It’s Time for Data Contact Tracing

Posted on in Presentations

The attack on SolarWinds software is a reminder: eventually your data will likely be compromised. The ability to trace all contact with sensitive data is vital. Contact tracing is an epidemiological technique- when applied digitally, it can be a powerful security tool. Splunk CEO Doug Merritt will share how Data Contact Tracing can help identify breaches sooner and remediate them more effectively.

Video Transcript

- Hi, I'm Doug Merritt, president and CEO of Splunk, the creators of the data to everything platform. 2020 pushed our society to new limits, with the pandemic presenting challenges that none of us had seen before. Now that we're well over a year in, we're able to spot a few lessons learned. And one takeaway is clear. Data is central to solving the world's toughest problems. Whether through contact tracing for COVID or unwinding mass scale cybersecurity attacks data has been central to providing the answers that we needed this year. And coupled with this realization as we look ahead, it has never been more clear that security is a data problem. Before I get into how your organization is gonna navigate this, I wanna talk about one way this data problem is manifesting itself. If you're like thousands of leaders and teams that we talked to, I'd imagine that right now you're feeling the weight of the anxiety of whether you've gathered and are working with a complete set of the facts that describe your landscape. You recognize that there is a high potential for your source data to suffer from poor integrity and authenticity. And frankly, you're likely feeling exhausted from trying to keep up with the ever growing volume of data sources. Among my fellow CEOs, we're constantly talking about the climate of misinformation that we're living in. But the truth lying in different areas that need to be pieced together like a complex puzzle. This complexity is the number one challenge your CISOs and SOC teams are addressing. They have so many data sources and end points and now whole hosts of other control points that they're securing usually with no standard way of understand the efficacy or integrity of that data. And again, the impacts are clear, a high level of what I call data anxiety and fear around the integrity of the data itself all while your people are tired. Some of you have talked with me over the years about this and you know that I applaud innovations like blockchain to progress data integrity. I'm going to continue to champion those efforts because the search for truth is important to Splunk and to me personally. Data is the foundation of insight and we must be able to trust our foundations. I believe that the search for truth through data made valuable by analytics is the only remedy for the anxiety that we're feeling. With that, I'm here to talk about what you can do starting today as your teams navigate decision-making within such a complex security landscape. When we experience a cyber attack whether motivated by politics, money or street cred, the victims always ask themselves what led to our data being accessed, which data and always when and why? No attack is ever without fingerprints to answer such questions. The ability to find fingerprints and traces of threats within data is what separates the innovators from the followers. If you take the same approach as we did for contact tracing for COVID-19, you can imagine the results that you could reach for your business. You could shrink dwell times, you could stamp out major threats. You could fundamentally change the game. To achieve this your organization needs to take a different approach to security beginning today. It's not just about having the right data. You have to marshal the most effective use of your data to help prioritize, analyze and achieve the best security outcomes. I've witnessed incredible results from organizations going all in with their data. For example, when the pandemic hit the University of Arizona put its data-driven philosophy to the test to securely move 60,000 students, faculty and staff off campus. To do that the university unified data from its VPN, Single sign-on systems, wireless networks and zoom traffic all on one analytics platform. It did this for better security and performance. This ultimately enabled the University of Arizona to take actions based on actual data rather than relying on assumptions. Another company has gone all in with its data is Intel. Intel's InfoSec team created a comprehensive defense in depth strategy built on a unified data foundation. The team leaned on Intel's data to automate prevention and detection tools across one of the most advanced enterprises on the planet. This included perimeter, network, endpoints, applications and the data layer itself. So they could handle 99% of threats targeting Intel's environment. As Brent Conran, Intel's CISO told us, this was a force multiplier for their cyberintelligence. Recent security events like the SolarWind supply chain attack hammered home how important it is for you to have access to all the data we needed the most. And advance analytics capabilities that deliver intelligence for your teams to prioritize incidents. In other words, you need the ability to trace for answers across a massive amount of data while also responding faster. That rapid response requires streamlining existing security operations particularly through automation and security analytics, of course, all driven by machine learning. And finally you need end to end integration to not only centralize your data for analysis on the front end, but to orchestrate a response on the trailing end. So your teams can act as quickly as possible. So let's start with this first point on access analytics. Executives often ask me, "All right, what kind of data is the right data to use?" And I respond, "All data". I know that sounds self-serving coming from a big data platform and security solutions company but it's actually true. All data is security relevant. Having access to all of your data and making efficient use of it is fundamental to prioritizing and solving your security challenges. Now you might be cringing at the idea of even more data. I get it, I know that every one of your SOCs are overwhelmed and most of your security analysts workflows are fragmented. Splunk is getting ready to launch our inaugural State of Security Report. And when I read some of our findings related to this growing complexity, there are a few stats that would make sense to preview here. One, 76% of security leaders say