Accelerate the Time to Value of Your Splunk Enterprise Security Deployment
Jump start your Splunk Enterprise Security (ES) deployment with the Aliado Professional Services ES Implementation Success Offering, which enables you to use our team to help you quickly get up and running and accelerate your time to value (TTV).
Our experts have created this premium offering to support the rapid implementation of Splunk ES in your environment or in Splunk Cloud and increase your overall return on investment (ROI). You benefit from the vast experience of our team, who deploys and works with Splunk every day, and the best practices we have established that ensure ES is quickly optimized for your unique environment.
OFFERING HIGHLIGHTS
Solutions Architect designs plan around your needs
- Best-practice based Splunk installation
- Data onboarding of essential data sources
- Installation of Enterprise Security
- Prescriptive use cases implemented
Splunk Success Methodology
Leveraging the experience of thousands of Splunk deployments, the Splunk success methodology will quickly bring you to your desired outcomes.
- Assess & Design
- Implementation
- Outcome Development
- Evaluation of Success
- Expand Success
Prescriptive Outcomes
Aliado recommends certain data sources and use cases to get immediate value from Enterprise Security. This offering contains a foundational list of data sources and use cases to be used for security monitoring outcomes.
Security Use Case Discovery
Aliado, separately from the Implementation Success Offering, can optionally provide workshops designed to help you monitor and increase the effectiveness of your security posture. Our experts will help you identify and customize the security queries (use cases) that will provide the greatest added benefit to your security posture and align with your business needs and risk priorities.
HA/DR Options – ES Search Head Clustering (SHC)
For customers looking for more search capacity with their ES installation and have the hardware available for at least two (2) additional ES Search Head nodes. This option will provide for the planning and configuration tasks to deploy the Enterprise Security app in a search head cluster.
Note: If Splunk Cloud Deployment, “Splunk Enterprise Deployment” is replaced with Splunk Enterprise Cloud Config and On-Prem Forwarder Installation activities.
*Includes the alignment of our experts and are surrounded by the support of our talented Delivery Managers.
Offering
Designed for customers with more internal resources dedicated to the Splunk project. Internal Splunk Admins and Users will receive informal training from our Splunk Accredited Consultant and will complete tasks remaining after Splunk Professional Services finishes their work.
Included in Every Offering
Planning
- Workshop with a Solutions Architect to develop a plan for implementation
Installation
- Deploy Splunk Enterprise in your environment
- On-board seven or nine essential data sources
- Install Splunk Enterprise Security
- Deploy and optimize 7 (correlation searches) for your environment
- Optimizing out-of-the-box content
Training
- Providing remote over-the-shoulder training for your Splunk Admins
- Completing a walk-through of ES functionality for your staff
- Reviewing best practices for on-boarding data
- Reviewing best practices for creating correlation searches
Coordination
- A Delivery Manager tracks your path to success
Data Sources
To ensure Splunk ES can provide the insights you need to make faster and smarter security decisions, you need to ensure Splunk is getting data from critical systems throughout your environment. The ES Implementation Success Offering on-boards 7 essential data sources:
- Active Directory
- Windows or Linux servers log files (security/system/audit)
- Network Communication (Firewalls)
- DNS
- Endpoint Anti-Malware
- Mail (Exchange, Postfix, Cisco ESA)
- Web Proxy Request
Setting up Queries
There are certain things you should be looking for that indicate potential threats within your environment. Our team will customize seven unique correlation searches (use cases) designed to look for indications of malicious activity on your network. These queries are the foundation of a robust security monitoring program and are recommended, based on the data sources implemented in your environment. For example, they may look for:
- Brute force access detected
- Brute Force Access Detected over One Day
- High Volume Traffic from High/Critical Host Observed
- Host with Recurring Malware Infection
- Host with Multiple Infections
- Host with Old Infection or Potential ReInfection
- Threat Activity Detected
Optional Add Ons
There are additional service offering options available above and beyond the Premium Offering:
- Security Use Case Discovery
- ES Health Check
- ES Upgrades
- HA/DR Options – ES Search Head Clustering (SHC)
Target Customer Attributes
The Splunk Enterprise Security Implementation Success offering is for anyone who is interested in implementing a new or replacing their existing Security Event and Incident Management (SIEM). It is a best fit for those who have a dedicated security operations team.
Our services are backed by Splunk Accredited Consultants, Solutions Architects, and Delivery Managers. They leverage Splunk best practices and experience from thousands of Splunk deployments. We only exist to get customers to valuable outcomes with their machine data – faster than they could on their own.
Follow us on LinkedIn:
Contact Us: info@aliadosolutions.com