TheCube – Splunk .conf 2012 – Marquis Montgomery, CedarCrestone, with Jeff Kelly and Jeff Frick

TheCube is covering Splunk’s .conf2012 at the Cosmopolitan Hotel in Las Vegas, Nevada, hosted by Wikibon Analyst Jeff Kelly and SiliconANGLE’s Executive in Residence Jeff Frick.  They interviewed Marquis Montgomery,  Security Architect and Team Lead of the CedarCrestone Corporate Security Team, who discussed how Splunk helps them in keeping their clients safe and secure from hackers.

CedarCrestone’s main business is Oracle’s PeopleSoft hosting, where they do some consulting jobs as wells as host data in their servers, while keeping it up to date.  They are one of the largest integrated service providers for Oracle PeopleSoft, with over 700 environments hosted in their data center.  And when you’re talking about data that big, security issues follow, but Montgomery stated that’s why Splunk works great for them.

Frick then mentioned Splunk’s Mark Seward keynote, which discussed the key to good security is to think like a criminal, asking Montgomery how Splunk works in their favor with regards to online security.

“Thinking like a criminal is a module we use all over the security community,” Montgomery stated.  “Basically, you’re looking at the same stuff that hackers are looking at because that’s  where you’re going to find your weaknesses.  And a lot of times, if you look at just the big picture of things – you’re only looking at the perimeter or you’re only looking at the high level stuff that everybody catches, you’re missing the little details.  And these little details can actually hurt your security environment.

“One of the things that Splunk helps us do is aggregate all our different devices, all our different servers and then help us do some statistical analysis, bring out those things that we wouldn’t have been able to catch otherwise.  Because we have everything in one place, it makes it easy for us to search through and do things from a better wholistic approach.”

Another point of discussion was CedarCrestone’s approach to hacking, and how they deal with it in real-time in the sense that, when talking about real-time in an atomic level, there’s no such thing.  Montgomery states that his company does try to have perfect security all the time, but that’s just impossible, a fact they must accept.

The next best thing is “being able to respond effectively and quickly” when attacked.  And to be able to respond effectively and quickly, Montgomery states that you need to have that operational intelligence to know that something has happened and where it happened, so you know where you need to fix it.

This is where Splunk helps them the most.  Splunk gathers all their information so it would be easier for them to spot anomalies and point where the intrusion came from and how they could effectively deal with the attack.

Kelly also asked Montgomery why they decided to use Splunk and the answer was simple: Splunk’s flexibility allowed them to do what they want in their very complex world, unlike the others they’ve tried wherein they were met with countless limitations.

To learn more about the dynamics between Splunk and CedarCrestone, click here to view the full interview.