The massive reliance on Information Communications Technology in the modern world has seen

Transcription

1 Data Analytics The massive reliance on Information Communications Technology in the modern world has seen a technology convergence between networked computing, data centres, multi-media, mobile devices, industrial process controls and the Internet of Things. The intent behind the convergence has been to provide joined-up more effective and efficient services through sharing the data generated to optimize the individual parts operating as a whole entity. An equally important reason for convergence has been to provide user data patterns and profiles that can be analysed to enable the provider to manage and anticipate the user and network needs, and provide a better service as well as improve security across a non homogeneous network. All of these individual systems generate massive streams of data that are usually managed by applications dedicated to them, and were only ever intended to ensure that asset was operating efficiently or to tackle a specific issue such as security. These management applications themselves produce substantial machine data as part of their operation. As different technologies continue to converge, the number of sources of machine data, and hence the volume of the highly valuable data produced, grows exponentially. Unfortunately, in many circumstances much of that useful data goes unused because there is no solution in place that can take all of the disparate data sources, analyse what is provided and put it into a management information system that can show the operation and user trends of the whole entity.

2 What is Machine Data Machine data contains a definitive record of all activity and behavior of your customers, users, transactions, applications, servers, networks, factory machinery, etc. Machine Data is more than just logs. It's configuration data, data from APIs and message queues, change events, the output of diagnostic commands and call detail records, sensor data from remote equipment, and more. There are thousands of distinct machine data formats in the converged non homogeneous network. Analyzing these in a meaningful way is critical to diagnosing service problems, detecting sophisticated security threats, understanding the health of remote equipment and demonstrating compliance. Machine data comes from a variety of sources within the wider networking capability : Application Logs Most homegrown and packaged applications write local log files, often via logging frameworks like log4j or log4net, logging services built into application servers like WebLogic, WebSphere and JBoss, or.net, PHP, etc. These files are critical for day-to-day debugging of production applications by developers and application support. They're also often the best way to report on business and user activity and detect fraud scenarios, since they have all the details of transactions. When developers put timing information into their log events, they can also be used to monitor and report on application performance. Business Process Logs Complex events processing and business process management system logs are treasure troves of business and IT relevant data. These logs will generally include definitive records of customer activity across multiple channels such as the web, IVR / contact center or retail. They likely include records of customer purchases, account changes, and trouble reports. Combined with application, CDR and web logs, machine data can be used to implement full business activity monitoring.

3 Call Detail Records Call detail records (CDRs), charging data records, event data records are some of the names given to events logged by telecoms and network switches. CDRs contain useful details of the call or service that passed through the switch, such as the number making the call, the number receiving the call, call time, call duration, type of call, etc. As communications services move to Internet protocol-based services, this data is also be referred to as IPDRs, containing details such as IP address, port number, etc. The specs, formats and structure of these files vary enormously and keeping pace with all the permutations has traditionally been a challenge. Yet the data they contain is critical for billing, revenue assurance, customer assurance, partner settlements, marketing intelligence and more. Clickstream Data User activity on the Internet is captured in clickstream data. This provides insight into a user's website and web page activity. This information is valuable for usability analysis, marketing and general research. Formats for this data are non-standard and actions can be logged in multiple places, such as the web server, routers, proxy servers, ad servers, etc. Existing monitoring tools look at a partial view of the data, from a specific source. Existing web analytics and data warehouse products often sample the data, missing the complete view of behavior and provide no real-time analysis. Configuration Files There's no substitute for actual, active system configuration to understand how the infrastructure has been set up. Past configs are needed when debugging failures that occurred in the past and which may recur in the future. When configs change, it's important to know what changed and when, whether the change was authorized, and whether a successful attacker compromised the system to backdoors, time bombs or other latent threats.

