. 18
Event 1 + Event 2 + Event 3 +
Data Loss Prevention tool
identifies a server as
containing confidential
information
Active Directory identifies a
brute force password-
guessing attack on the server
Within X hours, a new
Administrator role is
created on the server
Possib
trying
confide
Firewall on an internal PC
indicates the PC is being port
scanned from an internal IP
address
Network-based firewall
indicates it is being port
scanned from the same
internal IP address
Within X hours, important
key settings have been
changed on the suspicious
machine associated with
the internal IP address
The m
the IP
been c
threat
reconn
Vulnerability scanner showsthat an internal server has an
unpatched OS
Intrusion Detection Systemsees an external attack on
that specific server that
exploits the vulnerability in
the OS
The sesucces
Case 3Correlations and Alerts
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
19/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Unknown threats
APT / malicious insider Spear-phishing and social
engineering
Zero-day vulnerabilities
Custom malware
Actions hidden behind normal user
credentialed activity Move slowly and quietly
Evade detection
Case 4Advanced Persistent Threat Pa
Infiltration Back Door Data
GathRecon
Phishing or
web drive-
by. Email has
attached
malware or
link to
malware
Malware
installs
remote
access
toolkit(s)
Malware
obtains
credentials to
key systems
and identifies
valuable data
Data
acqui
stage
exfiltr
19
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
20/49
Global Field Enablement - Copyright 2013 Splunk, Inc. 20
Security Relevant Data
SIEM
All Security
Relevant Data
Normal user and machine gene
behind credentials. Includes Unkno
Security data, or alerts from po
products. Known threa
APT Step 1: CollectALLThe Data in One Loca
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
21/49
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
22/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Splunk: The Security Intelligence Pla
22
All Your Machine Data Many Secur
AdvancDet
Real-time
and
Inc
Investigati
Securit
rep
T diti l SIEM Li it ti
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
23/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Traditional SIEM LimitationsTraditional SIEMSplunk Can be multiple products
Often costly, physical appliances
Difficult to deploy; long time to value
Reliant on vendors collectors
DB schema and normalization limits
investigations and correlations
Scalability issues due to DB
Lack of search & reporting flexibility l
ability to find outliers/anomalies Specializes in Known Threat detectio
Closed platform with no APIs, SDKs, A
Only security/compliance use cases
23
Industry Accolades
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=KrnbtSJRr7d96M&tbnid=-VijKkkrHgQMXM:&ved=0CAUQjRw&url=http://sweetclipart.com/green-dollar-sign-735&ei=dEI6UsaRGorrrAHq8YHQCQ&psig=AFQjCNEQcZdZhrk3M4IlVxVZati_rKPJHA&ust=1379636207307015http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=gm8FgcL8iynPOM&tbnid=-Qr1VlWaZ4Q_QM:&ved=0CAgQjRwwAA&url=http://www.veryicon.com/icons/system/fresh-addon/funnel.html&ei=ET86Uo2qEdKJrQGvx4HYAg&psig=AFQjCNGfSD8WeIkUdfKKfK3AI7o3DnxZBA&ust=13796353453774998/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
24/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Industry Accolades
Best SIEM
Solution
Best Enterprise
Security Solution
24
One Solution; Three Main Offer
http://www.google.com/url?sa=i&rct=j&q=sc%20magazine%202012%20winner%20europe&source=images&cd=&cad=rja&docid=_YcqgHXrP1KcvM&tbnid=AouvV4OtQpBt4M:&ved=0CAUQjRw&url=http://www.cyber-ark.com/news-events/awards.asp&ei=LiUEUsDiM5CgyAG09IHYCA&bvm=bv.50500085,d.cGE&psig=AFQjCNGzw_98z2HqhxqDmgXC3WTcYGxWXA&ust=13760897695088368/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
25/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
One Solution; Three Main OfferMajority of customers use 1 & 3 below
25
2. Splunk App for
Enterprise
Security (cost)
Splunk App for Enterprise Secur
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
26/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Splunk App for Enterprise SecurPre-built searches, alerts, reports, dashboards, workflo
Incident Management ViewDashboards and Reports
Statistical Outliers Asset and Identity
26
K L i P i t M d l
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
27/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Key Learning PointsModule
27
Machine Data One Sooffe
Common Uses ofSplunk for Security
Machine data is one ofthe fastest, growing,most complex and mostvaluable segments of bigdata.
