Hello!
Every year at SplunkLive! Zurich, IT experts from various industries come together to learn how to gain an advantage by analyzing their machine data, exchange ideas, and connect with their peers within the IT community.
This year we had five organizations from different industries with many different use cases demonstrating what’s possible with machine data. We were lucky to hear how Raiffeisen Schweiz, Swisscom, SBB and SIX Payments have all progressed their unique data journeys.
Raiffeisen Schweiz
Simon Züst, Head of Fraud Detection & Mobile Apps is responsible for a team of seven, developing the threat detection system for E-banking, technical fraud investigations, security architecture as well as developing mobile apps. Simon covered the threat landscape in E-Banking, discussing the three main attack points and deep diving into the Retefe Banking Trojan techniques. From there he moved to explain the use cases for log-based detection, their situation before Splunk and their journey from centralized log search for investigations to near real-time fraud detection and escalations into their banking fraud systems to protect their customers.
Swisscom
Michael Studer, DevOps Engineer, works in a small team who manages the Swisscom Product “Internet Booster”. Michael described the story behind the new innovative free service to compensate low broadband network speed for customers in the countryside and the story behind their Splunk dashboards. From BI Technology they know how many subscribers they have, and how many products they delivered but they had no visibility as to how many customers actually installed and are using the service. With Splunk, they built an end-to-end dashboard and broke down all steps into milestones. To gain that crucial visibility they had to collect data from many different systems involved, including Home Device Management, the User Accounting Database and more in a complex IT environment. Michael’s team haven’t stopped with just monitoring, they now provide Marketing Dashboards, Insights for customer care services whilst using Splunk for “green IT” - monitoring when a customer is no longer using the service, requesting the equipment back and recycling it.
SBB
Ursula Bühlmann, Service Delivery Manager Monitoring, presented together with Erwin Jud, Senior Security Engineer on Business Service- and Security Monitoring. Last year they attended SplunkLive! Zurich as visitors to learn what Splunk can offer, they got inspired from other customers, breakouts in the afternoon and a year later they were on stage to present their own work. Ursula shared how they planned and approached their journey to establish horizontal transparency and visibility across Rail, Network and Security as well as Applications, Platforms and IT Infrastructure by breaking down silos. The team have gone from whiteboard sessions, to selecting a business service for proof of value (ELAZ - SBB’s electronic assistant for employees on trains for pass controls, train schedule information, sell tickets etc.) doing a service decomposition workshop to data-onboarding and building two sets of glass tables in Splunk IT-Service Intelligence. Erwin Jud, from the Security Team from Telecom SBB, gave an overview from three years ago on OCT Security and today - From a centralized syslog log server to building the SOC Microcosm.
SIX
The team from SIX, shared how they are utilizing Machine Data and Splunk IT Service Intelligence to monitor their most critical company services. Thomas, Senior Business Engineer, explained how cashless payments work, involved parties, the payment authorization process to payment settlement and the challenges they faced with their in-house developed monitoring tool. He explained what traditional monitoring tools offer, what can be accomplished by just using Splunk Enterprise and then moved into the uniqueness that ITSI brings to their organization for real time service monitoring allowing to manage dependencies and rely on adaptive thresholds for KPI’s.
Thanks a lot to all the speakers and Splunk enthusiasts for spending a day with our Switzerland team - we look forward to seeing you again next year!
Best
Matthias
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.