4 Database Audit Logs and Tables Databases contain some of the most sensitive corporate data customer records, financial data, patient records and more. Audit records of all database queries are vital to have in order to understand who accessed or changed what data when. Database audit logs are also useful to understand how applications are using databases to optimize queries. Some databases log audit records to files, while others maintain audit tables accessible via SQL. File system Audit Logs The sensitive data that's not in databases is on file systems. In some industries such as healthcare, the biggest data leakage risk is consumer records on shared file systems. Different operating systems, third-party tools and storage technologies provide different options for auditing read access to sensitive data at the file system level. This audit data is a vital data source for monitoring and investigating access to sensitive data. Management and Logging APIs Increasingly vendors are exposing critical management data and log events through both standardized and proprietary APIs rather than by logging to files. Checkpoint firewalls log via the OPSEC Log Export API (OPSEC LEA). Virtualization vendors including VMware and Citrix expose configurations, logs and system status via their own APIs. Message Queues Message queuing technologies like JMS, RabbitMQ, and AquaLogic are used to pass data and tasks between service and application components on a publish/subscribe basis. Subscribing to these message queues is a good way to debug problems in complex applications you can see exactly what the next component down the chain received from the prior component. Separately, message queues are increasingly being used as the backbone of logging architectures for applications.

5 Operating System Metrics, Status and Diagnostic Commands Operating systems expose critical metrics like CPU and memory utilization, and status information using command-line utilities like ps and iostat on Unix and Linux and Performance Monitor on Windows. This data is usually harnessed by server monitoring tools and is potentially invaluable for troubleshooting, analyzing latent issue trends, and investigating security incidents. Packet / Flow Data Data generated by networks is processed using tools such as tcpdump and tcpflow, which generate pcap or flow data and other useful packet-level and session-level information. This information is necessary to handle performance degradation, timeouts, bottlenecks or suspicious activity that indicates that the network may be compromised or the object of a remote attack. SCADA Data Supervisory Control and Data Acquisition (SCADA) refers to a type of industrial control system (ICS) that gathers and analyzes real-time data from equipment in industries such as energy, transport, oil and gas, water and waste control. These systems produce significant quantities of data about the status, operation, utilization, and communication of components. This data can be used to identify trends, patterns, anomalies in the SCADA infrastructure and used to drive customer value. For example, smart grid meter data captured to enable customers to become better informed of their electricity use through tools, programs, and services targeted to help them save energy, money and reduce the environmental footprint. Sensor Data The growing network of sensor devices generate data based on monitoring environmental conditions, such as temperature, sound, pressure, power, water levels, etc. This data can have a wide range of practical applications if collected, aggregated, analyzed and acted upon. Examples include, water level monitoring, machine health monitoring and smart home monitoring.

6 Syslog Syslog from your routers, switches and network devices record the state of your network connections, failures of critical network components, performance and security threats. It's a standard for computer data logging. Tapping into this data means tapping into a wide variety of devices for troubleshooting, analysis, security auditing. Web Access Logs Web access logs report every request processed by a web server--what client IP it came from, what URL was requested, what the referring URL was, and data regarding the success or failure of the request. They're most commonly processed to produce web analytics reports for marketing daily counts of visitors, most requested pages, and the like. They can also be customized to include gems like a Session ID or custom HTTP headers. They're also invaluable as a starting point to investigate a user-reported problem, since the log of a failed request can establish the exact time of an error. Web logs are fairly standard and well structured. The only challenge is sheer volume with busy websites experiencing billions of hits a day as the norm. Web Proxy Logs Nearly all enterprises, service providers, institutions and Government organizations that provide employees, customers or guests with web access use some type of web proxy to control and monitor that access. Web proxies log every web request made by users through the proxy. They may include corporate usernames and URLs hit. These logs are critical to monitor and investigate "terms of service" abuses or corporate web usage policy and are also a vital component of effective monitoring and the investigation of data leakage.

7 Windows Events Windows stores rich information about an IT environment, usage patterns and security information. All is information is stored in Windows event logs application, security and system. These logs are critical to understanding the health of an organization and can help detect problems with business critical applications, security information and usage patterns. Wire Data Wire data is an authoritative record of all communication between systems and applications that occurs in the network. It contains critical information such as payload data, session information, status codes, transaction values, process times, errors, transaction traces, database queries, DNS lookups and records, protocol level information including headers, content and flow records and much more. By correlating wire data with other application and infrastructure data such as logs, metrics and events, IT admins can gain a complete view of availability, performance and usage of their services. IT Administrators can pinpoint root-cause, proactively monitor the performance and availability of individual technology silos, map dependencies of infrastructure to applications and trend performance to establish baselines. Wire data extends powerful insights to security teams for rapid incident investigations, more complete threat detection, supporting expanded monitoring and compliance. Wire data also captures user interactions and process insights for a deeper understanding of the user interactions, service levels and user experience to make informed decisions.

