Bringing Data to COVID-19

My Post (15).pngData junkies like me know that data is going to be essential to both containing the spread of the novel coronavirus and to finding an eventual vaccine. While the world is working together to stop the spread, improve treatment outcomes, and protect the most vulnerable populations, data will serve many purposes. It will help leaders implement measures to slow the virus’ spread, it will help the public respond based on what we know makes a difference, and encourage us all to not give in to panic and fear. And that’s why Splunk is bringing data to this current crisis.

Splunk for Good, our social impact arm, has built a publicly available interactive Splunk COVID-19 Dashboard that any individual or organization can view without any installation necessary. We’ve also provided an application that an individual or organization can download, populate with their own data, and use it to help get a better understanding of the data behind the pandemic. How can you get started? Download the app from Github and add your own visualizations or data that you think might be interesting.

While we will continue to expand our app and add features, we understand that others have their own ideas of how to visualize this data. Feel free to clone this app and create your own version, or get in touch with us at to collaborate and submit data and visualizations that you think others may find useful in the publicly available app.

Interactive Splunk dashboard. Explore the data here.

Our goal with the Splunk COVID-19 Dashboard is to help leaders bring data to every potential response to best ensure public safety. Already, we’ve seen community-driven work from the likes of Prudential, Herc Rentals, Accenture, and our own Global Security team. With this public resource, we hope to see other partners emerge to develop additional interactive dashboards that will help analyze the data behind this coronavirus, contribute subject matter expertise on infectious diseases, and bring forward additional interesting research, ideas, and suggestions.

Partners including Herc Rentals are using Splunk TV to inform their response to COVID-19.

For example, a Splunk champion at the UK’s National Health Service built this dashboard to pull in UK information. This now makes it possible to track cases at a local level that help organizations understand data trends in a very granular way. This was done as a personal project by a curious technologist who wanted to understand how data can help us see COVID-19 differently.  – Read more

Learn more About Splunk

The Hitchhiker’s Guide to the “Work from Home” Monitoring Galaxy

My Post (9).pngIn these times of remote teamwork, the pressure on IT teams is at its peak. So how can you ensure teams function well and conditions are good when working remotely? How do you ensure that the IT Ops teams can support the business as per usual? VPN, office suite, critical applications, videoconference, etc. The list of priorities change, new business apps need to be added while your kids and their endless energy become your face to face office colleagues. 🙂

According to Atlas VPN user data, VPN usage has increased in almost every single country in March (+112% in Italy, +53% in the United States but estimated to increase over 150% by the end of April) and this has a direct impact as many enterprises have to support multiple network and security technologies stressing VPN concentrators, DHCP servers, the number of SSL sockets, etc.

As the need for collaborative tools also explodes, more and more companies tend to make some changes in security to meet VPN demand such as using split tunneling for example.

The objective of this blog is not to go into very technical details but rather to help (at my humble level, but with the help of some colleagues) our customers by pointing to certain tools and practices to cope with an increase in remote work needs, not only to absorb internal demand but also to allow IT operations teams to work more easily remotely (someone said “distributed NOC”?).

Here are the main questions we will be addressing:

  • How do I collect the relevant data to monitor all systems’ smooth operation for remote workers?
  • Where in my environment is the next bottleneck coming up?
  • How can I share the big picture within my (remote) IT Operations team?
  • How can I take action when I’m not at my wall of screens in the NOC?

Get Data In to avoid blindness

Naturally, you are already monitoring your network, your VPN, endpoints, etc … but not that long ago, it wasn’t strictly necessary to supervise in-depths details such as access to certain applications in the cloud. At the end of this blog, you’ll find a (long) list of applications and other sources of information (from our Splunkbase, or Splunk Answers, even a fresh new add-on created by my fellow colleague Matthias Maier…)  that should set you up to onboard data more quickly and easily as well as monitor usage and issues.

You don’t have time to look at such a long list? Don’t despair, Splunk created a dedicated webpage listing Splunkbase Solutions for Remote Work. Our CTO, Tim Tully, and his team created Remote Work Insights (RWI), a solution composed of technical add-ons, dashboards, and connectors delivering real-time visibility across multiple disparate systems (VPN, Okta, Zoom…). RWI is available to any organization and includes free Splunk resources to understand your distributed workforce (and we made sure the dashboards in RWI rendered well in the Splunk mobile app as well).

