WGU C850 Emerging Technologies Emerging Technologies (Western Governors University)

WGU C850 Emerging Technologies Emerging Technologies (Western Governors University) EMERGING TECHNOLOGIES C850 TechFite Case Study Tech Case Study C850 Emerging Technologies Western Governors University A. Organizational Need Security Information Event Management can be a solution to implement in TechFite. Because the amount of traffic that passes through the two firewalls creating enormous amounts of real-time log data and is challenging to scan logs manually. Furthermore, TechFite plans to install honey pots, and those will store massive amounts of log data. SIEM is a solution that aggregates historical log data, real-time active security events, analyze log behavior, vulnerabilities, and malware activities. Moreover, TechFite will need a solution for additional storage of their current log data and scale with future growth storage. According to the article in Dataversity, “What is SIEM, and why is it so important?” Gilad David Mayan explains why a SEIM should be used on a company to report suspicious activities is the amount of log activity this creates, and it is almost impossible to handle it manually. This implementation must be compliant and need to be maintained by the solution in place with The Federal Information Security Management- FISMA and the National Institute of Standards and Technology-NIST B. Proposing a Solution for Emerging Technology To have the requirements for TechFite’s business demands. I will recommend using Splunk Enterprise service on the Google Cloud platform as an Emerging Technology Solution. Splunk offers scalable service featuring SIEM appliance. Splunk supports a full range of Information security operations, real-time visibility, Automatization and Orchestration, incident response, User monitoring, Threat Intelligence, Advanced Analytics, Advance threat detection. TechFite will have the ability to analyze in real-time, monitor, and threshold conditions twenty-four hours a day. They will be able to customize dashboards for viewing these scenarios. According to the Slunk website- Splunk Connected Capabilities puts Splunk's control in the user’s hands, accurately. Through Mobile Smart devices, Smart Television, and Splunk Enhanced Reality, Splunk Allows everyone in your company to view graphical information and see it on the go. () C. Adoption Process This step is to assess the solution's benefits: the cost and the risk that TechFite will encounter and the current operations. Data-to Everything Pricing, Splunk's flexible pricing options bring data to every question, decision, and action.  Processes- Splunk enterprise will enable much of the automated process by collecting, analyzing big data, and giving insights into the operational performance. P a g e 3 | 9  Business – The data to everything, the added level of security, the real-time visibility, the risk-based Alerting will be a massive benefit for all the customers. Not only will this bring a very positive value to the Techfite brand, but it will also get stand out from its competitors.  People- As soon as Splunk Enterprise gets configure, running, and deploy, the hours for employees to evaluate manually log incidents will be cut drastically, having a significant impact on staff hours. People can be assigned to do other tasks  Framework -Splunk enterprise will be hosted on Google Cloud. The advantage of this option is on-site physical hardware and software will not have to be in host on-site or keeping this at a minimum. Furthermore, by having the cloud solution, these will always have the ability to expand as much as TechFite wants. Risk of Implementation: The IT team will have to go to rigorous training. It requires getting certified to configure, maintain, and adopt Splunk Enterprise. By getting certified, the people managing the software are well prepared, and the project involved will not be rejected. Furthermore, it will take some time for the people to get training, but it will benefit Techfite. The price or cost is always a big deal for the companies. The cost will need to be absorbed by TechFite. The price tag of implementation will be based on the company's needs. As a growing P a g e 4 | 9 company the price will increment base on the company’s needs. We must think that there will always be growth. We must consider also for time- saving automatization. The IT team should be able to adopt this solution with no problems. In the beginning, it might take the team some time to do all of the implementations, but as the team moves forward, it will free up lots of time for the Teams involved. I believe the advantages be greater than any risks associated. By meticulous planning all the implementations, most of the risk can be eased to an adequate level. It is recommended a pilot program to implement this solution Splunk offers a 60-day trial, but a 14-day for the cloud. It can be an excellent opportunity for all the firewalls to be tested on the configuration of alerts, dashboard reports, real-time monitoring before TechFile fully adopt this. It will be a good time