8 Splunk Enterprise Splunk Enterprise can monitor and analyze everything from clickstreams and transactions to network activity and call records; Splunk can turn all your machine data into valuable insights. Troubleshoot problems and investigate security incidents in minutes, not hours or days. Monitor your end-to-end infrastructure even in non homogeneous networks to avoid service degradation or outages. Gain real-time visibility into customer/user experience, transactions and behavior. Using Splunk Enterprise Collect and index any machine-generated data from virtually any source or location in real time. This includes data streaming from packaged and custom applications, application servers, web servers, databases, wire data from networks, virtual machines, telecoms equipment, operating systems, sensors, SCADA and much more. Just point Splunk Enterprise at your data and it will immediately start collecting and indexing so you can start searching and analyzing.

9 Collect Data From Remote Sources Splunk Forwarders deliver reliable, secure, real-time data collection from tens of thousands of sources. They can monitor local data sources applications, sensors, endpoint devices; collect the output of status commands on a schedule; grab performance metrics from virtual or nonvirtual sources; or watch the file system for configuration, permissions and attribute changes. Forwarders are centrally managed, lightweight and can be deployed quickly at no additional cost.

10 Correlate Complex Events With Splunk Enterprise, you can correlate complex events spanning many diverse data sources across your environment using many different formats. Types of correlations: Time-based correlations identify relationships based on time, proximity or distance Transaction-based correlations track a series of related events as a single transaction to measure duration, status or other analysis Sub-searches take the results of one search and use them in another Lookups correlate machine data with external data sources outside of Splunk Enterprise Joins support SQL-like inner and outer joins Correlating events enables richer analysis and insight from your machine data.

11 Enterprise- class Availability and Scale Splunk Enterprise scales to collect and index hundreds of terabytes of data per day. And because insights from your data are mission critical Splunk Enterprise clustering and multi-site clustering technology provides continuous availability. Whether it's a single server or a site that goes down, the critical insights you rely on from your machine data are still available. Automatic load balancing optimizes workloads and response times and provides built-in failover support. Out-of-the-box reporting and analytics capabilities deliver rapid insights from your data. A True Data Platform Whether your data lives in a traditional database or data warehouse, or Hadoop, Splunk Enterprise connects to all your data stores enabling you to combine machine data with other data and deliver more powerful insights. Splunk Enterprise is adaptable. With a library of over 500 apps ranging from integration through to productivity tools, it is possible to configure your enterprise solution to meet your needs.

12 Visibility from Datacenter to Cloud The Splunk Enterprise distributed architecture lets your searches and reports span multiple Splunk Enterprise deployments whether on premises at a single site or multiple sites, or in the cloud. With role-based access you can control how far a given user's search will span--wherever your data resides. Get the visibility and intelligence you need from your data, all from one place. Securely connecting your Splunk Enterprise installation takes just minutes, allowing you to design a manageable enterprise data fabric.

13 Provides Granular, Role- based Security Underlying everything Splunk Enterprise does is a robust security model, providing secure data handling, role-based access controls, auditability and assurance of data integrity. Every Splunk Enterprise transaction is authenticated, including user activities through the web user interface, command line interface and system activities through the Splunk Enterprise API. User roles and functionality by user type can easily be defined and integrated with LDAP-compliant directories like Microsoft Active Directory to adhere to enterprise-wide security policies and support single sign-on. Granular role-based access controls protect access to sensitive machine data.

14 A Platform for Enterprise Developers Developers are empowered with operational intelligence throughout the entire product development lifecycle, from monitoring code check-ins and build servers, to pinpointing production issues in real time and gaining valuable insights on application usage and user preferences. In addition to integrating any of the 500 plus existing apps the Splunk Web Framework means that developers can use the tools and languages they know--like JavaScript and Django--to build Splunk apps with custom dashboards, a flexible UI and custom data visualisations. SDKs for Java, JavaScript, C#, Python, PHP and Ruby enable rapid integration between Splunk Enterprise and other applications and systems to maximize the value of your data. Developing an app or integrating machine data insights from Splunk Enterprise is now like building any modern web application.

