AWS re:Invent 2023
Building Digital Resilience with Unified Security and Observability Cop215

Title

AWS re:Invent 2023 - Building digital resilience with unified security and observability (COP215)

Summary

  • Speakers: Tony Pierce (Field CTO at Splunk) and Michael Guccia (Security Advisory Team Lead for North America at Splunk).
  • Splunk Acquisition: Splunk is being acquired by Cisco, expected to close in 2024.
  • Splunk's Mission: Focuses on data analytics and leveraging technology for various customer use cases.
  • Global Threat Landscape: Emphasizes the importance of resilient data systems for security and observability.
  • Technical Risk Radar: A tool used at MasterCard to show risks to global operations.
  • Splunk's Platform: Aims to bring data into a single platform for multiple uses, including security and observability.
  • Data as Digital Currency: Data should be an asset, not a liability.
  • Visibility and Resilience: Stresses the importance of visibility for defense and the ability to recover from attacks.
  • Strategic, Tactical, and Operational Approach: Framework for cybersecurity and resilience.
  • Operationalizing Technology: Products alone don't solve problems; effective operationalization does.
  • Integration and Automation: The need for integrated systems and the role of automation in addressing incidents.
  • Resiliency by Design: Security and resilience should be built into systems, not added as an afterthought.
  • Partnership Between CISO and CTO: Essential for understanding business-critical data and operations.
  • AWS and Splunk Partnership: Highlights the complementary nature of AWS and Splunk services.
  • Industry Use Cases: Heineken and Puma as examples of companies needing end-to-end visibility and quick issue resolution for business continuity.
  • Outcome-Based Approach: Focus on planning and achieving specific outcomes, not just implementing tools.
  • Resilience as a Collective Responsibility: Encourages breaking down silos and working together across departments.

Insights

  • Unified Security and Observability: The talk emphasizes the importance of integrating security and observability into a single platform to enhance resilience and streamline operations.
  • Data-Centric Approach: Splunk's strategy revolves around treating data as an asset and ensuring it is leveraged effectively across security and observability workloads.
  • Acquisition Impact: The upcoming acquisition of Splunk by Cisco is expected to strengthen their offerings but does not change Splunk's core mission focused on data.
  • Resilience in Practice: Real-world examples from Heineken and Puma illustrate the critical need for resilience in different industries and the financial impact of downtime.
  • Strategic Frameworks: The speakers advocate for strategic, tactical, and operational frameworks to guide cybersecurity efforts, suggesting a structured approach to resilience.
  • Operationalization Over Products: The talk suggests that the key to solving security problems lies in how technology is operationalized within an organization, rather than the products themselves.
  • Automation with Caution: While automation is crucial for handling the volume of security incidents, it must be implemented judiciously to avoid missing critical threats.
  • Cross-Departmental Collaboration: The speakers highlight the necessity of collaboration between CISOs, CTOs, and other departments to ensure comprehensive resilience and security.
  • Cloud Journey and Resilience: As companies move more workloads to the cloud, foundational visibility and optimization are crucial steps toward achieving resilience.
  • Resilience as an Ongoing Process: The journey to resilience is a marathon, not a sprint, requiring continuous effort and adaptation to evolving threats and business needs.
Building Cost Optimized Multi Tenant Saas Architectures Arc311Building Falcon Llm a Top Ranked Open Source Language Model Wps209