DATA DRIVEN CYBERSECURITY SPONSORED CONTENT DATA ANALYTICS CRITICAL FOR DATA DEFENSE
Get the Most Value from Data
Finally, the E-Series’ Dynamic Disk Pool (DDP) feature simplifies RAID management and provides redundancy in the case of disk failure. It does this by distributing data protection information and spare capacity across a pool of drives. That means Splunk searches won’t be affected by drive failures, which could potentially impact data fidelity and search availability. E-Series also allows for seamless SSD scaling which painlessly increases hot and warm buckets storage space by adding drives to the pool. By combining NetApp’s high speed, flexible storage technology with Splunk’s flexible, powerful data analytics, government agencies can truly derive the most value from their data.
ABOUT CLEARSHARK
ClearShark is a value-added reseller fully committed to Splunk, NetApp,
and the federal government. ClearShark delivers customized, integrated, and managed cybersecurity, enterprise storage, virtualization, high performance computing, datacenter, and cloud infrastructure solutions. They have received Partner of the Year awards from both Splunk and NetApp.
All data has value. When you combine, compare, and analyze different data sets, the value of that data increases exponentially. Getting the most value out of your data requires three things: the ability to search complex
data sets in real time, the flexibility to combine data sets in different ways, and the speed necessary to get critical results fast enough to initiate time-sensitive actions. With these three capabilities, agencies have the information they need to make the best possible decisions.
is because the E-Series decouples storage from compute resources allowing them to be scaled independently.
Splunk software is one of the most widely used data analysis tools throughout the federal government. It creates operational intelligence by collecting, indexing, monitoring, and analyzing machine data.
“Time matters with Splunk. Faster query responses lead to better questions and ultimately a more comprehensive operational intelligence,” says Finn Ramsland, director of engineering and technology at ClearShark, a technology solution provider to the federal government and partner of both Splunk and NetApp. “The way you make those responses faster is to have as much
data as possible on solid-state drives, specifically your hot and warm buckets.”
In the area of threat intelligence,
for example, agencies can use Splunk Enterprise to aggregate, deduplicate, and operationalize threat intelligence from multiple sources in a way that delivers fast, contextual incident response.
What Ramsland is talking about is Splunk’s method of retaining aging data. Supporting a tiered storage model, Splunk divides data into hot, warm, cold and frozen buckets. Users can determine how long to keep specific data sets in each bucket and can change them as needs change.
FAST AND FLEXIBLE
nWarm buckets are for more current data; typically 30 days retention; stored on solid-state drives.
While Splunk Enterprise can significantly improve detection and response, the platform it uses can make
a big difference in speed of analysis. Speeds are slower when Splunk is run on servers with spinning disk. When Splunk is run on faster solid-state storage, the results are much faster.
nCold buckets are for older data; typically 30 days to 1 year retention; can reside on less expensive, slower spinning disks.
nHot buckets are for active, most current data; open for writing; stored on solid-state drives.
For more information, please visit: www.clearshark.com
Agencies conducting searches using Splunk Enterprise on a NetApp E-Series data storage system with solid state drives (SSD) will see a 60 percent performance increase over running the same search on direct-attached spinning disk. That speed can make a big difference when it comes to time-sensitive searches.
Running Splunk on NetApp E-Series storage also gives agencies much more flexibility. With direct-attached storage,
for example, agencies must commit to buying a specific amount of solid-state
and spinning disk storage per server. If
the percentages aren’t right, or if they suddenly need more storage performance to run critical searches, the agency is on the hook for buying more costly servers and possibly exceeding their power,
space, and cooling budget. Using the E-Series instead of local server storage,
it’s easy to scale up the solid-state storage independently to provide high performance searching over a larger amount of data.
NetApp E-Series storage systems use the latest in solid-state and traditional disk technologies. They provide superior business value by making SSD affordable and practical in a Splunk environment. One of the reasons Splunk running on NetApp’s E-Series is more cost effective
n Frozen buckets are for archived data.
GameChanger