15 Support Splunk offers Community, Enterprise and Global Support Service Levels to ensure your success with Splunk and solve your problems quickly. Community support- Documentation, the community Wiki, Splunk Answers and IRC are available to anyone for answers to basic technical questions. These resources are always available to provide you with an immediate answer. Enterprise Support - Direct access to our Customer Support Team by phone and the ability to manage your cases online. Global Support - 24x7x365 support for critical issues, a dedicated resource to manage your account and quarterly review of your deployments. Full details of support levels, pricing and terms and conditions can be found in the attached Support Services documentation Training Splunk Education Services offers a number of classes, courses, programs and styles to fit just about any learning need. All of the Splunk Education Services offerings are designed for the adult to learn and combine just the right mix of technology background and hands-on exercises to keep the student on track, alert, and focused. The maximum amount of practical information is delivered in the shortest amount of time to keep your staff s downtime or out-of-office time to a minimum. We focus on the tasks required to implement, manage, develop and use Splunk, with the goal of helping your staff become self-sufficient and productive as quickly as possible. We provide a range of technical and end-user courses designed to help you understand common uses and be able to leverage the power of Splunk quickly and efficiently throughout your organization. Investing in education builds productivity, profitability and competence. We provide the learning building blocks required to successfully implement your system. Our training is role based with our curriculum designed in a particular sequence to build on subsequent concepts and develop your expertise in an organized, manageable fashion. Whatever your business model we have a flexible training solution to meet your needs.

16 Virtual: Instructor Led Public Classes The ability to take our training from a location of your choice virtually across the internet: from your office, home or any other location. We understand how adults learn and have taken virtual classes to the next level. We ensure that maximum concentration is kept during the 4.5hr/day classes with engaging instructors, interactive quizzes and comprehensive hands-on labs. Virtual: Instructor Led Dedicated Classes Rather than join the public schedule you can have a class dedicated to just your employees. These classes still run virtually with the convenience of being able to take the class from anywhere but with the added ability to be able to virtually converse with your colleagues and the instructor and focus the class on the needs of your organization. Classroom: Instructor Led Public Classes With classrooms in the UK and across the globe we offer regularly scheduled in-person training. These classes take you away from your daily office routine and immerse you into the world of Splunk. We create the ideal environment to get fast tracked knowledge of how to get the best from Splunk. Classroom: Dedicated Onsite Subject to sufficient numbers of attendees you can bring a Splunk instructor to your site. Allowing lively discussion amongst the attendees related to your specific company s use of Splunk. elearning: Self-Paced Learning The ability to take classes on demand at a time that is convenient for you. We have created some of our most popular classes and other niche topics as self-paced elearning. Custom Designed Solutions We can create custom curriculum to match your training requirements. This includes being able to customise and licence our material for rolling out Splunk education across your whole organization. Details of pricing for the different learning methods can be found in the attached pricing documentation.

17 User case scenarios Application Management Splunk Enterprise provides a better approach, enabling you to find and fix application problems faster to reduce downtime, gain end-to-end operational visibility of your key performance indicators. Resolve Problems Faster, Reduce Downtime Gain End-to-End Operational Visibility Gain User and Application Usage Insights IT Operations Management With Splunk you can turn silos of data into integrated, actionable information and operational insights. Gain end-to-end operational visibility across your virtualized, private or public cloud infrastructure from a single, central interface Correlate Events Across All Layers of Your Infrastructure Reduce Costs of Providing IT Services Security and Compliance Splunk is a Gartner Magic Quadrant Leader for Security Information and Event Management. Splunk delivers security analytics for: Advanced Threats Incident Response Beyond SIEM Compliance Resources

18 Business analytics Data architects, business analysts, developers and IT leaders are expanding the scope of business analytics to incorporate new data sources such as machine data. Leverage a new class of data for business analytics Enrich machine data with structured data for business context Gain real-time business insights Complement existing BI tools and other big data technologies Internet of Things Splunk software is a scalable and versatile platform for machine data generated by all of the devices, control systems, sensors, SCADA, networks, applications and end users connected by today's networks. Use Splunk to collect, index and harness the power of the machine data generated by connected devices deployed on your local network or around the world. Use cases include: Sensor Data Insights Improve Energy Efficiency Medical Informatics Enable Connected Healthcare Telematics Data Enhances Transportation Safety and Fuel Efficiency Industrial Systems data Pricing Pricing is Based volumes starting at 1gb over 12 months. A standard Splunk Enterprise deployment for a licence for 1gb over 12 months would be VAT full details are available in the attached pricing documents. Free Splunk Splunk Enterprise is available as a free download from Try it first on your laptop before deploying it to your datacenter or cloud environment. Or try our free online sandbox - your personal online environment. Either way, you'll be up and running with an easy-to-use web interface and powerful enterprise platform for analyzing your machine data.

