Copper River ES, a strategic partner for Splunk public sector, is working with a large federal agency that has restructured their NOC and SOC organizations into a single unified entity as part of operational optimization.  The agency is responsible for protecting IP and other assets totaling $4.3 trillion as part of safeguarding the nation’s food supply chain.   The goal was to enhance the ability to handle problem escalations quickly and improve communications between teams. They are currently ingesting more than 3TB daily across 65 data sources where Splunk is leveraged as an integrated data platform and framework service to act as a nerve center for the combined NOC and SOC teams. Implementation has resulted in dramatically reducing MTTD to an average of less than 30 min compared to previous times of up to 12 hours, MTTR times from 16 hours to often less than 1 with overall outage times having now been reduced by about 68%. From a security perspective, it is used to identify data exfiltration and insider threats, as well as for security operations and compliance.  Increasing visibility into all aspects of system operations and troubleshooting efforts is now supported through a series of custom Splunk App’s, glass tables, reports and alerts with operational guides and training to best leverage the capabilities Splunk has generated.

Speaker(s)
Sandy Voellinger, Copper River Enterprise Services

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1921.pdf?podcast=1577146234