Oct 29, 2021 - Company announcement
Kiel-based IT company Consist Software Solutions and its teams achieved second place for both SOC as well as IT operations competition at .conf21
Consist teams once again at the top of this year's Splunk competitions
What is so special about the security challenges that are held every year as part of .conf on the basis of the Splunk data platform? Two of the participants from the Consist teams comment on this in an interview.
What is so special about the security challenges that are held every year as part of .conf on the basis of the Splunk data platform? Two of the participants from the Consist teams comment on this in an interview.
Kiel - 33,000 participants from 136 countries - these are the key figures of this year's largest Splunk conference in the world, which started again virtually from October 20-21, 2021 (EMEA) due to Corona. In addition to more than 400 specialist lectures and sessions, there was a proven competition format, the Boss of the SOC (BOTS) and a new one, the Boss of Operations and Observability (BOO). Splunk consultants from Consist were able to demonstrate their expertise in both formats and achieved second place in the global ranking.
Martin Müller, Principal Consultant for #Splunk at Consist, also received a special award: the “BOTS Team” award due to top placements in all six BOTS years. Not only for this award was his professional feedback for the community of Be-lang. This is also reflected in the fact that for the seventh time in a row he was accepted into the #Splunk Trust as one of only 66 members worldwide.
This year's BOTS was all about protecting the multi-cloud, on-prem and physical environments of an imaginary company. It was important not only to be familiar with the Splunk Security Suite, but also to use open source intelligence. The sixth BOTS was also launched as a capture-the-flag-esque competition in Jeopardy style and allowed the participants to compete against each other in the form of blue teams.
What is the special kick of the BOTS? A conversation with participants
What is so special about this competition, which repeatedly motivates Splunk experts from all over the world to face a head-to-head race in real time for hours? The Consist editorial team asked Sophie Dockstader and Martin Müler, both Splunk Consultants at Consist and part of the BOTS team:
Consist Editorial Board: “Hi Sophie, you've been with Consist since 2020. Was this your first BOTS participation?“
Sophie: “This was my 2nd BOTS competition. Last year was my first time participating (also with Consist)."
C.: "What do you find particularly attractive about this competition?"
S.: “Internally, I think that we at Consist can take away a lot from the BOTS and from each other as a team. I look forward to learning how to host our own BOTS for both colleagues and customers to learn from the awesome competition."
C.: "What is meant by hosting your own BOTS?"
S.: “The BOTS team releases the data and questions from the year before. In fact, Consist has hosted a BOTS competition with the universities in Kiel and Frankfurt a few years ago. Internally, I think at Consist we can learn a lot from BOTS and from each other - speaking for myself, I’d also love to learn from my teammates! There is also a possibility to host a BOTS competition as a workshop as a customer event. This can help a SOC team level up their incident response practices."
C.: "Is it a bit like gaming?"
S.: "BOTS is fun like gaming, but I would more so compare it to a scavenger hunt where you’re racing against the clock to win points."
C.: "Have you ever had contact with the other teams in the meantime?"
S.: “Afterwards, I’ve talked about the harder areas with a few friends at other companies and Splunk colleagues. I was glad to hear that others had found the same sections tricky."
C .: "Hello Martin, first of all - what excites you about Splunk?"
M .: “In short: the limitless flexibility. Depending on the application and customer, both the data and the questions to you are different every time, but can still be evaluated with Splunk."
C .: "And what is the special attraction of the BOTS for you?"
M .: "Working on an almost impossible long list of tasks in a team with limited time - just like in real life."
C .: “Are the BOTS scenarios in the respective year based on current incidents? Were there any special differences compared to last year? "
M .: “The three main scenarios APT (Advanced Persistent Threat), Multi-Cloud and Insider Threats correspond exactly to the major issues that are moving information security worldwide today. BOTS continues to develop from year to year, the data and questions adapt to current issues and threats and the organization in the background is being refined and automated more and more. What remains is the good mix of simple, difficult and completely crazy questions ... for example a frog was kidnapped to Tasmania."
C .: “That sounds a bit bizarre indeed. Would you like to come up with a BOTS yourself? "
M .: "No, then I shouldn't be able to participate."
C .: "Are there still white splunk spots on the world map?"
M .: "Six continents were represented at the BOTS this year - the Ant-Arctic was absent without excuse."
C .: "Thank you very much and good luck for the next time!"
Ansprechpartner
Petra Sauer-Wolfgramm
Corporate Communications
phone: +49 431 3993-525
e-mail: sauer-wolfgramm@consist.de