19 Splunk Cloud Splunk Cloud is a cloud based version of the enterprise product. Splunk Cloud has been running in the US since February 2013, and is now introduced in Europe on Amazon AWS infrastructure meeting EU data protection rules. Splunk Cloud will be offered by Splunk in later versions of the G-Cloud Digital Marketplace. Splunk Cloud will allow the customer to migrate from an enterprise version to a cloud based version at their own pace, or to create a hybrid of enterprise and cloud. Like Splunk Enterprise, Splunk Cloud is an enterprise-ready cloud service that enables you to collect, search, monitor and analyze all your machine data, all in one place enabling high levels of operational intelligence to support management and operations. Hosted on AWS, Splunk Cloud is architected for % uptime, virtually unlimited scalability, flexibility and performance, and the highest levels of security, Splunk Cloud has all the features of Splunk Enterprise, plus the library of more than 500 Apps are available as a cloud service. Should a customer require it, Splunk can offer hosting instances of Splunk Cloud with specialist UK Government cloud service providers who have an appropriate IAL level. Splunk offers a free online sandbox to allow you to experience Splunk Cloud for yourself. Available at Splunk Cloud is backed by a % uptime SLA, scales from 5GB/day to 5TB/day, and maintains the highest levels of data security.

20 Service Level Agreements Splunk Cloud is backed by a % uptime SLA and it's the only machine data analytics service to do so. It is achieved by: Built-in HA and redundancy in a single-tenant cloud architecture Delivering dedicated cloud environments to each customer and avoiding the system-wide outages experienced by other machine data analytics services Using Splunk software to monitor the Splunk Cloud service - this is why we're the only machine-data analytics service to offer a % uptime SLA Compliance For Compliance Attestations Splunk Cloud in the EU is third party evaluated by Ernst & Young and PricewaterhouseCoopers. SOC 1Type 1 achieved, and SOC 2 Type 2 due in Q Enterprise scalability, flexibility and performance Whether you have data needs for volumes of 5GB/day or 5TB/day, Splunk Cloud is able to scale to meet your needs. Dedicated cloud environment, performance never impacted by the actions of another customer; Service plans ranging from 5GB/day to 5TB/day; Up to 10x bursting over licensed data volumes- handled automatically, with no effort required on your part. 10x bursting refers to Splunk Cloud infrastructure's technical ability to temporarily accommodate unexpected expansion of indexing volume up to 10 times the licensed amount, as verified in internal testing on 100GB/day plans.

21 Enterprise- class security Your security is our highest priority. Splunk Cloud delivers the highest levels of data security by provisioning isolated environments for each customer. Your environment belongs only to you and your data will never be co-mingled with data from another customer All Splunk Cloud instances run in a default Virtual Private Cloud (VPC), ensuring all data transmitted to and within Splunk Cloud is isolated from all other AWS traffic SSL encryption for data in transit AES 256-bit encryption for data at rest Continuous monitoring from the Splunk Cloud Network Operations Centre Customer instances hardened to industry standards latest stable OS and packages Regular scanning for host/application level threats Data protection and resilience Splunk data is held in an AWS solution in data centres in the EEA in Dublin and Frankfurt which comply with European data protection rules, with Elastic Cloud Computing (EC2) and Simple Storage Systems (S3) at the equivalent of Runtime Institute or TIA 942 tier 4. All instances in the Splunk Cloud run in a default Virtual Private Cloud ensuring that all data transmitted to and within the Splunk Cloud is isolated from other AWS traffic. Access to the Splunk Cloud infrastructure is restricted to key personnel and is based on the least privilege model. Operations staff has access to only what is required to perform their roles within the Splunk Cloud. Access to the Splunk Cloud Management Console is granted only through the use of multi-factor authentication and the Splunk Cloud Single Sign-on-Portal. For storage considerations, Splunk Cloud pricing includes sufficient storage to support 90-day retention of licensed daily index volume. Retention and storage of additional data resulted from unexpected bursting is not included in our standard service.