All Machine Data issecurity relevant
Splunk En
Splunk Ap
Security
Additiona
Security Event Investigation
and Forensics
Security/risk Reporting
Simple real-time correlationsand alerts
Find advanced, hidden threats
M d l 4
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
28/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Module 4
28
How do we
compete and
succeed?
4 Case Study Examples Competition
Discovery Questions
R l i SIEM @ C d C t
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
29/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Replacing a SIEM @ Cedar Cresto Challenges:Inflexible SIEM
Difficult to index non-security or custom app data without Prof Serv
SIEM could not provide who/what/where context
Inflexible parsing, visualizations, and reporting
Limited correlations rules and ability to tailor them
Enter Splunk: Flexible SIEM covering many use cases Easily index any data from any source. Saved $200k+ in Prof Serv & conn
Flexible search and reporting, including anomaly detection and custom
Helps customers be compliant, including for PCI and SOX Used by security and operation teams for strong ROI
We replaced a SIEM that we had before with Splunk and the SEnterprise Security. The other SIEMs vision seemed right but
brittle and got more so over time.
Dan Frye, VP Security
29
R l i SIEM @ Ci
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
30/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Replacing a SIEM @ Cisco Challenges:SIEM could not meet security needs
Very difficult to index non-security or custom app log data
Serious scale and speed issues. 10GB/day and searches took > 6 minute
Difficult to customize with reliance on pre-built rules which generated f
Enter Splunk: Flexible SIEM and empowered team Easy to index any type of machine data from any source
Over 60 users doing investigations, RT correlations, reporting, advanced
All the data + flexible searches and reporting = empowered team
900 GB/day and searches take < minute. 7 global data centers with 350 Estimate Splunk is 25% the cost of a traditional SIEM
We moved to Splunk from traditional SIEM as Splunk is designengineered for big data use cases. Our previous SIEM was n
could not scale to the data volumes we have.
Gavin Reid, Leader, Cisco Computer Security Incident Respo
30
SIEM Performance Comparison @
http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=Ys6wUbUDiATumM&tbnid=KhLtjx32PHDnGM:&ved=0CAgQjRwwAA&url=http://www.huntlogo.com/cisco-logo/&ei=38NUUfrUDa3oigLxhIHQDg&psig=AFQjCNHhuHMS0i2zVrwhAs7ut6zmccuG6A&ust=13645960632617828/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
31/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
SIEM Performance Comparison @
31
17
350356
100
50100
150
200
250
300
350
400
Avg Query Time (seconds) Data Indexed (GB/day)
Query Time vs. Indexed Data
Splun
SIEM
$500k Security ROI @ Interac
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
32/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
$500k Security ROI @ Interac Challenges:Manual, costly processes
Significant people and days/weeks required for incident investigations
No single repository or UI. Used multiple UIs, grepdlog files, reported
Traditional SIEMs evaluated were too bloated, too much dev time, too
Enter Splunk: Fast investigations and stronger security Feed 15+ data sources into Splunk for incident investigations, reports, r
Splunk reduced investigation time to hours. Reports can be created in m
Real-time correlations and alerting enables fast response to known and
ROI quantified at $500k a year. Splunk TCO is less than 10% of this.