More pressure on remote access = more risks

To save VPN resources or control costs (especially in high bandwidth consuming applications like videoconferencing), or just deal with the lack of transport services in specific areas of the country, more and more companies are changing their remote access approach by adopting split tunneling. Microsoft has posted an interesting blog on “How to quickly optimize Office 365 traffic for remote staff & reduce the load on your infrastructure“ where they recommend the use of split tunneling. This phenomenon becomes a troubleshooting challenge and might impact the way you monitor your WFH (work from home) infrastructure as your organization cannot easily monitor web traffic on the remote device through the VPN connection anymore.

Splitting the tunnel on the remote endpoint gives you two (or more) data paths. So to my previous point, you might want to also gather data from both paths and onboard data from your endpoint agents at the same time you monitor activity in-depth across your online services (G Suite, Office365, Salesforce…) to ensure you can support your business even if part of the traffic is not routed via your VPN.

There are several options for monitoring your endpoints such as UberAgent (paid service – refer to the dedicated link section), or Nexthink (paid), but there is another option to explore: install a Splunk Heavy Forwarder (HF) or Universal Forwarder (UF) on your endpoints.

To do this, you’ll need to do the following:

  • Identify users critical apps and services
  • Define the right data point to monitor
  • Create an input.conf for an HF/UF and use addon data input or command input or execute a batch/python script that puts in stdout the timestamp with the metric (more details on the scripting in the links section).
  • Investigate within apps like Splunk Add-on for Unix and Linux (to collect some network statistics, network interfaces information…), Curl command app (to poll data from REST API, etc
  • send it via outputs.conf to the Splunk server and build your dashboard
  • Or simply use the new free Add-on created by my fellow colleague Matthias called “WebPingi” available on GitHub that will allow you to monitor web services from the perspective of your endpoints.
  • Connect everything to IT Service Intelligence (if you use it) to see the big picture.

WebPingi AppExample of dashboard using WebPingi add-on to measure performance from a remote workers system to cloud applications

I thought about what to monitor and ingested the relevant data, now what? – The single pane of glass

Yes, the IT practitioner’s role is to look after critical applications, systems, networks, etc but they also need to look after themselves. We still spend countless hours looking at too many tools/screens, switching from one screen/tool to another. It is made much worse when your NOC/service desk “wall of screens” is now…your laptop (and the kids are still running around). Splunk IT Service Intelligence might help you see the big picture, save time and identify the issue faster. Here is a mockup of a glass table to monitor what is going on in a complex WFH situation. – Read more

Learn More About Splunk

Top 5 Cybersecurity Threats to Watch in 2020

My Post (2).pngThese days, cybercriminals are ambitious and innovative, with no shortage of tools and resources at their disposal to go after high-stakes targets and execute malicious code — all while flying completely under the radar.

To prepare you for what’s ahead, below are five of the top cybersecurity threats you might encounter in 2020.

Misconfigured Cloud Environments Set the Stage for Damaging Attacks

Cloud misconfigurations have been responsible for some of the most egregious breaches in recent memory. Last year, a Seattle-based hacker exploited a misconfigured web application firewall to access files of a major financial institution hosted on AWS S3 servers, resulting in a data breach that compromised the personal information of 100 million credit card customers. Unlike other threats, this security problem originates internally — often as a simple mistake that’s made during the deployment of cloud resources. This also paves the way for insider threats on cloud deployments. Yet even accidental oversights can result in costly and destructive breaches that will only become more pervasive as hackers increasingly turn their attention to the cloud.

Phishers Cast a Wider Net

As one of the cheapest and most efficient methods of reaching targets at scale, it’s not surprising that phishing is one of the leading causes of data breaches, according to the Verizon 2019 DBIR. However, hackers are upping their game with a myriad of advanced techniques. Phishers are targeting numerous business SaaS applications —  now accounting for 36% of all attacks — and are continuing to use personal information shared on numerous social media sites to create more authentic-looking, interpersonal messages. As a result, these attacks are becoming increasingly difficult to identify — even for the most tech-savvy users.

Malware Authors Up Their Game

Malware grew by leaps and bounds in 2019, and shows no signs of slowing down in 2020. According to AV-TEST, cyberattackers pushed the total number of known malware samples over the one billion mark — with attacks that are more sophisticated than ever before. Fileless malware attacks – malicious code that executes by piggybacking on legitimate software – are continuing an upward trajectory, along with new forms of “stalkerware” — spyware that tracks victim smartphone data to generate a big-picture view of their activities. On the ransomware landscape, new families are targeting high-value business data while others such as Maze are punishing victims who fail to pay up.  Read More


Learn More About SPLUNK