22 Comprehensive SaaS Platform for Operational Intelligence Splunk Cloud offers the flexibility to migrate to the cloud as your own pace where it delivers all the features of award-winning Splunk Enterprise. It also enables access to over 500 apps covering Application management, Security and compliance, IT operations management, Business analytics, Utilities including integration apps for PDF, MS Windows and Office and over 100 apps to integrate with a range of common desktop and multimedia applications such as Google Maps, Twitter, You Tube and weather feed services.

23 Full feature set of Splunk Enterprise Splunk Cloud delivers all the features of award-winning Splunk Enterprise, enabling you to: Troubleshoot problems and security incidents in minutes, not hours or days Monitor your end-to-end infrastructure to avoid service degradation or outages Gain operational intelligence with real-time visibility and critical insights into customer experience, transactions and other key business metrics Access to over 500 Apps and Developer Platform Splunk Cloud offers access to over 500 Splunk Apps, including the Splunk App for Enterprise Security, Splunk App for VMware and the Splunk Apps for AWS. Leverage Splunk Apps to extend the power of Splunk Cloud Get immediate value from your data with out-of-the-box, customizable alerts, reports and dashboards Enjoy access to full platform support, including all our APIs and SDKs Migrate to the Cloud, at your own pace Ultimately, it's your choice, which is why you can choose SaaS or self-managed software deployments according to your business requirements - without sacrificing single-pane-of-glass visibility. You can seamlessly use Splunk Cloud alongside a Splunk Enterprise deployment and maintain a single, centralized view across all of your machine data. You get the flexibility you need at the pace that works for your business.

24 Splunk Cloud service and customer satisfaction With the SLA, support and training coupled with scalability and Enterprise class security Splunk is able to offer high levels of service and already has a number of UK government customers who currently use Splunk Enterprise. "Splunk Cloud has widened our user base. Our operations folks use Splunk, our application people use Splunk and our security people use Splunk. Splunk Cloud gives you applications that let you get a huge amount of value from your data." "The Splunk Cloud service is awesome, but that is just part of the equation. The human aspect - including the Splunk Staff, the large community help forums, and well-organized knowledge center - made it easy for us to solve any problem that we encountered and helped us achieve our vision for the project." "Splunk Cloud saved us weeks to months of development time. We estimate a 60-70% reduction in production issue troubleshooting time." "The flexibility of analytics from Splunk Cloud helps us track and alert marketing performance while also understanding gaming user behavior to optimize their experience. Splunk Cloud has been outstanding in supporting the needs of IT and business users at Funtomic."

25 Pricing Splunk Cloud was established in the US in February 2013 and in January 2015 first became available in the UK on EEA based infrastructure. The pricing model is similar to Splunk Enterprise, based on a subscription model of volume of data from 5GB/day with the ability to scale to 5TB/day, billed annually. Pricing for Splunk Cloud is not included in this service description and will be placed in subsequent versions of G Cloud Marketplace. Splunk Apps If your organization doesn t have the time or resources to use the Software Development Kit (SDK) and APIs there are over 500 apps available for Splunk for a range of purposes such as integration to MS Office or VMware. These apps work with Enterprise and Splunk Cloud. Some apps are available free and some apps must be purchased and added to the instance of Splunk. Pricing for Premium Apps listed below can be found in the pricing documentation. Splunk Enterprise (Operational Intelligence) Splunk Enterprise Is included in the initial deployment of Splunk. It is a highly versatile and scalable data engine for the machine data generated by your IT infrastructure. It collects, indexes and harnesses live data generated from virtually any source, format or location including your packaged and custom applications, app servers, web servers, databases, networks, virtual machines, hypervisors, operating systems and more without requiring custom parsers, adapters or a database on the backend. Use Splunk to gain operational visibility into the layers of your environment. Turn the silos of machine data generated in your datacenter into integrated and actionable information. Reduce your mean-time-to-investigate (MTTI) and mean-time-to- recovery (MTTR) and keep your critical services running. Find and fix problems faster than ever before.