Splunk is a product that provides a looking glass into our enviwe previously couldnt see or would otherwise have taken da
Josh Diakun, Security Specialist, Information Security Operat
32
Security and Compliance @ Barc
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=0o1nqeEm3viL-M&tbnid=d-z2E15cXBeCtM:&ved=0CAUQjRw&url=http://chairmanoftheboard.wordpress.com/2011/10/15/things-i-am-not-down-with-interac-chips/&ei=Ac1UUeq1Mcr9lAW32oGICg&bvm=bv.44442042,d.dGI&psig=AFQjCNF4UtLbnPRZF8n2PK8XxgD2cg8Gdg&ust=13645983987244268/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
33/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Security and Compliance @ Barc Challenges:Unable to meet demands of auditors
Scale issues, hard to get data in, and impossible to get data out beyond
Not optimized for unplanned questions or historical searches
Struggled to comply with global internal and external mandates, and to Other SIEMs evaluated were poor at complex correlations, data enrichm
Enter Splunk: Stronger security and compliance posture Fines avoided as searches easily turned into visualizations for complian
Faster investigations, threat alerting, better risk measurement, enrichm
Scale and speed: Over 1 TB/day, 44 B events per min, 460 data sources, Other teams using Splunk for non-security use cases improves ROI
We hit our ROI targets immediately. Our regulators arethey say we need to demonstrate or prove the effectivcontrol, the only way we can do these things is with Sp
Stephen Gailey, Head of Security Services
33
Find In depth Customer Stories (R
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=rbdBFdo6wiL1uM&tbnid=x-Lb1s006kA6QM:&ved=0CAUQjRw&url=http://bachmanstudios.wordpress.com/2012/06/07/top-10-big-banking-financial-institution-logos-plus-their-meanings/&ei=qspUUZbyGIaEkwWOtID4Aw&bvm=bv.44442042,d.dGI&psig=AFQjCNHCpj-bcm-3Unxs-0mA61q3lpDLSg&ust=13645977991819138/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
34/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Find In-depth Customer Stories (R
34
Key Competitor Scorecar
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
35/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Key Competitor ScorecarThreat
2
2
3
3
Strengths Weakness
SIEM leaders quadrant
Largest installed base
RT correlation, lots of rules
100s of supported data sources
Complex, long impl
SIEM is separate log
Data exploration ne
Post-HP acquisition
minimal innovation, SIEM leaders quadrant
100s of supported data sources
SIEM portfolio includes network and app
monitoring products
New Big Data offering including Hadoop and
InfoSphere
Connectors are britt
Limited scalability
Difficult to create cu
SIEM is separate log
New offering is an u
SIEM of multiple p
SIEM leaders quadrant
SIEM portfolio includes network , DB, and app
monitoring products
Big push by McAfee since purchase
Poor track record of
Limited flexibility w
Difficult to create cu
SIEM is separate log SIEM leaders quadrant
Strong traction in compliance
Easy to use & deploy
Lots of out of the box content
SMB, not seen muc
Difficult to create cu
Security portfolio includes DLP and eGRC
Re-architected offering as RSA Security
Analytics incl Hadoop and rest of portfolio
New offering demos well
New offering is an u
SIEM of multiple p
Old version - Cumbe
scale issues, custom
3
35
Discovery Questions
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
36/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Discovery Questions
36
Objective Questions to A
Understand the customer use cases and problems so you
can position the right solution. Common Splunk use
cases include security investigation, forensics,correlations, advanced threat detection, fraud.
1. What is your security use case?
2. What are you looking at Splunk to help you
Understand what incumbent solutions they have and
what their pain is. Identify the entry points. Examples:
New to SIEM, Replacing a SIEM, Looking to augment a
SIEM, Need a data investigation tool.
1. What kinds of security technologies do you h
evaluate security threats?
2. What problems do you have that you cant a
solution?
Understand the customers security model and business
practice maturity. Use this to understand how they thinkabout security. Are they a check box customer or
building a comprehensive security practice.
1. What data source do you have that are used
2. What is the SLA for response to a threat in y
3. How many people do you have within your s
functions do they havesecurity analysts, se
Understand the importance the prospect places on out of
the box capabilities versus flexibility.
