Wednesday, March 6, 2019

Splunk Network Security Literature


Ancient tools for managing, controlling and monitoring Information Technology (IT) infrastructure have failed to reliable security because of rampant changes occurring in modern data and information centers (Splunk for IT Operations, 2013). Challenges such as lack of flexibility, the high cost of maintenance and failure to support multiple devices within network contribute to increased failure in handling problems. Tradition monitoring approaches were based on filtering and summarizing. In the events where problems arise systems lacks the ability to drill down as well as providing granular of IT data. Systems encounter serious problems such as difficulties in accessing systems data and information. Developers and systems analysts find it more time consuming an involving task finding and fixing all issues affecting the system. Although traditional troubleshooting and diagnosing was based on manual operations, current advancements in technology require more improved analytical systems (Splunk for IT Operations, 2013). Traditional security issues could only handle cases dealing with systems performance.     
   
Alternative tools such as Splunk tools are highly versatile, scalable and reliable for analyzing data and information. It combines all data engines and machine security data and information with the intention of updating security individuals concerning data and information security (Reybok, et al., 2015). Splunk facilitates information and security assurance through collecting indexes and live data and information from any source. Among the network equipment monitored includes custom applications, application servers, web servers, database servers, mail servers, virtual machines, operating systems, hypervisors as well as other network utilities (Reybok, et al., 2015). The Splunk tool guarantees effective and efficient operations since it does not rely on parsers, adapters, or back-end databases for analyzing and processing security concerns (Splunk for IT Operations, 2013). 
Network security control involves the implementation of inventory management and control of software through defining the level of authorization. Changes to software that contribute to security issues are accomplished through managing software changes, whitelisting, and using vulnerability management tools (Splunk Inc, 2016). Among the tools applied includes Titanium, IBM, BigFix, Microsoft System Center, as well as Bit9 Security Platform (Splunk Inc, 2016).  Splunk software is integrated with various software systems to assist in securing network systems. The role of Slunk software in network systems is to:
Splunk helps in gathering data and information concerning installed software. It monitors patches updates in a given system through implementation of scripting inputs, set standards and specific scripts (Wilde, Hategan, Wozniak, Clifford, Katz, & Foster, 2011). Splunk is well utilized in areas such as Splunk Add-on for Microsoft Windows, UNIX and Linux network systems. The Splunk software is mostly used to facilitate reporting and alerting administrators in case of any vulnerability associated with software patches. It based on performing analysis for each entry of software. It generates reports in the form of XML, CSV, as well as other formats that correspond particular network security problem (Splunk Inc, 2016). It is responsible for performing correlations from different scripts and third party tools through comparing them with other enterprise based data and information sources. Splunk software can be set and configured to perform all analysis operations on network systems such as configuration management database (CMDB), harshly based whitelists among other utilities (Gupta,  et al., 2016). The significance of the Splunk tool is providing accurate calculations, based on patterns, trends, and behavior of data and information assets (Splunk Inc, 2016).

Plunk Applications in Enterprise

In enterprises, security can be used in facilitating secure configurations that determine processing and handling of information in real time (Gupta, et al., 2016). Enterprise security is applied in identifying the various attack and hacking behavior as well as misconfigurations that expose the network to vulnerable environments. It can identify, verify and validate sensitive credential characteristics such as password lengths as well their defined period (Prabhakar, Pankanti, & Jain, 2003).  It works through displaying n contents on display units such as traffic search, system center, and time center. The windows reveal parts of the system that does not meet international standards of settings and configurations (Prabhakar, Pankanti, & Jain, 2003). Splunk's evaluates data and information repository systems on networks and provides all threats in a list. Among the problems highlighted includes hash file values, malicious registry keys, Internet Protocol (IP) addressing, domain naming issues, among other IOC (Gupta, et al., 2016). The tool facilitates effective and efficient handling of user accounts through maintaining restrictions, rights, and rules of various accounts. It monitors areas such as operating systems levels weaknesses on the enabled guest accounts, some lenient pseudo configurations, as well as failure to define default accounts such as administrator and root (Church, et al. 2015).

Benefits of Plunk Tool

Plunk is a centralized network monitoring tool that guarantees provision of intelligent security.  analysts. It helps in troubleshooting and diagnosing through determining areas prone to vulnerabilities as well as sections having penetration weaknesses (Kim, Ma, & Park, 2016). It provides prior updates concerning dangerous situations such as hacking, denial of services, viruses attack, malware infections and malicious scripts.