26 Splunk App for Enterprise Security The Splunk App for Enterprise Security helps customers identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the analytics enabled security operation. Situational awareness dashboards give custom views of risk per domain, asset, or identity; Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities; Analysis centers provide indicators of unknown threats from traffic abnormalities; Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity; Statistical outlier detection tools aid anomaly detection; Unified Threat Intelligence from many sources; Data inputs provided for NetFlow, logs, RDBMS, APIs, & more. Splunk App for Microsoft Exchange Service-centric Visibility and Analytics for your MS Exchange Infrastructure and Beyond services are critical to the daily operations of your organization. Any service disruption can be catastrophic and can damage your company's reputation, impair customer communications and lead to lost orders or worse. Gain real-time visibility into your service health and performance across the entire messaging infrastructure, including diverse message delivery components and the supporting infrastructure. Gain comprehensive operational analytics for resource planning, capacity forecasting, security intelligence and user behavior. The Splunk App for Microsoft Exchange helps you to: Easily identify and correlate performance, health and security events using prebuilt dashboards and reports of the entire service; Keep track of user behaviors, identify potential issues or possible bottlenecks--and take proactive measures to prevent them; Correlate messaging infrastructure data with disparate data from across the IT infrastructure (Windows, AD, Linux, network devices and more); Scale to handle the largest of deployments; Splunk software has proven itself in some of the largest Exchange-based services.

27 Splunk App for VMWare The Splunk App for VMware provides deep operational visibility into granular performance metrics, logs, tasks and events and topology from hosts, virtual machines and virtual centers. It empowers administrators with an accurate real-time picture of the health of the environment, proactively identifying performance and capacity bottlenecks. The latest release of the Splunk App for VMware provides enhanced visibility into the storage tier including built-in correlation and direct drill-downs into NetApp Data ONTAP storage systems. The results are holistic visibility, comprehensive analytics and faster problem resolution. Splunk App for PCI Compliance The Splunk App for PCI Compliance is a Splunk-developed app that supports the data collection, continuous monitoring, and alerting requirements of the PCI Data Security Standard. Hunk : Splunk Analytics for Hadoop and NoSQL Data Stores Whether you're using Hadoop or NoSQL data stores, getting value and insights out of your data is difficult. Traditional analytics tools aren't designed for the diversity and size of big data sets. And your data is becoming too big to move to separate in-memory analytics stores. In short, gaining meaningful insight can often take months and require specialized skills. Hunk goes beyond typical data analysis methods and gives you the power to explore, analyze and visualize data, all from one integrated platform that you can use in minutes, not months. With Hunk, you can manage risks, achieve more comprehensive security for modern threats, and inform product management and quality assurance. Detect patterns and find anomalies across terabytes or petabytes of raw data without fixed schemas, specialized resources or moving data to a separate in-memory store. Hunk works on Apache Hadoop and most major Hadoop distributions including first-generation MapReduce and YARN. Using Hunk apps available at Splunk Apps, connect Hunk to NoSQL and other data stores such as Apache Accumulo, Apache Cassandra, MongoDB and Neo4j.

28 About Splunk Inc. Our customers Since first shipping its software in 2006 splunk has now over 8400 customers in 100 countries. These organisations are using Splunk software to improve service levels, reduce operational costs, mitigate security risks, enable compliance, enhance DevOps collaboration and create new product and service offerings. With Splunk they have been able to break down traditional data silos and achieve new levels of operational intelligence and gain insights that benefit IT and business users. Often our customers have a particular data issue they need to address but we frequently find that they discover the applicability of Splunk allows them to widen the purposes that they initially intended to use Splunk. Our UK Government client list includes: University and College Admissions Services (UCAS) Office for National Statistics (ONS) National Health Service England Office of Gas and Electricity Markets (OfGEM) Ministry of Defence (MoD) Transport for London (TfL) Metropolitan Police Department of Work and Pensions (DWP) Office of the Prime Minister Her Majesties Revenue and Customs (HMRC) Our company Splunk is headquartered in San Francisco and has over 1300 employees world wide. We have 144 employees in the UK, and the EMEA regional office is in Paddington, London. Publicly traded on NASDAQ: SPLK

29 Milestones 2006: Splunk 1, Splunk 2; 150 customers 2007: Splunk 3; 350 customers 2008: APAC and EMEA expansion; 900 customers 2009: Splunk 4; 1,000 customers 2010: Splunk 4.1; First Worldwide Users Conference; 2,000 customers 2011: Splunk 4.2; Seattle R&D office; over 3,000 customers 2012: Splunk Enterprise 5; over 4,800 customers 2013: Splunk Enterprise 6; Hunk: Splunk Analytics for Hadoop Strategic Partners Technology Partners: Blue Coat, Cisco, Citrix, F5 Networks, Palo Alto Networks, Sendmail, VMware