that remote workers are harder to secure, kind of makes sense. But two, 78% of companies expect another SolarWind style supply chain attack, 78%. Your team has already seen the new challenges that keep emerging that will only continue from here. The only way to navigate this complex threat landscape is to go all in on your data. Your SOC teams need to collect data from across silos and correlate for true visibility and insight. Next, you need streamlined security operations particularly through automation and security analytics. Let's start by acknowledging that we're all making some progress. The security firm, Mandiant, has found that the global median dwell time or the number of days an attacker remains undetected in the victim's network has been dropping. Some great news, from 78 days in 2018 to 56 days in 2019 down to 17 days in 2020. Now that progress is good, of course, but there is no way, no way that anyone out there can feel good about 17 days of dwell time. 17 days, that's more than 24,000 minutes, 24,000 minutes where an adversary sits undetected. When we all know that it takes fewer than five of those minutes for an adversary to act. Your organization can do better. Data fueled automation and security analytics driven machine learning help your teams automate as much as possible. So those teams can then act on the bigger priorities that matter while detecting threats far more rapidly. That's why the majority of conversations I have with customers today start with questions about further implementing automation or machine learning. I know that establishing a framework around this works because I've seen it in action. Splunk's own CISO and our global security team have taken this approach to look at all of our data from across the organization, nearly 7,000 Splunkers around the world, to identify our priority areas for security. We went all in on our own data and then we identify where to prioritize. What Splunk's own security team has also proven is that implementing zero trust does not have to be a build from scratch exercise. It can actually start as a remodel. There are so many learnings sitting in your current environment and that's exactly why you wanna go all in to capture your data. Rebuilding a zero trust framework from the ground up might sound great but the majority of these clean sheet exercises fail to deliver. While your current environment can be messy there are years of lessons learned and all of those u-turns and dead ends that cyber teams have had to make to get the job done. Unearthing that wisdom comes from bringing data from the dark into the light. Splunk's development team by the way also follow this philosophy. For the past four years, we've been rearchitecting our platform and solutions to be cloud first. To do this we've been driving continual, deconstruct-reconstruct exercises versus building from scratch. Our own biology and billions of years of evolution have shown us that our world is emergent, always evolving. Mother nature runs infinite, simultaneous experiments with really strong feedback loops. Partner with a company and a set of technologies that understands and follows this framework. Take the time to play with and learn from the past and then remodel your SOC rather than tearing it down completely. Last, with the right technologies and techniques you can improve the trajectory of your teams' security insights and those incredibly valuable aha moments. How? Like so many things in life, we're all better when we work together. Look around the virtual floor of this RSA conference and you'll see so many innovative tools and solutions to solve distinct problems. None of that matters if there's no integration or sharing of data across these on-prem cloud and hybrid cloud tools. Closed ecosystems have failed the industry time and time again. They're simply not the answer. You need to tap a thriving and open ecosystem of partners and community members to reduce integration complexity and get more value from your data. Now I know who I'm talking to, you're like me and you're always looking for the best of breed. Best of breed security tools are important. Given the complexity of our cyber environment, we by default use lots of tools. Splunk is right there with them as the best of breed data layer, period. We have a strong product and technology team of more than 2000 people who focus 24/7 on data tools, data solutions and the machine learning that bring them all to life. An ecosystem of hundreds of thousands of people who compliment what the full-time Splunk team is driving. When we define what we wanted to see in an inclusive environment, our mantra from day one focused on building a broad and open platform. Unlike the deep and narrow solutions that we saw in the market. Organizations like yours have put their trust in point solutions that as by-product leave you as silos of data and subsequently less than desirable outcomes. Compliment that activity with a best of breed data layer. Whether it's addressing a global pandemic or attacking the latest cyber crime data holds the answers to life's most challenging moments. And again, data based decision making is what separates the innovators from the followers. So let me leave you with an example that brings these best practices together. Collaboration tightened Slack creates an environment where remote workers can organize information and conversations around data. Every day more than 12 million active users within 750,000 organizations rely on Slack as our collaboration hub to bring people information and tools together. When the pandemic hit Slack needed to transition its own employees to remote work while also continuing to provide a secure enterprise grade service to its booming user base. Using one unified platform to power did driven decision-making, Slack has seamlessly transition to remote work operating under a zero trust network. And because we're living in the area of hybrid and multi-cloud environments, Slack verifies it security using visibility into all activity across all of its many cloud services. To wrap things up, I'd like to applaud the global community's work on contact tracing for COVID 19 and more. It's been a long year but the healthcare and broader community showed that the more data we have, the better decisions and actions we deliver. Time is a precious commodity, maximize it by bringing data and analytics, streamlined operations and an open ecosystem together to drive faster more informed results for your business.

Doug Merritt


President and CEO, Splunk

Share With Your Community