1. What value do you place on out of the repor
2. What value do you place on ad hoc reporting
3. How important is out of the box alerting and
flexibility to create your own alerts?
Problem / Solution Matrix
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
37/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Problem / Solution Matrix
37
Customer use case SolutiSplunk
Security forensics / investigations (highly capable customer)Security forensics / investigations (low capability customer)
Security reporting / visualizations
Event correlation and real-time alerting
Pre-built reports, dashboard, correlation rules
Incident workflow
Fraud Detection
Network Monitoring
Technology specific monitoring
Selling Best Practices
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
38/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Selling Best PracticesQualify/Discovery > First Meeting/Demo > Evaluation/PoC
If using Splunk for other use cases, leverage this and internal champion
Use discovery to uncover pain and determine offering(s) to sell
Do not be afraid if they already have a SIEM; often they are not happy w
Broaden deal beyond just security
Seed our points of differentiation and how we are more than a SIEM
Avoid PoC by using demo, refs, internal champions
At minimum, limited deployment of Enterprise for investigations/
But ideally also sell the App for Enterprise Security covering all dat
With Splunk success, limited deal can be extended and existing SIE
38
Key Learning Points Module
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
39/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Key Learning PointsModule
39
Broaden theScope
One Sooffe
We can replace aSIEM
All Machine Data is
security relevant
Look cross use case as
well as within Security
Understa
position S
alone or w
App for EPremium
We can replace an existing
SIEM
Understand the Use Case
Dont be afraid to compete
Module 5
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
40/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Module 5
40
How do you
price?
5 Pricing Examples
Splunk Enterprise
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
41/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Splunk EnterpriseAnnual or Perpetual
Splunk Enterprise
41
Splunk Enterprise Perpetual
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
42/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Splunk Enterprise Perpetual
Name Description Support How
Splunk
Enterprise
Perpetual
On-premise ENTERPRISE
SPLUNK that the
customer owns
perpetually (forever)
Enterprise Support ($)
SKU: ES-GB-P
20% of Net License
Global Support ($$)
SKU: GS-GB-P
25% of Net License
Annual Renewals: Support is
renewed to access new releases.
Daily
by am
index
period
42
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
43/49
Splunk App for Enterprise Secur
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
44/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Premium App Pricing Module
Splunk App for Enterprise Secur
44
Key Learning Points Module
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
45/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Key Learning Points Module
45
Security Data Iper
Perpetual or Term
Security is the use case.Splunk Enterprise is theproduct you sell. You canalso sell the Splunk App
for Enterprise Security orthe Splunk App for PCI.
Splunk En
licensed b
data inde
period. Omeasurem
in GB per
Splunk Enterprise can be
purchased as a Perpetual or
Annual license.
Internal Enablement
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
46/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Internal Enablement
46
Global Field Enablement PortalSecurity
Partner Enablement PortalSecurityOpportunity Playboo
Customer Facing Materials
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
47/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
Customer Facing Materials
Marketing Workspace | Content Search Splunk.comSecurity
47
Who Do I Contact?
8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
48/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
o o Co tact
Product Marketing Joe Goldberg, Senior Manager, all security/compliance
Mark Seward, Senior Director, all security/compliance
Product Management Jack Coates, Product Manager
Security Strategists: highly qualified, strategic/large accounts Fred Wilmot (team manager)
Global Field Enablement | Internal Training Deliverables
[email protected] School of Splunk: Field Onboarding (Sales, Technical)
School of Splunk: Field New Hire Training (Sales, Technical)
School of Splunk: Field Enablement Portal (Sales, Technical, Partner)
School of Splunk: Weekly Virtual (VEC) and Technical (TEC) Enablement Calls
48
mailto:[email protected]:[email protected]:[email protected]8/10/2019 Security - Baseline eLearning (PDF) - Oct 2013.pdf
49/49
Global Field Enablement - Copyright 2013 Splunk, Inc.
THANK Y