Proposal

Iteration 1: Orientation to Slunk Network Security

The introduction shall cover various network structures that require Slunk technology. The study shall analyze components, features as well as utilities of the network. The session shall determine the potential condition and status of security within the network. Existing security measures and strategies shall be analyzed as the major background of the study. Researchers shall classify various software and hardware tools and their corresponding security requirements. The iteration shall involve an introduction to Slunk applications. Introduction shall cover infrastructure of the security, applications, and work with the tool. It shall also incorporate introduction from on various networking parameters applied to facilitate secure environment. 

Iteration 2: Training, Seminars, and Meetings

The session shall concentrate on collecting knowledge, skills, and experiences from the different point of view. It shall involve interacting with experts in the field of security for effective understanding how various security tools operate. The activities involved are interviews, workshops as well as practical learning about Splunk. The session shall include benchmarking studies in the existing network systems to observe implementation and structure of Splunk. Learning shall involve all appropriate methods and methodologies that can be applied in the certain field. Training shall cover standards and ethical issues that apply to various security measures. It shall  also cover most important elements of security such as Confidentiality, integrity, and availability.   

Iteration 3: Data and Information Collection

The goal of the study is providing high-level accessibility to security issues encountered by various users. The methodologies applied in the research shall include a questionnaire, observations, and interviews.  The individuals included in the study research shall include clients, stakeholders, managers, and directors. The session shall define the problems within various environments such as a business sector. Researchers shall perform needs and specifications analysis to come up with needs and requirement deliverables. The session shall also perform systems analysis to predict possible security vulnerabilities that can be experienced within the systems. The session shall provide alternative solutions to problems and deduce most appropriate technology to solve existing security issues completely. Finally, the session shall define most desirable, acceptable, and security-oriented approach worth implementing.

Iteration 4: Planning, Designing, and infrastructure

The final iteration shall involve defining a plan to implement solution selected. The solution designed shall ensure that the proposal provides easy ways and measures for decision making to network managers and systems. The design shall ensure security individuals understands all security processes through receiving alerts about incoming and ongoing individual host or group of hosts. The session shall involve evaluation of the scope as well as schedule applied in the implementation process. The session shall include conducting feasibility studies to validate if the proposed solution is viable and worth implementation. Other activities shall include budgeting and defining the project checkpoints. The final activities shall include designing the infrastructure of the proposed security systems. Hardware and software tools shall be provided, input and output data and information shall be guaranteed as well as other design requirements.

References

Church, A. H., Rotolo, C. T., Margulies, A., Del Giudice, M. J., Ginther, N. M., Levine, R., ... & Tuller, M. D. (2015). The role of personality in organization development: A multi-level framework for applying personality to individual, team, and organizational change. In Research in organizational change and development (pp. 91-166). Emerald Group Publishing Limited. 
Gupta, S. K., Yadav, N., Watts, M. S., Parandehgheibi, A., Gandham, S., Kulshreshtha, A., & Deen, K. (2016). Policy-driven compliance U.S. Patent Application No. 15/133,155. 
Kim, J. H., Ma, M. C., & Park, J. P. (2016). An analysis on secure coding using symbolic execution engine. Journal of Computer Virology and Hacking Techniques12(3), 177-184. 
Prabhakar, S., Pankanti, S., & Jain, A. K. (2003). Biometric recognition: Security and privacy concerns. IEEE security & privacy99(2), 33-42. 
Reybok, R., Haugsnes, A. S., Kurt, J. Z. I., Rhines, J., Geddes, H., Osypov, V., ... & Manning, M. (2015). 
Splunk for IT Operations (2016). Splunk for IT Operations. Get End-to-end Visibility Across the IT Infrastructure to Find and Fix Problems Faster. 
Splunk Inc, (2016) Splunk® And The Cis Critical Security Controls. Mapping Splunk Software to the CIS 20 CSC Version 6.0. 
Wilde, M., Hategan, M., Wozniak, J. M., Clifford, B., Katz, D. S., & Foster, I. (2011). Swift: A language for distributed parallel scripting. Parallel Computing37(9), 633-652.


Carolyn Morgan is the author of this paper. A senior editor at MeldaResearch.Com in research paper writing services if you need a similar paper you can place your order from Top American Writing Services.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Buy thesis Online for Cheap

We are keen on ensuring that, any time students Buy thesis Online papers from our website, they get good grades that align with their expec...

  • Organizational change
    Question 1 There are different specific practices that successful project managers adopt in their roles. Successful managers recognize t...
  • Report about Benchmark Test in Power System
    Introduction In past few years, there has been a tremendous increase in the emphasis on power consumption and cooling of computer system...
  • Business Intelligence
    Iteration 1: Brainstorming The session involved conducting meetings with intellectuals and experts to determine the network architecture...