for the IT team to learn as they implement and to show the rest of the team when it is time for deployment. D. Technology Impact When deploying new process, always look for the positive and the negative impact of implementing new solutions, especially new emerging technology, primarily if it affects the people involved. P a g e 5 | 9 SIEM will provide analyzing log behavior, real-time security events, meaning real and easier treat detection learning about behavior that might be malicious all on its own. The positive impact is that the security team will have more time to concentrate on other tasks. Now they spent lots of time just going through logs. Moreover, the security team can be assigned other jobs that will help the company. The downside of things or negative is that implementing SIEM on the company might cause employee laid offs because the administrators or security team will not have as much work as they used to. One solution will be that TechFite reconsider positions, and instead of laid- off, they will give opportunities in another department. Or assign the team to bigger projects since the company will be growing. An Impact that could also be negative is a physical disaster, for instance, a hurricane that could take the network's connection down. Let us say that the fiber optic lane breaks at that time. The time they will be down will represent a loss of money and the team's ability to fast respond to any incidents during a long period of time. The solution for this will be to have a back up site to access resources and never go down. E. Technology Comparison Splunk vs Sumo Logic Another solution that could be consider is Sumo-Logic. The tool is easy to use for the administrators; the dashboard offers a feature-rich and intuitive. Users can toggle to different themes like dark and light. Sumo-Logic can handle several petabytes of machine log data on daily base and centralize large volumes of data to a hybrid and multi-cloud environment. Furthermore, it will identify Threats in real-time, having administrators worry about something else. This option will help TechFite work with various companies worldwide, have real-time threats, and log data all in one place. The disadvantage of TechFine going with Sumo-Logic is the insufficient documentation and community support. Since the platform is not that popular, it lacks those essential two things. Another disadvantage is the High bandwidth resources for handling transit tera-bytes in the company’s network. What it will be considered in advantage be the cost of this implementing Sumo-Logic. At the initial face, the price will be low, but the cost can be rocket high when everything is right in place. Another Downside log aggregation seems to be slow at times, having constant interruptions. If we deploy Splunk Enterprise with the Advance Treat Detection, the administrator would be able to implement network security monitoring, detect threats, separate potential threats, endpoint detection, and behavior P a g e 7 | 9 analysis. Lots of firewalls are not able to do this all on their own Furthermore, Real-time monitoring acknowledges potential incidents, searches for compromised systems vulnerabilities, and repairs malicious actions. In addition, the dashboard is like by many administrators for its easy-to-use log management tool. The platform offers excellent visualization to provide a unique and comfortable experience in monitoring analysis. One last advantage is the community support, which is the most vital point on the platform, benefiting the administrators in a hiccup. The disadvantages will be data aggregation becoming slow sometimes when searching into large amounts of data. Also, API search has its limitations for users and cannot manage data resources via API. Another negative will be limited correlation the administrator needs to learn lost of SLP to perform manual correlation. Lastly, price Splunk is expensive, but you get what you paid for. It is one of the most expensive platforms in the market. (Tool Comparison 2020) F. Adoption Success To see a successful implementation of Splunk Enterprise service on the Google Cloud would be measure by e least ninety days after the full performance. We compare real-time event detection versus real-time detections from before and comparing man IT hours per week devoted to P a g e 8 | 9 SIEM versus man IT hours before spending in reading logs. We can use a program like Gartner Hype Cycle to create graphical metrics it will provide a benchmark. Moreover, it will allow comparing the data from before and how the implementation of the new technology is helping TechFite G. Sources Maayan, Gilad David. “What Is SIEM and Why Is It So Important?” DATAVERSITY, 30 Sept. 2019, “Machine Data Management & Analytics: Splunk Enterprise.” Splunk, Splunk Pricing. (n.d.). Retrieved December 06, 2020, from Tool Comparison: Splunk vs. SumoLogic: JetPatch - Intelligent Vulnerability Remediation. (2020, August 16). Retrieved December 08, 2020, from Sumo Logic vs Splunk: Which Is Better For Big Data Log Analysis?: UpGuard. (n.d.). Retrieved December 06, 2020, from